D-Link Back Door Discovered

Reactions
2,571 731 25
#1
I realize it's a bit unorthodox to create a whole thread for this sort of thing, but here we go.

If you use a D-Link router between you and the Internet (and really, where else would you use one?) then you may want to switch to something else until this gets fixed.

D-Link Router Backdoor Vulnerability Allows Full Access To Settings
(link goes to mirror, original site is understandably being hammered right now)

--Patrick
 
Reactions
130 14 0
#3
Wow - talk about a massive hole in security.

Glad I'm a) not running a D-Link and b) am actually running Tomato on my router anyway.
 

GasBandit

Staff member
Reactions
7,263 1,528 30
#4
I've read somewhere else this only becomes an issue if you have remote administration on and/or wifi enabled with no security. So I've turned those things off on our router here at work. It'll be a short term inconvenience, however, until I'm either allowed to replace it or D-Link does a firmware patch (which is supposed to happen at the end of October, they say)
 
Reactions
299 37 13
#5
I can think of a better idea for doing what they needed to do in FIVE MINUTES! Supposedly it is so other binaries on the router can do "admin" stuff easily. OK then. So to satisfy that: Generate an administrative user/password with randomly generated name AND password as soon as the router gets connected to the internet, and do it based on the current time along with an auto-assigned DNS name and/or router name if it gets one. (If you do it otherwise, it may all be 100% the same, factory time, which has the same problem). Then write that username/password to the internal storage. Then read that file from said "other binaries" and use THAT in the requests to the webserver. Done. Another option MAY be to just check which interface connections are coming from. If they're from the loopback interface (ie: from on the same machine) then just let them through. Not sure if that's secure, but if it is, then you CAN'T spoof that.

Either way, idiocy. And idiocy not having it out until end of the month too.
 
Reactions
504 140 7
#7
Be nice. If they were just taking the backdoor out then it would've been a week long job, but after all they had to build in a new NSA backdoor, and keep the old one active until the new one was ready.

These things just take longer.
 
Reactions
504 140 7
#11
I wonder how much the NSA would have to pay a tech company to insert a back door, then pretend it was the company's fault once it was discovered.
 
Reactions
2,571 731 25
#16
It's on the same order of unbelievable as when the news interviews some guy down at the police station, and right behind him on the wall is a Post-It with the SSID and password of the station wifi, or something.

--Patrick
 
Reactions
904 261 0
#18
Hmm... I'm pretty sure I use Zyxel at home, but I'm gonna have to go check after work.
 
Top