×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Backdoor Discovered In Netgear and Linkys Routers

samzenpus posted about 4 months ago | from the protect-ya-neck dept.

Security 189

An anonymous reader writes "A hacker has found a backdoor in the Linksys WAG200G router, that gives access to the admin panel without authentication. Further research shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others maybe affected as well. From the article: 'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

189 comments

not exclusively local (5, Informative)

Anonymous Coward | about 4 months ago | (#45851713)

http://www.shodanhq.com/search?q=port%3A32764

Re:not exclusively local (4, Insightful)

Anonymous Coward | about 4 months ago | (#45852775)

Of course it's spying on you.

Which part of "Made in the USA" did you not understand?

OpenBSD (4, Informative)

grub (11606) | about 4 months ago | (#45851747)


Thank goodness for OpenBSD [openbsd.org] and a bit of elbow grease.

Re:OpenBSD (-1)

Anonymous Coward | about 4 months ago | (#45851941)

What the fuck do you even mean by that, grub? Are you suggesting that we can run OpenBSD on these devices, even when that isn't really an option in practice? Are you saying that we should all run OpenBSD on all of our systems, giving a homogeneous attack vector and reducing our productivity to an absolute crawl?

Yeah, OpenBSD is a damn secure operating system, created by some of the finest minds around today. But for heaven's sake, don't go name-dropping "OpenBSD" whenever some security-related topic comes up.

Re:OpenBSD (5, Informative)

grub (11606) | about 4 months ago | (#45852003)

As a gateway/router/wifi point, OpenBSD is excellent. My comment is very relevant to the story.
For example, my own setup has OpenBSD acting as a router/NAT/etc. box. For guests there is a wifi network it broadcasts and routes only to the world. Also has a VLAN for DMZ, outside accessible services, etc.
It's not name dropping if it's true.

Re:OpenBSD (2)

Eravnrekaree (467752) | about 4 months ago | (#45852293)

I have thought of doing an OpenBSD router of some sort. The idea of having a full blown computer as a router does seem to be a bit overkill for me. This brings up an interesting question. Why have we not seen more router devices with all of the hardware a router needs built in, including ethernet ports, but which is designed to make it easy for the user to install their own open source/free OS on of their choice such as *BSD or Linux. Or does such a thing already exist? yes I know some people work oin getting their own OS to run on off the shelf routers, but for many its just more trouble than its worth to try to get an OS to work with router hardware that may not work smoothly with the OS due to lack of driver support.

Re: OpenBSD (1)

Anonymous Coward | about 4 months ago | (#45852327)

Buffalo routers : run dd-wrt, a linux distro for routers.

Re: OpenBSD (0)

grub (11606) | about 4 months ago | (#45852435)

I have used DD-WRT on several WRT54G devices. It's OK but flakey, at least for myself. At least once every couple of weeks or so I would have to power cycle.

Re: OpenBSD (1)

Anonymous Coward | about 4 months ago | (#45852985)

Yeah, because DD-WRT sucks balls in comparison to OpenWRT, which is actually Free/Libre!

Re: OpenBSD (5, Informative)

TooTechy (191509) | about 4 months ago | (#45853671)

Small comment.

I have a Netgear router with Tomato running on it with over 730 days of uptime!

Re:OpenBSD (1)

the_B0fh (208483) | about 4 months ago | (#45852399)

so? buy your own small box and install openbsd. any x-86/alpha/sparc will do. People still run it on pentium-2 class machines or smaller.

Basically the cheapest you can find is good enough, for home use as a router/firewall/etc.

The most expensive "cheap" you can get! (5, Insightful)

Anonymous Coward | about 4 months ago | (#45853689)

Dear lord, I hate it when neckbeards such as yourself talk about how a full PC running OpenBSD or Linux is somehow the "cheap" option compared to a goddamn $40 home router. You make the entire IT profession seem like a bunch of blithering idiots.

Most civilized people don't have Alphas, SPARCs or even old PCs lying around. They'll end up paying more than $40 to acquire such a system, too.

Since most people have several devices on their home network these days, including wireless devices, they'll again need to buy several cabled network cards and at least one wireless network card. You're looking at $100 or more, depending on the type and number of network cards you need to buy.

