Backdoor found in D-Link router firmware code

It appears this backdoor might have been around for 3 years. Anyone with the specific model numbers might want to look into this.

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the Web interface for some D-Link routers could be accessed if a browser's user agent string is set to xmlset_roodkcableoj28840ybtide.

Curiously, if the second half of the user agent string is reversed and the number is removed, it reads "edit by joel backdoor," suggesting it was intentionally placed there.

"My guess is that the developers realized that some programs/services needed to be able to change the device's settings automatically," Heffner wrote. "Realizing that the Web server already had all the code to change these settings, they decided to just send requests to the Web server whenever they needed to change something.

"The only problem was that the Web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, 'Don't worry, for I have a cunning plan'!"

Link

reply to post by roadgravel


My Qwest 5000 router was having to be rebooted a lot . . . net would go down a lot.

Techs said that version was giving them a lot of trouble. Suggested a new different model.

Got the new one. Haven't had to install it.

Old one has given no more trouble.

I've often assumed that the . . . watchers . . . decided to quit giving me hassles rather than have to reconfigure a new modem for their snooping.

Might be a silly assumption. Might not be.

reply to post by BO XIAN

Strange things if you didn't change anything on your network.

reply to post by roadgravel


My desktop is the only thing on the DSL. . . . except occasionally my Kindle for downloading books.

Curious, to me, anyway.

Its not been uncommon over the years to hardcode back doors into system due to the need to upgrade software etc and the owners don't have the knowledge/skills to do it or just to recover an item for which the passwords been lost (the only person just got hit by a bus) and having to reset it back up from scratch is not an option

What i think now is people are spending more time looking at stuff like routers and noticing where they've left the spare keys under the mat for the spooks to use if they should wish

reply to post by roadgravel

Curiously, if the second half of the user agent string is reversed and the number is removed, it reads "edit by joel backdoor," suggesting it was intentionally placed there.

That seems to me like irrevocable proof that the backdoor was put there purposely. I smell a law suit forming.