D-Link Finally Shuts Firmware Backdoor in Routers

By Kevin Parrish
published

D-Link has fixed a security hole in a number of network routers.

D-Link has finally released a patch to fix a serious vulnerability in a number of routers that allows a hacker to remotely change the settings.

The vulnerability was originally discovered back in October by Tactical Network Solutions vulnerability researcher Craig Heffner, who specializes in wireless and embedded systems. He reverse engineered a previous firmware update and saw that the vulnerability grants full access into the configuration page without the need for a username and password.

"Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string," reads the patch overview. "This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be affected; please contact these vendors directly at their regional websites."

Heffner discovered that if a browser's user agent string is set to "xmlset_roodkcableoj28840ybtide," hackers can gain access to these routers if connected to the network via Ethernet or wireless, or if the router's configuration page is publicly accessible. When reversed and the numbers removed, this string actually reads "edit by joel backdoor" as if the "backdoor" in the routers' firmware was intentionally placed.

"The so-called backdoor was implemented in these six older products as a failsafe for D-Link technical repair service to retrieve router settings for customers in case of firmware crashes that would result in lost configuration information," a company spokesperson told Bit-Tech back in October.

The firmware update was reportedly slated for a late October release but instead saw a slight delay. Models affected by the "backdoor" problem include DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S, and TM-G5240. This new firmware is expected to lock those backdoors once and for all.

“Security and performance is of the utmost importance to D-Link across all product lines," a company rep previously stated. "This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards.”

D-Link previously suggested that customers should make sure their network is secure, and disable remote access to the router if it's not required. Customers should also ignore unsolicited emails that relate to security vulnerabilities and prompt them to action. For more information about the new firmware, head here.

Kevin Parrish
5 Comments Comment from the forums
  • Rancifer7
    Well at least we "know" the NSA plant at D-Link is named Joel. Gotta start somewhere eh?
    Reply
  • clonazepam
    I always had the thought that the modems could potentially have backdoors. Anyone looking at those?
    Reply
  • Darkk
    While this backdoor had it's good intentions from customer service standpoint but poorly designed. The backdoor should be unique to each device. Backdoor should ask for a password such as the device's serial number and few digits of the MAC address. Also add a deny timer if hacking of the backdoor is in progress.

    Easy to implement. Ah well, least they took it out entirely.
    Reply
  • clonazepam
    12105189 said:
    I always had the thought that the modems could potentially have backdoors. Anyone looking at those?

    There's many reasons for thinking so, including the fact that Comcast keeps bugging me to replace the one I have that works perfectly. It has VoIP built in, and they keep messaging me that the battery is dead, and the whole unit needs replacing. lol. Now, I'm not a serious conspiracy theorist. I do enjoy them for their entertainment value. I'm also not the type to believe that I'm so important that someone somewhere really cares about what I'm doing on the internet. I do love a good story though.
    Reply
  • timaahhh
    You think for the sake of troubleshooting you could add a physical switch or jumper the user can use to put the router into a troubleshooting mode. I hate the fact that AT&T's new modems can see every device hooked up to there uVerse modems. There are so many 'backdoors' technicians have now a days that do very little in terms of end user support but could give a potential hacker more information they may need to intrude on your network.
    Reply