D-Link Routers Vulnerable to 'Backdoor' Exploit

Dennis Faas's picture

Up to ten different router models, including some by popular manufacturer D-Link, are now vulnerable to hackers. It appears the code that runs the devices contains a master password that anyone could find and use.

The problem was discovered by security researcher Craig Heffner, who admitted he had nothing more exciting to do on a Saturday than nose through code accompanying a recent firmware update for his D-Link DIR-100 router.

Like most routers, the settings menu for the D-100 router is accessible through a web browser -- the idea being that the user can access the router through one of many devices on his or her wireless network.

Secret Code Bypasses Router Password System

Normally the user has to type in a user name and password to access the router settings. However, Heffner discovered that it's possible to get access without entering the login details by changing the user agent string to a specific string of characters actually listed in the code.

The user agent string is information a web browser sends to a website to tell it what browser the user's computer is running. Although it's normally sent automatically, it's possible to add it manually at the end of a website address, such as the one used to access a router.

On further examination, Heffner discovered the code would work on several other D-Link routers, plus two made by Planex.

Hidden Code Allows Entry Via "Backdoor"

Including the string of characters in the firmware code (and thus making them accessible to anyone with the right technical knowledge) is no accident. Heffner noted that among the string of characters was the term "roodkcab", which reversed says "backdoor". (Source: itworld.com)

"Backdoor" is a computing term used by software designers who create a system with some form of security barrier but include a secret code that allows them to quickly get back into the system, if need be. That can cause problems if, as has happened here, the backdoor is too easy to discover.

Heffner says the code is open to abuse. Somebody who was able to remotely access a router could alter its settings to redirect all Internet traffic, allowing them to read everything a user sent over the Internet unless it had been encrypted (as happens with secure websites).

D-Link says it is carrying out a full review and has already issued a temporary security patch at its website, pending a complete update to the firmware. It's also warned users to ignore any unsolicited emails about the problem, particularly those with clickable links that claim to offer an update. (Source: dlink.com)

Rate this article: 
Average: 5 (1 vote)