Friday, January 3, 2014

Router Backdoors found in tons of router models...but not a big deal for most people

Source(s):
http://arstechnica.com/security/2014/01/backdoor-in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/
https://github.com/elvanderb/TCP-32764/blob/master/README.md  (List of known affected routers)

Summary:

For the non-technically inclined, let's define a few terms for this article/post.  A backdoor, in computing terms, specifically refers to a means to control a device remotely via a hidden access.  You can think of it like a secret way into a device in order to control it; these backdoors often have very little or no verification, and will accept any command sent to them without question. 

The discoverer of the backdoor, , was focusing on trying to get back into his own router, which he forgot the password to.  In doing so, he found some really strange activity on his router, which upon further investigation revealed the backdoor.  Being a bit of a programmer, he explored the backdoor as best he could and was able to map out many of the controls it allowed.  He published his results in a rather humorous powerpoint presentation (1.9 MB ppt download, some not safe for work language), and many other users tested his program and found quite a few other routers that had the same backdoor.

So, is your own router at risk and should you worry? 

Yes, and No.  

See, the backdoor is pretty specific, and it looks to require that you actually be on the network to pull it off.  Even if you were able to plug the backdoor (which you can't really), the likelihood of someone using this method to gain access to your router is pretty low.  The second link has a list of known affected routers; if you use one of these for your business, there may be some cause for concern, but again, this is a fairly isolated method of attacking a router.

What this does bring up are some interesting questions as to why such a backdoor exists; all routers have a physical switch on them to allow a factory restore, so end users have no use for such an interface, and technicians would likely use this as well instead of using the rather esoteric interface.  This is definitely an issue which warrants further discussion and investigation, but most home users should be able to continue using their routers as they have been without additional worry.