Supposedly patched router backdoor was simply hidden
Posted on 22 April 2014.
When security systems' engineer and researcher Eloi Vanderbeken discovered the existence of a backdoor in his own Linksys router last Christmas, he spurred other hackers to check what other routers have the same backdoor. The results of this investigation was that 24 DSL router models from Cisco, Linksys, Netgear, and Diamond were confirmed to be vulnerable.

The backdoor has been tied with Sercomm - the firm that builds these routers for the aforementioned companies - and the specific firmware they install on the devices. A month after the discovery, those companies have pushed out a new version of the firmware that apparently closed the backdoor. Only it didn't - it merely hid it.

In his typical playful way, Vanderbeken explained this new discovery he made during the Easter holidays. The backdoor binary is still present in the new firmware version, he says, and the backdoor on port 32764 can be "opened" again by sending a specific network packet to the router.

He proved the matter by publishing PoC exploit code - based on earlier code created by Wilmer van der Gaast - which delivers an MD5 hash of the router’s model number.

The good news is that in order for the packet to deliver this payload, it has to be a raw Ethernet packet sent either form the local LAN or the ISP, so remote, random attacks are unlikely.

Once the backdoor is opened again, it allows attackers to reset the devices' configuration to factory settings and, consequently, to the default router administration username and password.

This new discovery definitely gives weight to his claim that the backdoor has been deliberately introduced into the firmware - a feature, not a security bug.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //