Back-Door Found In D-Link Router Firmware Code.

The back-door could be used to modify a router’s settings — a dangerous vulnerability

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.

Read on, after the Curve Out.



Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the Web interface for some D-Link routers could be accessed if a browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.”

[ Prevent corporate data leaks with Roger Grimes’ “Data Loss Prevention Deep Dive” PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

Curiously, if the second half of the user agent string is reversed and the number is removed, it reads “edit by joel backdoor,” suggesting it was intentionally placed there.

“My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically,” Heffner wrote. “Realizing that the Web server already had all the code to change these settings, they decided to just send requests to the Web server whenever they needed to change something.


“The only problem was that the Web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, ‘Don’t worry, for I have a cunning plan’!”

The technology industry has been rattled by documents leaked by former N.S.A. contractor Edward Snowden, which indicate the spy agency pursues ways to subvert security measures through back-doors. But developers sometimes make mistakes and in other cases, make poor security decisions.

With access to a router’s settings, an attacker could potentially steer someone’s Internet traffic through another their own server and read their unencrypted data traffic.

Read the rest of the article, in the link below.
http://www.infoworld.com/d/security/backdoor-found-in-d-link-router-firmware-code-228725

Be on the lookout for any peculiar behaviour on your computer/router, if no-one is using your router, check the data transfer lights, if they are flashing, normally that means someone is using your network.

Just simple things, such as activating your routers security features/wireless codes. Updating your routers firmware/backing up existing copies of firmware, which come on a disk with the router/from the makers website.

If you don’t know get one of your tech savvy family members, get them to show you, then ask questions. Yes a nuisance/drag but you paid for it, so learn how to use it wisely.



Leave a Reply