Sunday, October 13, 2013

Do not trust Chinese routers, especially D-LINK – As they contain backdoor!

A group of researchers found a backdoor in a set of D-LINK routers. Well, not a news but expected and good to be uncovered. Does it call for a deeper inspection of other brand routers? Better of with the open firmware like DD-WRT or OpenWRT or TOMATO! At least you know what you are loading on to the device.

The discovered backdoor can bypass the authentication step and land directly to the admin interface!

Pretty nifty isn’t? That’s what a backdoor is for.

Method to access: Just change the User Agent string of your browser to “xmlset_roodkcableoj28840ybtide” which is actually a reverse of “editby04882joelbackdoor_teslmx”.

Nice huh?

“edit by 04882 joel backdoor _teslmx”

One of the very few backdoors which actually spelt backdoor! :)

How to change the User Agent? It is very simple for non-IE browsers. Check in the configuration settings for Agent by typing about:config in the address bar.

If there is an option, you could change it and restart the browser for the new string to take effect. To check if it changes, use Netcat, start a listener on the local interface using “nc –vvns 127.0.0.1 –Lp 888” at the DOS prompt and type “http://localhost:888” and you can see the request on the command prompt window. You can check the User Agent string value and see if it has been changed according to the above setting.

Else check for some plug-in which can be used to change the User Agent string of the browser to what you want text!

More info about the backdoor and affected devices from http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

More and more of such news is actually taking away the trust on device manufacturer whether they are Chinese or not!

Well, like wise Intel who have a embedded SIM enabled on the processor for remote access, software manufacturers having hidden backdoors, etc,.

It is nice to see some researchers burning mid night oil to uncover snake oil products (what else to call ‘em?) and legitimate products which such nonsensical backdoors. But when it comes to hardware it is pretty much out of reach for any one to have a look at it to understand what it does when a specially crafter instruction / packet or a command is sent. It is actually scary to know what lies between the multi layered PCBs and components and what they are capable of. One could still argue, being a layman we might not have to worry about such things because of the information value we hold, but think about a top secret facility or a government or some one having a high value research data, it is pretty scary on what to trust. Ultimately, mate, anything electrical / electronical should not be trusted. No matter if it is a connected or disconnected device, powered on or in off state. Just don’t trust it!

I may be paranoid, but it goes with the saying of you know who:

“A computer switched off, unplugged, buried under ground in an unknown location on earth cannot remain safe! Then how our devices can be???”

And I don’t want to open another can of worms with the recent PRISM happenings as some things are better left not discussed. Beware!! it is not being promiscuous!! But just like that! Many more to go before the EOW!

No comments:

Post a Comment