Then they'll have to waste time setting up this system. If they don't already have experience with installing and configuring OpenBSD and Linux, they'll waste even more time. Good luck getting the wireless network card working! That can be a real battle under Linux, and absolute hell under OpenBSD, even for experienced sysadmins. Anyone with a real job paying a real salary or billing rate will be out hundreds of dollars.

If they manage to get this far, probably spending several hundred dollars getting the equipment in the first place, and then potentially spending at least a day (but likely far more) setting it up, then they'll have to actually start using it. This involves leaving a full computer running 24/7, likely consuming a large amount of power (especially if it's the outdated workstation or PCs that you're advocating). Electricity is quite expensive in many areas.

Way to go, neckbeard. Your "cheap" option only costs $600 or more, just to do the same job that a $40 home router can do. And that's ignoring the ongoing cost of running the system, which depending on local electricity rates can cost a few hundred dollars more per year. The $40 home router will consume a comparatively insignificant amount of electricity, likely costing less than $10 a year even in areas with extremely high electricity prices.

It's so hard to take you seriously when you advocate spending 10 or 20 times as much on some custom Linux or OpenBSD router than it'd cost to buy a cheap home router.

Re:OpenBSD (4, Interesting)

grub (11606) | about 4 months ago | (#45852473)

If you do set up an OpenBSD box as a small router remember that is is still a full computer. You can install squid as a proxy, install a mail gateway, your own DNS, etc. There's no need to leave it there simply shuffling packets if you don't want to.

As a bonus you can work in another unix and get some skill there.

wrt54gL is made for diy (3, Informative)

raymorris (2726007) | about 4 months ago | (#45853233)

> Or does such a thing already exist?

The wrt54gL (L for Linux) is an example of such a device. The early versions of wrt54g were popular with people using openWRT and such of course. Recognizing this, the company released a version specifically for nerds.

I'd love to see some other, more up-to-date options. I have some projects that would fit nicely in several MBs of RAM, without necessarily needing all the ports. A Raspberry Pi would work, but a beefed up WRT would be better.

Re:OpenBSD (1)

dbIII (701233) | about 4 months ago | (#45853351)

The idea of having a full blown computer as a router does seem to be a bit overkill for me.

Welcome to the 21st century. They are all full blown computers now. They all have the grunt to run a BSD, ulinux or something of similar scale.

Re:OpenBSD (2)

Nemyst (1383049) | about 4 months ago | (#45853091)

Few people actually have the time or means to setup a dedicated computer as a router, so while yes, your comment is somewhat related, it is not particularly relevant to anyone who'd actually be in the market for a Netgear/Linksys router.

Re:OpenBSD (0)

Anonymous Coward | about 4 months ago | (#45853231)

Sadly relevance has little to do for a lot of people who find random comments to be some sort of badge of honor that they can't receive anywhere else.

Re:OpenBSD (1, Offtopic)

epyT-R (613989) | about 4 months ago | (#45853533)

and 'busy' people are often the ones throwing away their money because they choose not to attempt anything that might have even the slightest learning curve and/or time commitment to it..

There's no free lunch, but that doesn't mean the negatives always outweigh the positives when choosing the less-traveled path.

Re:OpenBSD (1)

the_B0fh (208483) | about 4 months ago | (#45852377)

Like others, the only box between my fios connection and my network is my openbsd box. If you don't know how, well, time to learn, little grasshopper.

Re:OpenBSD (1)

mikael (484) | about 4 months ago | (#45852005)

But if you want to use your mobile phone with your own wifi router, you still have to give the phone the user password, which then ends up being backed up on some server elsewhere, if it isn't snaffled by some Google wi-fi surveillance vehicle.

Re:OpenBSD (0)

Anonymous Coward | about 4 months ago | (#45852895)

But if you want to use your mobile phone with your own wifi router, you still have to give the phone the user password, which then ends up being backed up on some server elsewhere, if it isn't snaffled by some Google wi-fi surveillance vehicle.

Which phones automatically back up all your passwords? My Blackberry doesn't. I think(but not sure) that you have to give the Android phones permission to do this also. Apple? I don't know........ they work with the NSA.

