D-Link to issue router firmware updates for backdoor vulnerability

Oct 15, 2013 by Nancy Owano weblog

(Phys.org) —D-Link is tending to the router backdoor security issue that affects some of its routers. The company assures that it is "proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed." The drama began on Saturday night, when it was discovered, thanks to Craig Heffner, a vulnerability researcher with Tactical Network Solutions, that a backdoor-type function built into the firmware of some D-Link routers could be used to bypass standard authentication procedures. This was an opportunity to gain control of the device, potentially giving a criminal unauthorized access to a router's admin settings.

Heffner discovered the vulnerability in firmware. Once the authentication process was bypassed, one could change the router's settings. Heffner reported the issue. Word spread fast that a backdoor exploit opportunity had been found in a D-Link router's firmware code. Heffner, who worked on a D-Link DIR 100 to explore the vulnerability, explored further and said that, in total, seven different D-Link models of routers could be vulnerable.

Commenting on his discovery, the BBC noted that Heffner's analysis revealed a string of letters that, if used in a certain way, could unlock remote access. To see which other router models might have the same backdoor vulnerability, Heffner used a special search engine, Shodan. Heffner concluded that the same string could work on a total of seven D-Link router types, based on source code of the HTML pages and search results.

In response, D-Link stated that it is releasing firmware updates to address the vulnerability in affected routers. "Security and performance is of the utmost importance to D-Link across all product lines," D-Link said on its website.

D-Link is presently working with Heffner and other researchers to learn more about the vulnerability. D-Link said it is also continuing to review its entire product line to make sure vulnerabilities are addressed."We are proactively working with the sources of these reports," the company said in a statement.

As of the time of this writing, on its security page, D-Link already had posted a number of patches it was making available to address the . The page is titled "Update on Router Security issue." The company said that "Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices."

The company released firmware updates for the DIR-300, DIR-600, DIR-615, DIR-645, DIR-815, DIR-845L, DIR-865L, DSL-320B and DSL-321B.

"These firmware updates address the in affected D-Link ," the page stated. "D-Link will update this continually and we strongly recommend all users to install the relevant updates."

The company also advised against responding to unsolicited e-mails related to vulnerabilities prompting the user to take action.

"When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something." D-Link also suggested disabling remote access to the router if it is not required.

Explore further: Catch the northern lights with your mobile

Related Stories

Router compromise, rogue remote control? Easy, says ISE

Apr 21, 2013

(Phys.org) —Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network. The remote attacker ...

Samsung to issue updates in response to printer alert

Nov 29, 2012

(Phys.org)—Samsung has issued a response to CERT's vulnerability advisory about Samsung networked printers but the response may have left printer owners wondering what to do next. Samsung said that it ...

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

Recommended for you

Catch the northern lights with your mobile

17 hours ago

Updates on the best opportunities to spot the Northern Lights in the UK are now available on a mobile phone app developed in association with scientists at Lancaster University.

App improves the safety of blind pedestrians in cities

Jan 22, 2015

Siemens is developing a system that helps blind and visually impaired people walk safely through cities. In cooperation with the Technical University of Braunschweig and several partners, Siemens is working ...

Nadella: Microsoft aspires to get consumers 'loving Windows'

Jan 22, 2015

Microsoft upped its bid to capture the hearts and minds of technology consumers Wednesday with Windows 10, announcing everything from free upgrades for the majority of Windows users to support for nascent holographic dis ...

WhatsApp adds messaging from Web

Jan 21, 2015

The popular mobile messaging application WhatsApp, acquired by Facebook last year for nearly $22 billion, unveiled a new service Wednesday for sending messages from a Web browser.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.