Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

Today in Techrights

Fedora 26 Linux Might Ship with an LXQt Flavor, Won't Replace the LXDE Spin

There's a new self-contained change planned for the upcoming Fedora 26 Linux distribution, due for release on June 6, 2017, namely a new flavor built around the lightweight, Qt-based LXQt desktop environment. Read more

Devil-Linux 1.8.0 to Be a Major Overhaul, Will Use SquashFS as Main File System

It's been seven months since we last heard something from the developers of the Devil-Linux project, which produces a tiny, dedicated server distribution for many applications, and a new development version of the upcoming 1.8 stable series is out. Read more

CentOS vs Ubuntu: Which one is better for a server

Finally decided to get a VPS but can’t decide which Linux distro to use? We’ve all been there. The choice may even be overwhelming, even for Linux distros, considering all the different flavors and distros that are out there. Though, the two most widely used and most popular server distros are CentOS and Ubuntu. This is the main dilemma among admins, both beginners and professionals. Having experience with both (and more) distros, we decided to do a comparison of CentOS and Ubuntu when used for a server. Read more