1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News D-Link routers contain back-door code, claims researcher

Discussion in 'Article Discussion' started by Gareth Halfacree, 14 Oct 2013.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,382
    Likes Received:
    1,803
  2. mi1ez

    mi1ez Active Member

    Joined:
    11 Jun 2009
    Posts:
    1,436
    Likes Received:
    18
    If you reverse the string it says "edit by [...]" rather than "edited by [...]"
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,382
    Likes Received:
    1,803
    Hah! I'd written 'edit' the first time around, then when I was giving the article a final scan-through before publication I automatically corrected the grammar without a second thought. Fixed, ta!
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,382
    Likes Received:
    1,803
    I've updated the article with a brief comment from D-Link announcing that it will be patching the back-door by the end of the month, which fails to actually address any of the questions raised. I've pressed for clarification.
     
  5. jrs77

    jrs77 Well-Known Member

    Joined:
    17 Feb 2006
    Posts:
    3,487
    Likes Received:
    103
    I'd guess that any modern device, be it a computer, a router or whaterver has a backdoor implemented these days.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,382
    Likes Received:
    1,803
    Trufax, but there are clever backdoors - "let's stick a cryptographic public key in there, and if our private key knocks open up a hole" - and dumb backdoors - "hey, let's open a hole when someone uses a plaintext string that appears in our easily-analysed and publicly-available firmware files as their user agent. THAT WON'T GO WRONG AT ALL."

    (Although, in D-Link's defence, it took a fair few years for anyone to publicise the vulnerability - which isn't to say it hasn't been discovered and exploited by ne'er-do-wells clever enough to keep their new toy quiet in the past, of course.)
     
  7. Krikkit

    Krikkit All glory to the hypnotoad! Super Moderator

    Joined:
    21 Jan 2003
    Posts:
    23,448
    Likes Received:
    368
    Blimey, that's a pretty embarrassing gaffe for such a major player in the router market these days. Could be very useful for people trying to open up their ISP's routers though.
     
  8. Alecto

    Alecto Member

    Joined:
    20 Apr 2012
    Posts:
    134
    Likes Received:
    1
    Well there's always the (free) alternative that works with a number of routers (and to be honest, those that are tied down by the manufacturers should be avoided anyway):

    http://wiki.openwrt.org/doc/howto/build

    You can build your own version after auditing the code.
     
  9. sp4nky

    sp4nky BF3: Aardfrith WoT: McGubbins

    Joined:
    15 Jul 2009
    Posts:
    1,706
    Likes Received:
    53
    Funnily enough, I've just taken delivery of a D-Link NAS. It's getting sent back now. Also, power cable was faulty but still, I'm now asking for a full refund instead of a replacement.
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,382
    Likes Received:
    1,803
    D-Link has responded to my questions with a defence of the back-door code. There are still some outstanding issues to be addressed, however, including its apparent presence in DIR-615 routers - which aren't on the list of devices getting a firmware update it provided this morning.
     

Share This Page