Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

25th Anniversary for FreeBSD

  • 25th Anniversary for FreeBSD
    On June 19, 1993 the name FreeBSD was officially agreed on and has been used ever since. Find out more about how to celebrate this important day with us.
  • June 19 Has Been Declared National FreeBSD Day, Happy 25th Anniversary FreeBSD!
    The FreeBSD Foundation is pleased to announce today that June 19 has been declared National FreeBSD Day to celebrate the project's official name 25th anniversary. Exactly 25 years ago on this day, on June 19, 1993, David Greenman sent an email to one of the mailing lists available at that point in time to suggest "FreeBSD" as the name for the Unix-like operating system used by billions of people all over the world, which continues to have a positive impact on us every single day.

Android Leftovers

SparkyLinux 5.4 GameOver, Multimedia, and Rescue Special Editions Are Out Now

Released last week on June 11, 2018, the SparkyLinux 5.4 "Nibiru" rolling release operating system was available only as LXQt, MinimalGUI, and MinimalCLI editions. Today, the project launches three more editions, namely GameOver, Multimedia, and Rescue. "New live/install ISO images of special editions of SparkyLinux 5.4 "Nibiru": GameOver, Multimedia & Rescue are out. Sparky 5 follows the rolling release model and is based on Debian testing branch "Buster"," reads today's announcement. Read more

KDE Plasma 5.13 Desktop Environment Gets First Point Release, over 20 Bugs Fixed

The KDE Plasma 5.13 desktop environment launched a week ago as the best release of the acclaimed desktop designed for GNU/Linux distributions, introducing new lock and login screens, redesigned system settings, Plasma Browser Integration, Plasma Discover enhancements, and many other improvements and changes. Now, users can update their KDE Plasma 5.13 installations to the first point release, KDE Plasma 5.13.1, which brings more than 20 bug fixes across various components, such as Plasma Discover, Plasma Add-ons, Plasma Desktop, Plasma Networkmanager (plasma-nm), KWin, and KDE Hotkeys. Read more