Backdoor found in D-Link Routers


#1

[Permalink]


#2

Idiots didn’t even use keypair auth for their backdoor… the ‘key’ was right there in every copy of the firmware that left the factory or the support page.

Honestly, given that Russians of dubious motive were chatting about it in early 2010, I’m surprised than nothing more visible has happened, if only for the lulz.


#4

“NSA OVERSEER ALPHA-0412 OVERRIDING HR SUMMONS TO JOEL. Please continue as you were.”


#5

Honestly, I’ve never found any good evidence that D-Link has any idea how to build networking equipment. They’ve been solidly on my “do not buy” list for over 10 years. Others have made it on my do-not-buy list for business reasons (IE I do not like them as a company). D-Link is almost alone in having made it on the list for technical bumbling. What other company thinks that having a router reset itself every 24 hours is a perfectly shippable solution to having firmware bugs that leak memory? Sheesh.


#6

For anyone interested in doing so…http://www.dd-wrt.com/site/index. There’s also OpenWRT, but I think they have a smaller list of supported devices.

My personal experience with DD-WRT to date has been failure, but I was trying to set up an old Cisco/Linksys router as a client bridge, something the original firmware wasn’t able to do at all: certainly more than most people need out of router firmware. It’s probably not quite as user-friendly as other router web-GUIs, but perfectly serviceable.


#7

I’ll second DD-WRT/OpenWRT/Tomato/etc. as being worth the while of any tech-savvy person out there with a serviceable router. As did Ratel, I also had a mild fail (and for the same reasons, natch), but I wound up finding so many other useful options in the software that I never reverted back to the original software.


#9

Or better yet, any of the networking gear from Ubiquiti. I’ve been a DD-WRT user since v1, but since trying Ubiquiti stuff I’m probably done with it. Infinitely better build quality than anything that DD-WRT runs on (that I’ve found), cheaper, and much better software IMO.


#10

Right on I’ll give it a try


#11

The “Joel” who is named in the string is likely the same Joel who was CTO of Alpha Networks, the firm that wrote the firmware.

HR probably isn’t rolling his head.

And this is why they always say the C-Levels get paid the big bucks, because they “take so much more risk”.


#12

This topic was automatically closed after 5 days. New replies are no longer allowed.