Monday, October 14, 2013
More Backdoors
Yesterday it was discovered that certain D-Link routers have a back door built into the firmware. A backdoor is an intentional vulnerability left in software. Sometimes they are left in for when customers forget their password, or sometimes for more nefarious reasons. In this situation, it looks like it was left in for administrative purposes.
Exploiting this backdoor is incredibly easy. All you had to do was set the user agent of your browser to `xmlset_roodkcableoj28840ybtide`. If you reverse that string you find it says, `edit by 04882 joel backdoor_teslmx`. That secret string even tells you that this was intended for a backdoor and not left in by accident. Changing your user agent is not as hard as it seems, there are plugins for web browsers that will do it for you.
To fix this issue, users will have to log into their administrative panel of their router and re-flash the firmware. This is too difficult for many users, so this vulnerability will be around for a long time. By intentionally placing backdoors into such mundane devices, these companies are not just risking the reputation of their company, but the security of million
s. In the short term, users are best off not purchasing D-Link devices since they have proven their self insecure.
One long term fix to this is to replace D-Link's firmware with an open source version. While this is not a procedure your grandmother could do, it is something the company D-Link could consider doing. However, by using an open source firmware detecting backdoors such as these would be simple.
Just because the firmware is open source does not mean it is invincible to backdoors, they're just able to be detected.
Image credit: https://commons.wikimedia.org/wiki/File:Wikimedia_Servers-0001_42.jpg
Subscribe to:
Post Comments (Atom)
When I saw this report earlier it made cringe, but at the same time I can understand why its there. TThese routers aren't targeted at the computer savvy (there's just not enough of them). So when they get support calls, they could walk you through finding your ip address (hard but doable) and then get into the router to fix the problems.
ReplyDeleteIs this terrible? yeah. But not enough people care. I doubt 1 in 10 people on the street even know what a user agent is. They just want their router to work.
People don't care because they don't know. While this may only be a problem right now among the tech savvy, once a layperson, or someone who does not have a strong technical background, is affected it will be big news.
ReplyDeleteWhile most people don't care much about this or see it as much of a problem it's still important to address. Even if these routers aren't aimed at technical people and most people don't care, regardless it's not fair to create such big back doors into routers, just to make it easier to walk people through. It puts a lot of people and information at jeopardy.
People don't care because they don't know. While this may only be a problem right now among the tech savvy, once a layperson, or someone who does not have a strong technical background, is affected it will be big news.
ReplyDeleteWhile most people don't care much about this or see it as much of a problem it's still important to address. Even if these routers aren't aimed at technical people and most people don't care, regardless it's not fair to create such big back doors into routers, just to make it easier to walk people through. It puts a lot of people and information at jeopardy.
There are back doors in everything today. We would hope most of them would only be for administrative use and only accessible by those who need it. It most cases this is not true. Many back doors have minimal to no security at all so any body can use it. This is the first time I am hearing about this and I am very surprised that bypassing some routers could possibly be this easy. News like this can seriously cripple a company with law suits and even worse a bad reputation.
ReplyDeleteBack doors are what allowed the NSA to collect all their data for Prism. Most back doors people are clueless about. Just about any product or software has a back door that is released today. Many of these are necessary in order to be able to service users with issues and bypass regular usage. But more times than people know back doors are used maliciously. I they're needs to be a discussion on standardizing back doors.
The only way to combat back doors is to support open souce software allowing programmers to review the code and determine whether its safe to use. In addition, Most hardware vendor that make network equirement issue contracts to third party vendors to write drivers for their devices. These third party vendors are usually paid cheaply and are willing to take bribes by nation states or hacker organizations to create and obfuscate back doors into drivers. Most equiment bought should be taken with caution with regard to cyber security.
ReplyDelete