Possible link discovered that ties together Wi-Fi routers with backdoors

Share this article:
Possible link discovered that ties together Wi-Fi routers with backdoors
Possible link discovered that ties together Wi-Fi routers with backdoors

A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.

While tinkering around with his Linksys WAG200G wireless router over the 2013 holiday, Eloi Vanderbeken – who recorded his work in an illustrated slideshow – used some reverse engineering and brute force techniques to execute commands against the device. In the end, Vanderbeken learned that he could reset the router's password and access its administration panel.

“I only had one day to test my codes/assumptions, so the following slides are just some random thoughts/observations,” Vanderbeken wrote in his slideshow presentation.

Since posting his initial findings, Vanderbeken has updated his research, confirming that versions of the Cisco WAP4410N-E, Linksys WAG120N, Netgear DG834B, Netgear DGN2000 and Open WAG200 contain internet backdoors – meaning those devices are vulnerable to remote attacks.

Other Wi-Fi routers – including several devices from Cisco, Linksys, Netgear, Diamond and LevelOne – are listed as being vulnerable to attacks for which a user needs to be connected to the local network.

On the website where he has been updating and discussing his research, Vanderbeken linked to an article that targets Sercomm, a manufacturer of networking equipment, as the bond that ties all these devices together.

The link was not working on Monday afternoon and a Sercomm representative could not immediately be reached by SCMagazine.com for comment.

At the end of December 2013, a German newspaper reported that a number of products, including some by Cisco, contained NSA backdoors.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.