Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

Snappy Ubuntu Core takes off in a quadcopter

Erle Robotics has launched an Ubuntu Core “Snappy” version of its open source Linux and ROS-based Erle-Copter quadcopter, with Erle-Copter app store access. The “Erle-Copter Ubuntu Core Special Edition” is functionally almost identical to the Erle-Copter quadrotor drone announced by Erle Robotics in December, but instead of the usual Debian Linux distribution, it offers one of the first implementations of the lightweight new Snappy version of Ubuntu Core. Read more

There's No Plans for Ubuntu Phones Based on Ubuntu 15.10 (Wily Werewolf), Says Canonical

Now that Ubuntu 15.10 (Wily Werewolf) is open for development, and the Ubuntu Online Summit for Ubuntu 15.10 takes place these days between May 5-7 on the UbuntuOnAir channel, the Ubuntu Phone team announced plans for the next Ubuntu Touch development cycle. Read more

Linux-ready COM mates an i.MX6 SoC with an FPGA

Armadeus has launched a Linux-equipped module that integrates a Freescale i.MX6 SoC with a Cyclone V GX FPGA, and offers SATA, CSI, DSI, and optional WiFi. French technology firm Armadeus Systems has been selling Freescale i.MX based modules for years, including the circa-2009, i.MX27 based APF27. For the new “APF6_SP” computer-on-module, Amadeus has turned to Freescale’s Cortex-A9 i.MX6 SoC, which it had previous adopted for its APF6 COM. The feature set on the APF6_SP is very similar, with one major exception: the addition of an Altera Cyclone V GX FPGA. Read more

Samsung Officially Launches their Tizen Curved SUHD 4K TVs in the Philippines

The new line of Tizen 4K Samsung SUHD TVs has now officially been launched in the Philippines at an event held a few days ago. The new line-up of TVs includes the JS9500, JS9000 and JS8500 models, supporting screen sizes ranging from 55 to 88 inches. Samsung boasts that their TV technology, which uses nano-crystal semiconductors, leads in color and brightness compared to its competitors. Read more