Re:OpenBSD (1)

LoRdTAW (99712) | about 4 months ago | (#45853823)

Though FreeBSD based, and easy to set up, m0n0wall ftw. Running on an Alix board it hasn't been rebooted since I bought the router hardware five years ago. Though it has been unplugged for wire "maintenance" a few times and the blackout from hurricane Sandy. Other than those few planned and unplanned power downs, its simple, easy to use and Rock solid.

I have also ran its protégé, pfSense at work where it proved to be very reliable and had a boatload of features compared to m0n0wall.

haha (0)

Anonymous Coward | about 4 months ago | (#45851761)

Glad I have a Zoom router. I don't trust those other brands, they haven't been in the business long enough.

Re:haha (1)

kelemvor4 (1980226) | about 4 months ago | (#45853213)

I still have an external USRobotics Courrier HST Dual Standard. It has the daughterboard upgrade and the 56k flash. Got it on the "SysOp" deal so they attached a metal "not for resale" plate on the top.

Turn in your nerd card with that zoom crap. Next you'll be posting photos of zyxel gear.

Re:haha (0)

Anonymous Coward | about 4 months ago | (#45853267)

Funny you say that, because Zoom Telephonics is currently doing better than US Robotics.

Also, my old Telebit Trailblazer shit all over your Courier.

Re:haha (1)

Khyber (864651) | about 4 months ago | (#45853457)

Real SysOps used roboboards, not your crappy USRevive-its.

Turn YOUR nerd card in with that single-user crap.

Re:haha (1)

Cramer (69040) | about 4 months ago | (#45853549)

I win! Original Hayes Smartmodem 300. (bulletproof aluminum case and all) [still functional, as far as I know]

malware = local (5, Informative)

SethJohnson (112166) | about 4 months ago | (#45851831)

Attacking the router from inside the network is only a matter of infecting a computer inside the network.

Then the compromised computer is used to modify the DNS settings.

Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.

Re:malware = local (5, Interesting)

Qzukk (229616) | about 4 months ago | (#45851993)

is only a matter of infecting a computer inside the network.

Not even that. If dicking around with the port caused a hard reset of the router, who knows what would happen if you got someone to click on this link [192.168.1.1]. (or set it as an img tag for automatic fun)

Re:malware = local (5, Funny)

hawguy (1600213) | about 4 months ago | (#45852021)

is only a matter of infecting a computer inside the network.

Not even that. If dicking around with the port caused a hard reset of the router, who knows what would happen if you got someone to click on this link [192.168.1.1]. (or set it as an img tag for automatic fun)

I think that's a bad link. Every time I click on it, I can't reach the internet for a few minutes.

Re:malware = local (0)

Anonymous Coward | about 4 months ago | (#45852947)

dicking around with the port caused a hard reset of the router

Dicking around ports often cause hard resets. ;)

Re:malware = local (1)

war4peace (1628283) | about 4 months ago | (#45853321)

...only if you set your router to be 192.168.1.1 - which I carefully avoided.
But I got your point nevertheless :)

Re:malware = local (5, Insightful)

hawguy (1600213) | about 4 months ago | (#45852129)

Attacking the router from inside the network is only a matter of infecting a computer inside the network.

Then the compromised computer is used to modify the DNS settings.

Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.

If you can already infect inside computers, do you really need to hack the router?

Re:malware = local (2)

SethJohnson (112166) | about 4 months ago | (#45853313)

If you can already infect inside computers, do you really need to hack the router?

The first computer is compromised via email spam, spearfishing, drive-by browser vulnerability, etc. That computer is the beachhead for the attack on the router.

The router is then used to compromise all the other computers on the network. DNS is the easiest way. When the other users attempt to access URL's for Microsoft Outlook webmail, bank accounts, etc. the router misdirects them to fake websites that capture their login credentials or attempt drive-by browser exploits, etc.

Re:malware = local (1)

PlusFiveTroll (754249) | about 4 months ago | (#45853475)

Yes. Most of the time you may not get root on the infected device. Or the device will be some limited piece of crap. With an attack like this it is a stepping stone to get every device on the network under your control. Many computers will firewall themselves off from other devices on the network, yet allow some communications with the router. Also, most home routers provide DNS to the client computers.

