Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

Latest Calibre eBook Reader and Converter Now Support Latest Kobo Firmware

The Calibre eBook reader, editor, and library management software has just reached version 2.13 and the developer has added an important driver and made quite a few fixes and improvements. Read more

Lubuntu 15.04 Alpha 1 Is Out and Still Uses LXDE – Gallery

Lubuntu 15.04 Alpha 1 (Vivid Vervet) has been officially released and it follows its Kubuntu and Ubuntu GNOME brethren. Users can now download and test this latest installment. Read more

Red Hat’s success aside, it’s hard to profit from free

Red Hat, which just reported a profit of $47.9 million (or 26 cents a share) on revenue of $456 million for its third quarter, has managed to pull off a tricky feat: It’s been able to make money off of free, well, open-source, software. (It’s profit for the year-ago quarter was $52 million.) Read more

Linux 3.19: ThinkPad Muting Redone, New Dell Backlight Support, Acer Is Banging

The x86 platform driver changes for the Linux 3.19 kernel have been submitted and they include some noteworthy improvements for many Linux laptop owners. First up, the ThinkPad ACPI driver has been hugely reworked to simplify sound muting. The ThinkPad ACPI driver is now doing software muting rather than the hardware-based muting of sound. ThinkPad laptops commonly have hardware volume controls going back years for muting and volume up/down. The muting is done at the hardware volume control but is a problem as the Linux user-space will also handle the hotkey events and change the state of the other mixer. In the end you can end up in states where the hardware mixer is muted, the software mixer is unmuted, and when hitting the hardware mute key you will just switch states for both mixers. Read more