Another day, another router backdoor

Last Updated on December 5, 2015 by Dave Farquhar

Ars Technica dropped this bombshell toward the end of the day yesterday: A backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it? Well, some of the suspect routers made by subcontractor Sercomm are compatible with DD-WRT. Upgrade, if you haven’t. I’ll be doing another step-by-step DD-WRT upgrade, on a TP-Link device, if that Federal Express truck ever shows up with my delivery from Newegg. If you’re technically savvy and looking for a way to make some extra cash, offering to upgrade people’s routers to DD-WRT for them is sounding like a better and better business plan with every passing week. If you have a vulnerable router and it’s not compatible with DD-WRT, Newegg has the D-Link DIR-601 on sale for $15 through January 8, which is compatible. (Just don’t deploy it onto your network straight out of the box, I’m begging you!)

The silver lining is that this stuff has existed for years, and finally there are people looking at it. I think it’s shameful that being a CISSP is almost a requirement of achieving an acceptable level of network security in a private residence–and it’s no guarantee that every CISSP’s personal network is safe–but exposing these backdoors is the way to get them fixed.

Shipping with DD-WRT from the factory is one option. There’s no product differentiation if they do that, but considering the product differentiation they have now is just different ways to subvert the router, DD-WRT looks a lot more attractive. And it would be much cheaper than developing nasty firmware in house. And, besides being more secure, DD-WRT tends to be much more stable than the factory firmware. When I look at the reviews for almost any given router, I frequently find complaints of dropping connections or poor range, then someone mentions that when they put DD-WRT on it, the connections stay rock solid and the range increases. And there’s something to that theory, because most common routers are based on the same SoC device. The manufacturers just put them in their own case and load their own firmware on them.

If you found this post informative or helpful, please share it!