Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

NVIDIA 375.10 vs. Linux 4.8 + Mesa 13.1-dev AMD GPU Benchmarks

In prepping for the GeForce GTX 1050 Linux graphics card reviews this week, I've been re-testing my various AMD and NVIDIA graphics cards atop the very latest driver stacks. As a precursor while waiting for the GeForce GTX 1050 Linux review in the days ahead, here are those fresh benchmarks of the other graphics cards. Read more

Tool That Lets You Install Ubuntu Touch on Your Mobile Device Now Supports Maru

It's been a little over a week since we told you all about Marius Quabeck's awesome new tool that lets you easily install the Ubuntu Touch mobile operating system on your device, and it looks like the developer was quite busy adding new functionality. Read more

3 open source time management tools

For many people, one of the reasons they cite for using a Linux-based operating system is productivity. If you're a power user who has tweaked your system just to your liking, and particularly if you adept at the command line, chances are you've realized significant gains in productivity. But do you have to be an extreme power user to make use of open source software's ability to boost your productivity? Absolutely not! Read more

An introduction to Mozilla's Secure Open Source Fund

Thanks Mark. Mozilla is a unique institution—it's both a nonprofit mission-driven organization and a technology industry corporation. We build open source software (most notably the Firefox Web browser) and we are champions for the open Internet in technical and political fora. We've been a global leader on well-known policy issues like privacy and net neutrality, and we're also very active on most of today's big topics including copyright reform, encryption, and software vulnerabilities. Read more