Re:malware = local (4, Interesting)

toygeek (473120) | about 4 months ago | (#45852763)

This is exactly what happened with Apple a couple of years ago. The DNS Changer virus

http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml [f-secure.com]

It infected OSX machines and logged in the users router using the biggest "back door": admin/password. Then it changed to some DNS servers in Russia, and any device on the network was getting redirected to death to all sorts of sites.

Yes, this is a big back door, but no bigger than the admin/password admin/admin default credentials that 99% of people never changed. Thankfully, these days the routers come with better defaults.

Damn those Linkys routers (2)

ShaunC (203807) | about 4 months ago | (#45851837)

Oh wait, if anyone edited this shit instead of piling more images and whatever else Dice's marketing team deems "awesome and revolutionary to leverage for Slashdot," this might be a reputable god-damned tech news site anymore.

Typo in subject (1)

Somebody Is Using My (985418) | about 4 months ago | (#45851839)

(insert expected comment about how Slashdot editors... don't).
It is LinkSys, not Linkys.

Although "Linky" seems almost appropriate, considering that's what routers do!

Re:Typo in subject (0)

Anonymous Coward | about 4 months ago | (#45851931)

It is LinkSys, not Linkys.

Although "Linky" seems almost appropriate, considering that's what routers do!

But I like Linkys. They is my favorite things to be click on! The Interwebs would not be much without them.

great. typo in the title. (4, Informative)

richlv (778496) | about 4 months ago | (#45851851)

"Linkys". because details are for samzenpussies.
this is getting annoying enough.

great news (0)

Anonymous Coward | about 4 months ago | (#45851857)

in my country prosecutors wiretapps almost 2.000.000 peoples per year. it's good to know that they also have easy access to our networks :)

Re:great news (1)

AHuxley (892839) | about 4 months ago | (#45852151)

Where, how and who would this help?
You would need to get between then 'house' and the exchange or telco http://en.wikipedia.org/wiki/Digital_loop_carrier [wikipedia.org]
With this method you would be free of any skilled unique ethernet packet logging after the 'modem' in the home network.
The main win for this would be the speed offered locally. While your real packets are still finding that best effort or dedicated loop out of your state, country the "wiretap" has won the networking race.
A cheap version of MINERALIZE and RADON. http://cryptome.org/2014/01/nsa-codenames.htm [cryptome.org]

Return to vendor (1)

Anonymous Coward | about 4 months ago | (#45851875)

Get a refund. This shit must cost them or it will never stop.

Re:Return to vendor (3, Interesting)

hawguy (1600213) | about 4 months ago | (#45852057)

Get a refund. This shit must cost them or it will never stop.

On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?

Re:Return to vendor (4, Insightful)

gnasher719 (869701) | about 4 months ago | (#45852091)

On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?

Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).

Re:Return to vendor (1)

hawguy (1600213) | about 4 months ago | (#45852231)

On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?

Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).

You're excused.

Unless it's a published interface that they meant to be exploited that way, it can still be classified as a bug.

bug [wikipedia.org]:

A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs

Re: Return to vendor (1)

Anonymous Coward | about 4 months ago | (#45852357)

Enough with the sophistry. A backdoor is not a bug. It is intentional, not accidental. If you have to call it by a computerish name, call it malware. It does after all cause unwanted and malicious behavior. A device with a backdoor is defective by design and abuses the customer's trust in a way that can not be remedied by a patch.

Re: Return to vendor (1)

hawguy (1600213) | about 4 months ago | (#45852457)

Enough with the sophistry. A backdoor is not a bug. It is intentional, not accidental. If you have to call it by a computerish name, call it malware. It does after all cause unwanted and malicious behavior. A device with a backdoor is defective by design and abuses the customer's trust in a way that can not be remedied by a patch.

You can call it anything you like, but if you expect to return it and get a refund, you're going to have to come up with a better reason than "The software does something it's not supposed to, I want a refund". As long as the software/hardware does reasonably what it's supposed to, the manufacturer is unlikely to grant a refund, especially a year or more after purchase. If a security vulnerability (even a big gaping one) was sufficient to get a refund, no one would pay for any software, they'd just use it for a year or two, find a security vulnerability, then return it for a refund then buy the next version, and repeat.

