Feeds

Hacker backdoors Linksys, Netgear, Cisco and other routers

Does anyone take consumer security seriously?

Beginner's guide to SSL certificates

The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems.

A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published by Eloi Vanderbeken at github, here, resets devices to factory default, enabling a remote attack without the password.

Vanderbeken says the backdoor is confirmed in devices from Cisco (under both Cisco and Linksys brands, the latter since offloaded to Belkin), Netgear, Diamond, LevelOne and OpenWAG. According to a post on HackerNews, the common link between the vulnerable devices is that they were manufactured under contract by Sercomm.

Trying to access a Linksys WAG200G device for which he'd forgotten the password, Vanderbeken noticed the device was listening on Port 32764, an undocumented service noted by other users. Reverse engineering the MIPS code the device's firmware is written in, he says he located a way to send commands to the router without being authenticated as an administrator.

In particular, the backdoor allowed him to brute-force a factory reset without providing a password – meaning that on his next login, he had access to everything.

Vanderbeken's proof-of-concept python code includes reporting on whether the device it's running against is vulnerable or not.

It seems to The Register that at least this vulnerability doesn't permit a silent attack: if an outsider ran the code against someone's router, the crash and resulting reset to default passwords would at least alert the victim that something had happened. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.