Search the Community
Showing results for tags 'backdoor'.
Found 4 results
hi all, i've been having problems with my internet connection and my ISP switched my router and other things. I was wondering, being that the firmware is not open source, is there any other way to check whether the router has a backdoor installed? thanks
/dev/ttyS0 recently analyzed D-Link's DIR-890L and found a security issue which opens up the possibility of executing any code with privileges of system, i.e. root. The worst thing about it is: The firmware version was designed to patch three different vulnerabilities in connection with HTTP and UPnP... .. which were, well, not really closed. If you are using a D-Link router orif you are planning on buying one,scroll to the bottom of the post and see if your model is listed there. If so, you should really think about your habits or your choices, respectively. From what I understood, this can only be exploited in a local network. The truth is: If D-Link doesn't seem to care about exploits in local networks - do you really think they care about what's coming from the internet? You should really abandon the D-Link ship.
People (who are involved in IT security in first place) read about the open port 32764 in routers from Cisco, Linksys, Netgear and Diamond having strange backdoor access to the configuration files of those routers. Long story short, there is a service listening on this port which accepts a variety of commands such as resetting the router or printing out all kinds of information, even passwords in plain text. Connecting to the router through telnet should return the string "ScMM" or "MMcS" if the service is running (it's for SerComm). It could be smart to check if your Cisco/Linksys/Netgear/Diamond router is listed here. Or use this python script. Or just connect to your router via telnet [your.router.ip] 32764 and see if you get one of the aforementioned strings back. Source #1 Source #2 ---- Update #1 ---- First statements of manufacturers Linksys and Netgear. Both of them allegedly are "going through all possible vulnerabilites" and will publish more information on this after they did some analyzing. Fact is that they didn't even warn the users of those routers... strange, too... Source ---- Update #2 ---- Cisco released a Security Advisory and is working on a fix. There are no workarounds so you have to wait for Cisco's update. ---- Update #3 ---- It's not over!
The following pictures are part of an article by Heise Online, referring to a book by Glenn Greenwald. The NSA intercepted packages containing Cisco routers in order to install spyware on it. ^ Proof ^ That happened when the spyware wasn't working like it should (Edit: Pictures were moved and renamed by heise's CDN; fixed <3)