I agree, it's a backdoor, but I disagree that there is any reasonable hope that the manufacturer will refund your money because there's a vulnerability in their code.

Re: Return to vendor (0)

Anonymous Coward | about 4 months ago | (#45852691)

Hell, I can even predict what the response to a refund request would be. That was clearly a port used by developers during their extensive beta testing of the device, and the few customers who have confirmed this bug were accidentally shipped debugging units due to a supply mix-up.

Re:Return to vendor (4, Insightful)

Cwix (1671282) | about 4 months ago | (#45852673)

The free dictionary:
http://www.thefreedictionary.com/back+door [thefreedictionary.com]

Noun 2. back door - an undocumented way to get access to a computer system or the data it containsback door - an undocumented way to get access to a computer system or the data it contains
backdoor
access code, access - a code (a series of characters or digits) that must be entered in some way (typed or dialed or spoken) to get the use of something (a telephone line or a computer or a local area network etc.)

Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door [oxforddictionaries.com]

noun
        the door or entrance at the back of a building.
        a feature or defect of a computer system that allows surreptitious unauthorized access to data.

So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.

Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.

Re:Return to vendor (1)

hawguy (1600213) | about 4 months ago | (#45852857)

The free dictionary:
http://www.thefreedictionary.com/back+door [thefreedictionary.com]

...

Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door [oxforddictionaries.com]

So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.

Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.

You don't understand, I'm not saying that it's not a back door, nor that it's not a big glaring security whole, I'd even agree with someone that said it's irresponsible.

But there's no reason why it can't be all of those things *and* still be called a bug -- they are not mutually exclusive.

It could have even been coded that way intentionally to integrate with other software or for diagnostics or whatever and it would *still* be a bug if the functionality can be exploited for other means.

It doesn't hurt the manufacturer though. (0)

Anonymous Coward | about 4 months ago | (#45852343)

Doing that just hurts the retailer; they won't be able to return the units to the vendor or manufacturer as their sales contract (they're not protected by the law in the same way end users are) will limit the criteria returns for credit are available under.

On top of that, the retailers can't generally refuse to do business with the vendor as end users expect to see certain brands on the shelves. Don't stock Cisco? Netgear? People will shop somewhere that does.

That basically leaves the retailer stuck with dead stock and a big bill through no fault of their own. If you deal with the vendor or manufacturer directly then you can force some change, but you need to be a pretty big business to be able to get their attention. Smaller shops are just rounding errors in the big picture.

Re:Return to vendor (1)

davecb (6526) | about 4 months ago | (#45852999)

In most legal systems derived from the English Common Law, this is selling something "not suitable for the purpose sold", and is part of the definition of fraud. Consult a lawyer for local details.

Re:Return to vendor (1)

sjames (1099) | about 4 months ago | (#45853191)

And if/when they create such a patch and apply it the product will no longer be defective. But today, it IS defective.

Telling the buyer to duck tape it is not the same as not being defective.

DSL? (-1)

Anonymous Coward | about 4 months ago | (#45851891)

Who has that anymore?

Re:DSL? (4, Insightful)

hawguy (1600213) | about 4 months ago | (#45852081)

Who has that anymore?

People that don't want to give any money to a cable company and want to give as little money as possible to the AT&T monopoly, and would rather have their money go to a friendly CLEC [sonic.net]. I gave up my 50mbit Comcast cable internet connection for a 14mbit DSL connection because several times a week, packet loss would go through the roof and throughput would slow to a crawl on the Comcast connection, while the DSL provider has been rock solid.

Re:DSL? (1)

dwater (72834) | about 4 months ago | (#45853131)

Also, even with fibre to the curb/cabinet, which I've had in both Finland and the UK, both involve DSL modems for the final copper link. In Finland, it was an off-the-shelf VDSL2 device, but in the UK I use BT, and I didn't pay enough attention.
Also, the older ADSL modems are widely used in China still - though I think Metropolitan Area Networks are becoming more popular undoubtedly involving local fibre connections (I had a symmetric 10BaseT connection in my flat when I lived here ~10 years ago and it only cost 99rmb/month).

