gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75410 Posts in 13199 Topics by 2641 Members - Latest Member: lokta October 19, 2017, 01:39:45 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  DSL router patch merely hides backdoor instead of closing it
gfx
gfxgfx
 

Author Topic: DSL router patch merely hides backdoor instead of closing it  (Read 461 times)

0 Members and 1 Guest are viewing this topic.

DSL router patch merely hides backdoor instead of closing it
« on: April 21, 2014, 10:43:07 pm »
http://arstechnica.com/security/2014/04/easter-egg-dsl-router-patch-merely-hides-backdoor-instead-of-closing-it/

Quote
Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

However, that new firmware apparently only hid the backdoor rather than closing it. In a PowerPoint narrative posted on April 18, Vanderbecken disclosed that the “fixed” code concealed the same communications port he had originally found (port 32764) until a remote user employed a secret “knock”—sending a specially crafted network packet that reactivates the backdoor interface.

The packet structure used to open the backdoor, Vanderbecken said, is the same used by “an old Sercomm update tool”—a packet also used in code by Wilmer van der Gaast to "rootkit" another Netgear router. The packet’s payload, in the version of the backdoor discovered by Vanderbecken in the firmware posted by Netgear, is an MD5 hash of the router’s model number (DGN1000).

The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. “It’s DELIBERATE,” Vanderbecken asserted in his presentation.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: DSL router patch merely hides backdoor instead of closing it
« Reply #1 on: April 21, 2014, 11:57:37 pm »
wtf would  they need an 'admin port' like this for?

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: DSL router patch merely hides backdoor instead of closing it
« Reply #2 on: April 22, 2014, 12:33:54 pm »
I would suspect that this "backdoor" might even be the way to fix the problem remotely instead of asking folks to apply updates, Mr Vanderbecken could set up a server and scan for this weakness then send out an update of his own  :lol: :lol: :lol:

He is right in stating that this is a deliberate backdoor, the question is why is it necessary to have this open to the internet side of things instead of being something that could only be done locally ?

Re: DSL router patch merely hides backdoor instead of closing it
« Reply #3 on: April 22, 2014, 12:54:05 pm »
uncle nsa told them to?

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  DSL router patch merely hides backdoor instead of closing it
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.023 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!