D-Link to issue router firmware updates for backdoor vulnerability

Oct 15, 2013 by Nancy Owano weblog

(Phys.org) —D-Link is tending to the router backdoor security issue that affects some of its routers. The company assures that it is "proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed." The drama began on Saturday night, when it was discovered, thanks to Craig Heffner, a vulnerability researcher with Tactical Network Solutions, that a backdoor-type function built into the firmware of some D-Link routers could be used to bypass standard authentication procedures. This was an opportunity to gain control of the device, potentially giving a criminal unauthorized access to a router's admin settings.

Heffner discovered the vulnerability in firmware. Once the authentication process was bypassed, one could change the router's settings. Heffner reported the issue. Word spread fast that a backdoor exploit opportunity had been found in a D-Link router's firmware code. Heffner, who worked on a D-Link DIR 100 to explore the vulnerability, explored further and said that, in total, seven different D-Link models of routers could be vulnerable.

Commenting on his discovery, the BBC noted that Heffner's analysis revealed a string of letters that, if used in a certain way, could unlock remote access. To see which other router models might have the same backdoor vulnerability, Heffner used a special search engine, Shodan. Heffner concluded that the same string could work on a total of seven D-Link router types, based on source code of the HTML pages and search results.

In response, D-Link stated that it is releasing firmware updates to address the vulnerability in affected routers. "Security and performance is of the utmost importance to D-Link across all product lines," D-Link said on its website.

D-Link is presently working with Heffner and other researchers to learn more about the vulnerability. D-Link said it is also continuing to review its entire product line to make sure vulnerabilities are addressed."We are proactively working with the sources of these reports," the company said in a statement.

As of the time of this writing, on its security page, D-Link already had posted a number of patches it was making available to address the . The page is titled "Update on Router Security issue." The company said that "Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices."

The company released firmware updates for the DIR-300, DIR-600, DIR-615, DIR-645, DIR-815, DIR-845L, DIR-865L, DSL-320B and DSL-321B.

"These firmware updates address the in affected D-Link ," the page stated. "D-Link will update this continually and we strongly recommend all users to install the relevant updates."

The company also advised against responding to unsolicited e-mails related to vulnerabilities prompting the user to take action.

"When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something." D-Link also suggested disabling remote access to the router if it is not required.

Explore further: Technology to help people with disabilities to learn and communicate

Related Stories

Router compromise, rogue remote control? Easy, says ISE

Apr 21, 2013

(Phys.org) —Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network. The remote attacker ...

Samsung to issue updates in response to printer alert

Nov 29, 2012

(Phys.org)—Samsung has issued a response to CERT's vulnerability advisory about Samsung networked printers but the response may have left printer owners wondering what to do next. Samsung said that it ...

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

Recommended for you

BPG image format judged awesome versus JPEG

Dec 17, 2014

If these three letters could talk, BPG, they would say something like "Farewell, JPEG." Better Portable Graphics (BPG) is a new image format based on HEVC and supported by browsers with a small Javascript ...

Atari's 'E.T.' game joins Smithsonian collection

Dec 15, 2014

One of the "E.T." Atari game cartridges unearthed this year from a heap of garbage buried deep in the New Mexico desert has been added to the video game history collection at the Smithsonian.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.