And this is why (0)

Anonymous Coward | about 4 months ago | (#45851911)

I only use OpenWRT.

Until someone figures out a way to find out NSA BIOS tampering and I just chuck out all my networking gear.

So much for competition (5, Insightful)

bob_super (3391281) | about 4 months ago | (#45851935)

"Linksys (...) devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin (...)"

It reminds me that scary graph where half a dozen companies control almost all the stuff you see on supermarket shelves.
I remember reading nice fairy tales in school about open markets, and fair and diverse competition being paramount to the western economic model...

Re:So much for competition (4, Insightful)

Gothmolly (148874) | about 4 months ago | (#45852019)

That fairy tale stopped existing once companies could buy the laws they need to create barriers to entry.

Re:So much for competition (0)

Anonymous Coward | about 4 months ago | (#45852223)

Capitalism working as intended

Re:So much for competition (1)

jafac (1449) | about 4 months ago | (#45852387)

That fairy tale stopped existing once companies could buy the laws they need to create barriers to entry.

. . . . like Corporate Charters, for instance.

Re:So much for competition (1)

bill_mcgonigle (4333) | about 4 months ago | (#45852589)

. . . . like Corporate Charters, for instance.

Most Americans don't realize that the country got by on its first hundred years with no permanent corporations. JD Rockefeller found the right price.

Re:So much for competition (0)

Anonymous Coward | about 4 months ago | (#45853341)

That fairy tale stopped existing once companies could buy the laws they need to create barriers to entry.

Those laws occur naturally, when big companies do something stupid and lawmakers overreact.

The big companies usually don't like wasting money on new regulations any more than anybody else does, and are the least flexible to do it.
Then they have living breathing competitors of various proportions to worry about more than ones that don't exist yet.

That yet-to-be-conceived competitors will have to spend more money to get started is just a shitty consolation prize.

You'd be the first to accuse big business and politicians of being forward thinking...

Re:So much for competition (1)

besalope (1186101) | about 4 months ago | (#45852123)

"Linksys (...) devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin (...)"

It reminds me that scary graph where half a dozen companies control almost all the stuff you see on supermarket shelves. I remember reading nice fairy tales in school about open markets, and fair and diverse competition being paramount to the western economic model...

Sorta like these conglomerates? Just to name a few :)

Re:So much for competition (2)

n1c0 (999048) | about 4 months ago | (#45852203)

These devices are 'old', end of life, no longer supported and most non tech users won't ever know. And the non tech enduser will (once again) see personal or financial information compromised, or will participate in yet another botnet. It's public now, but nobody knows how much this has been exploited as zero day. Replace router/firmware with 'car' and we would see class action lawsuits as never before. I think that more strict regulation is needed or legislative work that hold companies accountable for issues as these, it's just too easy, make crap, write shitty software, sell it, don't look back.

Re:So much for competition (1)

jafac (1449) | about 4 months ago | (#45852379)

Oh. There's a problem with your market? Sounds like the job for The Invisible Hand! Invisible Hand will fix it!

Re:So much for competition (3, Insightful)

bill_mcgonigle (4333) | about 4 months ago | (#45852621)

Oh. There's a problem with your market? Sounds like the job for The Invisible Hand! Invisible Hand will fix it!

Sorry, the Invisible Hand is unavailable for comment. It's been bound, gagged (handcuffed?), indefinitely detained and sent to Gitmo for questioning by the State.

similar problem in 2004 (2, Informative)

Anonymous Coward | about 4 months ago | (#45852083)

I did a web search for "linksys router backdoor" and this story was one of the top results:
http://news.techworld.com/security/1682/critical-flaws-in-linksys-and-netgear-kit/

"...a hard-wired user account with a known password. Any user with access to a LAN with an affected WG602 device connected to it would be able to gain full administrator access to the device..."

Huawei at least have a password... (4, Interesting)

vik (17857) | about 4 months ago | (#45852099)

You can telnet into most Huawei/Vodafone DSL modems with admin/{VF-}[Countrycode]hg[ModelId] through the ethernet port...

This wasn't the NSA! (3, Funny)

CajunArson (465943) | about 4 months ago | (#45852115)

Their backdoors are implemented at much higher quality level.

Re:This wasn't the NSA! (1)

AHuxley (892839) | about 4 months ago | (#45852269)

It could depend on where the tech ended up. Ex staff, former staff, ex contractors, former contractors could have created their own 'lite' deniable offering for sale to state and federal law enforcement?
Why just log from an isp/telco level when you can get much closer?

Is this really a vulnerability or a feature? (4, Informative)

DigitAl56K (805623) | about 4 months ago | (#45852145)

There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.

It seems like this guy stumbled upon a similar feature.

Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.

Re:Is this really a vulnerability or a feature? (4, Insightful)

DigitAl56K (805623) | about 4 months ago | (#45852187)

To add to the above, I see the WNDR3700 is specifically reported as not being vulnerable to the open port he found on some of the older models. I know for a fact (because I owned one), that the WNDR3700 is one of the models that requires the magic packet to open the telnet port, further leading me to believe he found a poorly documented (but not unknown) feature that should have been much more visible and better protected by default, rather than something more akin to a backdoor (after all, you have to be on the LAN side to use it).

Re:Is this really a vulnerability or a feature? (0)

Anonymous Coward | about 4 months ago | (#45852347)

Right, because all the computers on the LAN are completely invulnerable.

Re:Is this really a vulnerability or a feature? (1)

DigitAl56K (805623) | about 4 months ago | (#45853003)

Right, because all the computers on the LAN are completely invulnerable.

If you have a system inside your LAN able to construct whatever network communications it wants to any internal device it might as well be running metasploit at that point and don't think a dinky old consumer grade WiFi router will be protecting you then.

Re:Is this really a vulnerability or a feature? (1)

deconfliction (3458895) | about 4 months ago | (#45853445)

If you have a system inside your LAN able to construct whatever network communications it wants to any internal device it might as well be running metasploit at that point and don't think a dinky old consumer grade WiFi router will be protecting you then.

When your sketchy friend/coworker/apartment-maintenance-guy[1] is visiting the home, the computers you are most worried about may not be powered on or present (your primary laptop). The infiltrator running metasploit would then not be able to get very far unless metasploit owned the wifi router (or other device). But one would hope that if many 'dinky old consumer grade wifi routers' were vulnerable to metasploit, we'd be hearing more about it in the news. Presuming the consumer grade routers are at least able to protect themselves against metasploit, then it still matters having an unprotected admin port on your router exposed to the internal network.

[1] about 10 years ago I was able to use motion.sf.net to catch my refrigerator repairman snooping through my bedroom office. Local police told me that since the bedroom door was open, *no law had been violated*!!! Closed but unlocked, and I could have filed trespassing charges. Open an inch, no law broken. Whatever...

Re:Is this really a vulnerability or a feature? (1)

AHuxley (892839) | about 4 months ago | (#45853653)

Hi dec, re snooping through my bedroom office
http://the.honoluluadvertiser.com/article/2004/Feb/05/ln/ln01a.html [honoluluadvertiser.com]
"FBI asks computer shops to help fight cybercrime"
"Each member of the computer crime squad is given a list of local businesses, Laanui said, with the idea of establishing a working relationship with all of them."
The snooping aspect may cover many local people who have the ability to 'walk' around a wide selection of suburban homes and commercial areas at "random" and report back.

Re:Is this really a vulnerability or a feature? (1)

hawguy (1600213) | about 4 months ago | (#45852385)

There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.

It seems like this guy stumbled upon a similar feature.

Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.

Why is a method to log into the router without any password not classified as a "vulnerability"? If I let my roommate's sketchy friend plug his laptop into the ethernet network because I don't trust him with the Wifi password, I wouldn't expect him to be able to telnet into to my wifi router without a password.

Re:Is this really a vulnerability or a feature? (0)

Anonymous Coward | about 4 months ago | (#45852445)

This method is for helping non techies. Tell non techie: following this 4 steps to fix your router: telnet , name, password etc etc. It is always the same to make tech support easier.

Re:Is this really a vulnerability or a feature? (1)

hawguy (1600213) | about 4 months ago | (#45852569)

This method is for helping non techies. Tell non techie: following this 4 steps to fix your router: telnet , name, password etc etc. It is always the same to make tech support easier.

I understand why having no password or the same password for everyone is easier for tech support - this is the same reasoning that led Wifi router manufacturers to have the routerr default to an open network with no encryption -- much fewer support calls from people that don't know their WEP or WPA key.

But that doesn't mean that it's not a security vulnerability.

Re:Is this really a vulnerability or a feature? (4, Insightful)

the_B0fh (208483) | about 4 months ago | (#45852437)

Oh wow. Your inside network doesn't touch the outside network? You don't visit websites? You do not run javascript on your browsers? You personally scan each piece of javascript to make sure it cannot get your IP address (yes it can), your gateway (yes it can) and send packets to your gateway (yes it can)?

Seriously, if you don't know what you're talking about, lurk and learn.

And default username/passwords means that malicious javascript can be very very simple indeed.

Your kind of thinking is why we have so much insecurity on the Internet. Please update and upgrade your skills.

Re:Is this really a vulnerability or a feature? (1)

DigitAl56K (805623) | about 4 months ago | (#45852867)

Of course there is a risk there, that's probably why in newer models they require a magic packet in the first place. Can JavaScript in a browser construct such a magic packet? As far as I know it can only create TCP connections.

I didn't say Netgear secured this thing well, did I? I was merely pointing out that this was likely not an NSA backdoor, and had already been "improved" in newer models.

At least I felt like I contributed to the discussion. You, on the other hand, were just being a dick.

Re:Is this really a vulnerability or a feature? (3, Insightful)

the_B0fh (208483) | about 4 months ago | (#45853275)

You understand that most of the botnets out there are the result of someone clicking on a link and visiting a site that had malicious code embedded in it (ActiveX/JavaScript)?

While JavaScript might not natively be able to send a hand crafted magic packet, it can *take over your system* - which then allows it to download and install rootkits and other stuff - one of which can doing the magic packet tickling.

You said:

Yes, this stuff should be better protected, but it's not necessarily a vulnerability.

*AND YOU ARE VERY VERY WRONG* I want to say this in the nicest way I can - if you are propagating wrong information, you should be stopped. If you think you are correct, you need to be corrected. If you think this is being a dick, I apologize, but you are still wrong, and you are still spreading bad information. Learn and improve your knowledge. Think things through.

Think about it - the programmers who should know better thought the same as you. And as a result, now millions of routers are vulnerable, and open to being exploited. Every week, we see tons of news about basic infrastructure being insecure. Because no one said "that's a fucking stupid idea, don't do it" because saying that means they're being a dick.

Oh yeah? (-1)

Anonymous Coward | about 4 months ago | (#45852181)

Last night I discovered the backdoor in your MOM! Ha!

this is a simple start (1)

onepoint (301486) | about 4 months ago | (#45852221)

While it's not a very big issue, it's a start... and all good things start with simple steps
given it's been going on for a while, now the ball is rolling and the public is learning ...

it's up to someone smarter than me to figure out how to get these little back doors
more into the public eye.

Backdoor requires local network access? (1)

the_B0fh (208483) | about 4 months ago | (#45852413)

You mean like how any web page with javascript? It's not that difficult to get $ethX and get the gateway, which will probably be the router. Ooops, it's now fully available to the attacker on the outside world.

Hmmm (2)

koan (80826) | about 4 months ago | (#45852439)

There an interesting video the other day http://boingboing.net/2013/12/31/jacob-appelbaums-must-watch.html [boingboing.net] I believe he mentions the NSA and hacking wireless routers, perhaps they created it.
additional several router models are susceptible to a hack so easy it's ridiculous, namely adding a certain user agent string to your browser lets you in.

I personally don't use wireless at home any longer,

spon6e (-1)

Anonymous Coward | about 4 months ago | (#45852563)

leaving 3ore. I taSk. Research

who what have thunk it. (0)

Anonymous Coward | about 4 months ago | (#45852737)

back doors sre built into every thing.
period, end of text.
regards,
mike

RVS4000, too (1)

dltaylor (7510) | about 4 months ago | (#45852741)

So much for "business class" routers/firewalls, and it wasn't on the list.

I've got a couple of old computers around. Time, again, to build my own. Another plus is that local DHCP addrersses will show up in DNS.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...