DSL Router Patch Hides, But Doesn’t Fix, Backdoor Firmware Vulnerability

DSL Router Patch Hides Problem Without Fixing It

DSL Router Patch Is Faulty

Earlier this year, a story about a hacker finding a backdoor vulnerability with DSL routers made its way around the Internet. The backdoor vulnerability would allow a hacker to send administrative commands to a router without a password. This is the kind of massive security hole that major router companies don’t let stand, so they set about fixing it, releasing a firmware update that would purportedly close the backdoor.

Well, turns out their “fix” has some problems of its own. Eloi Vanderbeken of Synacktiv Digital Security, the very same researcher who discovered the backdoor problem with the DSL router patch in the first place, has found that the new firmware published by Netgear and other companies that was intended to close the backdoor merely conceals it.

And because the backdoor has been hidden instead of permanently closed, all it takes to expose this vulnerability is knowing the secret “knock”, as Vandebaken’s Power Point narrative explains. What is even more troubling is that if there is a knocking sequence, there is evidence to indicate that this backdoor vulnerability is a deliberate feature added by from the Taiwanese manufacturer Sercomm.

Ars Technica explains further: “The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding.”

Protecting DSL Router Patch Vulnerability With A FlashRouter

The FlashRouters Guarantee

The FlashRouters Guarantee

Suffice to say, if the allegations that these companies are deliberately maintaining security flaws are true, they’re stunning in their calculated deceptiveness. As a company that prides itself on providing our customers with the comfort of a secure network – especially at a time when such a thing is always more and more difficult to achieve – we’re offended to think of a company actively working to mislead their users and put them into harm’s way.

At FlashRouters, we offer only tested (and re-tested) routers, all of which are flashed with versatile and powerful open source firmware like DD-WRT and Tomato. We promise that our staff works diligently to ensure the very best, most secure devices for our customers, and we’ve got the routers to back it up. Check out our top-selling devices and most popular DD-WRT routers and see for yourself.

Want more news and information about issues of online security and network vulnerabilities? Follow us on Twitter and like us on Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *