Feeds

Hacker backdoors Linksys, Netgear, Cisco and other routers

Does anyone take consumer security seriously?

Next gen security for virtualised datacentres

The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems.

A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published by Eloi Vanderbeken at github, here, resets devices to factory default, enabling a remote attack without the password.

Vanderbeken says the backdoor is confirmed in devices from Cisco (under both Cisco and Linksys brands, the latter since offloaded to Belkin), Netgear, Diamond, LevelOne and OpenWAG. According to a post on HackerNews, the common link between the vulnerable devices is that they were manufactured under contract by Sercomm.

Trying to access a Linksys WAG200G device for which he'd forgotten the password, Vanderbeken noticed the device was listening on Port 32764, an undocumented service noted by other users. Reverse engineering the MIPS code the device's firmware is written in, he says he located a way to send commands to the router without being authenticated as an administrator.

In particular, the backdoor allowed him to brute-force a factory reset without providing a password – meaning that on his next login, he had access to everything.

Vanderbeken's proof-of-concept python code includes reporting on whether the device it's running against is vulnerable or not.

It seems to The Register that at least this vulnerability doesn't permit a silent attack: if an outsider ran the code against someone's router, the crash and resulting reset to default passwords would at least alert the victim that something had happened. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?