Supposedly patched router backdoor was simply hidden
Posted on 22 April 2014.
When security systems' engineer and researcher Eloi Vanderbeken discovered the existence of a backdoor in his own Linksys router last Christmas, he spurred other hackers to check what other routers have the same backdoor. The results of this investigation was that 24 DSL router models from Cisco, Linksys, Netgear, and Diamond were confirmed to be vulnerable.

The backdoor has been tied with Sercomm - the firm that builds these routers for the aforementioned companies - and the specific firmware they install on the devices. A month after the discovery, those companies have pushed out a new version of the firmware that apparently closed the backdoor. Only it didn't - it merely hid it.

In his typical playful way, Vanderbeken explained this new discovery he made during the Easter holidays. The backdoor binary is still present in the new firmware version, he says, and the backdoor on port 32764 can be "opened" again by sending a specific network packet to the router.

He proved the matter by publishing PoC exploit code - based on earlier code created by Wilmer van der Gaast - which delivers an MD5 hash of the routerís model number.

The good news is that in order for the packet to deliver this payload, it has to be a raw Ethernet packet sent either form the local LAN or the ISP, so remote, random attacks are unlikely.

Once the backdoor is opened again, it allows attackers to reset the devices' configuration to factory settings and, consequently, to the default router administration username and password.

This new discovery definitely gives weight to his claim that the backdoor has been deliberately introduced into the firmware - a feature, not a security bug.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //