Forgot your password?
typodupeerror
Networking Businesses Technology

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection 428

Posted by timothy
from the not-polite dept.
chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"
This discussion has been archived. No new comments can be posted.

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

Comments Filter:
  • Re:Why... (Score:5, Informative)

    by matthewncohen (1166231) on Wednesday November 05, 2008 @06:51PM (#25652165)
    You have to manually upgrade the firmware and going back to plan old 1.20 is exactly the same process. It's not exactly hard to "disable". I have this router and also recently updated my firmware but I have not encountered this yet...
  • Huh? (Score:4, Informative)

    by Ritz_Just_Ritz (883997) on Wednesday November 05, 2008 @06:52PM (#25652189)

    I've been using rev1.21 for a few weeks now and I haven't seen this behavior at all.

    Wednesday, November 05, 2008 5:51:22 PM

    Firmware Version : 1.21, 2008/09/11

    *shrug*

  • Re:Why... (Score:5, Informative)

    by mattytee (1395955) on Wednesday November 05, 2008 @06:52PM (#25652191) Homepage
    If you RTFA, you'll see that you CAN disable it.

    Still pretty hinky, though.
  • by dmomo (256005) on Wednesday November 05, 2008 @06:52PM (#25652201) Homepage

    Before installing the new firmware, are you asked if this is Okay? If not, do they make it clear how it can be disabled?

    I am now reluctant to upgrade my DLink firmware. Is it's easy and clear that one can opt out.

  • by KoD7085 (1357011) on Wednesday November 05, 2008 @06:57PM (#25652335)
    I haven't upgraded to 1.21; however, the reason was when 1.21 first dropped it had SecureSpot. Now I found this out by reading the information on 1.21 so I didn't download and install it. They now (and have for some time) offer 1.21 without SecureSpot; perhaps you should download and install that.
  • From The FA (Score:3, Informative)

    by Blue Stone (582566) on Wednesday November 05, 2008 @06:57PM (#25652339) Homepage Journal

    >You can disable this feature by logging into the router and clicking the Advanced Tab and Secure Spot on the left side.

    >D-Link Customer Service

    Unethical to enable it by default and not tell the customer about it *until* it hijacks the connection (if you ask me) but easily disabled apparently.

  • by Knara (9377) on Wednesday November 05, 2008 @06:58PM (#25652353)
    From the goddamn article:

    Hi Brandon, What you experienced was not an Attempt to "Hijack" your connection. In fact what it is an added feature called "Secure Spot", It is software that is built into the router, which is used to replace or work along with your firewall/Antivirus/Antispam software. It also provides more parental controls. This feature does require a subscription if you want to use it but it is entirely optional. This feature replaces a hardware device that we had that did the same tasks. The DSD-150. You can disable this feature by logging into the router and clicking the Advanced Tab and Secure Spot on the left side. D-Link Customer Service

    So, you can turn it off. Not only that, but as of 9/30 there's a separate link at their firmware download page for the DIR-655 [dlink.com] that says (in plain view, in a sensible spot): Click here for Firmware 1.21 WITHOUT SecureSpot 2.0

    Should they have included that in a readme/changelog for the firmware? Maybe, but since they were all too happy to tell you how to turn it off, this really doesn't seem like a huge offense to me.

    Conclusion? Non-story.

    Plus, upgrading your firmware "just because". Why?

  • Re:Thank you! (Score:5, Informative)

    by Per Wigren (5315) on Wednesday November 05, 2008 @07:00PM (#25652393) Homepage

    Replying to myself to add some info. Firmware v1.20 doesn't have the "Advanced -> Secure Spot" page they mention so it really seems to be be new in v1.21. The 1.20 firmware can still be downloaded from here [dlink.com.tw].

  • by Anonymous Coward on Wednesday November 05, 2008 @07:01PM (#25652427)

    If you look under the revision history of the 1.21 firmware - there is a link to download the new firmware without Secure Spot 2.0. Just look for: "Click here for Firmware 1.21 WITHOUT SecureSpot 2.0" and click on that...

  • by Per Wigren (5315) on Wednesday November 05, 2008 @07:03PM (#25652479) Homepage

    Plus, upgrading your firmware "just because". Why?

    Because router firmware upgrades often mean closing security holes.

  • by Ryokurin (74729) on Wednesday November 05, 2008 @07:04PM (#25652485) Homepage

    The non securespot version has been there since the firmware was released. Its simply a case of the submitter not reading and comprehending. Either way, it asks you if you want to try it twice, and then leaves you alone.

  • by Anonymous Coward on Wednesday November 05, 2008 @07:09PM (#25652613)

    Back in 2003 Belkin introduced a router that periodically redirected HTTP connections to advertise its own software:
        Help! my Belkin router is spamming me [theregister.co.uk]

    Some commentary:
        Ease-of-use or marketing-driven sabotage: Does your hardware's software do only what you expect of it? [ibm.com]

  • by alanw (1822) <alan@wylie.me.uk> on Wednesday November 05, 2008 @07:09PM (#25652625) Homepage

    Here's [theregister.co.uk] an old article about Belkin doing a very similar thing:

    Belkin, the consumer networking and connectivity firm, has promised customers a firmware upgrade to disable a controversial 'spamming' feature built into its routers.

    As first reported on The Reg last week, the feature hijacks random HTTP requests every eight hours and redirects users to a page advertising Belkin's parental control software. There is an opt-out link but that failed to appease Net users who accused Belkin of creating a new mechanism for spam.

  • by Anonymous Coward on Wednesday November 05, 2008 @07:13PM (#25652711)

    I think we're all agreeing that the submitter is an idiot for not reading before downloading and the editors should not have posted this "story" in the first place.

    Thread closed.

  • Re:D-Link (Score:2, Informative)

    by Anonymous Coward on Wednesday November 05, 2008 @07:25PM (#25652945)

    Better than that, google "dd-wrt hardware", and look at what hardware is inside your next router purchase. Get one with at least 16M ram and 4M flash, and upgrade to an open firmware. Tomato is my favorite, it has the slickest admin GUI, on top of full Linux flexibility.

  • Simple solution... (Score:5, Informative)

    by Guspaz (556486) on Wednesday November 05, 2008 @07:28PM (#25653005)

    Only buy home routers that can run opensource firmwares. I'm quite happy with my WRT54GL, although the hardware is a bit antiquated at this point.

  • by kybosch (250319) on Wednesday November 05, 2008 @07:32PM (#25653079)

    I would agree. I, too, downloaded the version without secure-spot. When I saw that there was two versions, I went back and double checked what the difference was between the two versions. Saved myself some trouble.

    I have to say, though, that Belkin has done this for years. I had a Belkin 54g router that always spammed me with child protection features after every firmware update. I am surprised that no one else has mentioned Belkin in this. (Or did I mod filter them out?)

  • by djwudi (554822) <michael DOT hanscom AT gmail DOT com> on Wednesday November 05, 2008 @07:41PM (#25653219) Homepage

    Possibly also of interest: The /. thread [slashdot.org] for the Belkin incident, and I put a small collection of related Google Group links in a weblog post [michaelhanscom.com] back then. The Belkin incident was the first thing I thought of when I saw this story post. Good to know I'm not the only one who remembered that.

  • Re:D-Link (Score:3, Informative)

    by Tumbleweed (3706) * on Wednesday November 05, 2008 @07:47PM (#25653299)

    > D-Link is Shit. Buy Linksys.

    > > Linksys is even worse shit.

    Buy the router/AP that has the features you want AND is supported by Tomato, DD-WRT, et al, and don't look back.

  • it's not illegal... (Score:3, Informative)

    by roc97007 (608802) on Wednesday November 05, 2008 @07:55PM (#25653429) Journal

    ...but dlink just fell off my vendor list.

  • by TheSHAD0W (258774) on Wednesday November 05, 2008 @08:08PM (#25653611) Homepage

    Linksys isn't so bad if you replace the firmware. Try dd-wrt [dd-wrt.com] if you want quick and easy, or OpenWRT [openwrt.org] if you want to customize. I guarantee you'll like 'em. (Get a WRT-54GL to try it on; they're cheap nowadays.)

  • by menace690 (531682) <menace690@optonline.net> on Wednesday November 05, 2008 @08:08PM (#25653615)
    Its clearly listed on their website.. http://support.dlink.com/products/view.asp?productid=DIR-655 [dlink.com]
  • Re:Why... (Score:4, Informative)

    by Hattmannen (658936) on Wednesday November 05, 2008 @08:08PM (#25653619) Homepage

    There are routers that run open source firmware. An example of a company that uses open source firmware is Canyon. I've had one for a couple of years now. I got the first hardware revision, so I haven't been able to upgrade my firmware to the latest, but my model is still manufactured, albeit in a later hardware revision and the firmware is open source. Works like a charm.

  • by chronopunk (1400951) on Wednesday November 05, 2008 @08:20PM (#25653797)
    This is the original poster. I did a firmware upgrade from withing the router setup page not by downloading it from their website.
  • Re:D-Link (Score:4, Informative)

    by thogard (43403) on Wednesday November 05, 2008 @08:25PM (#25653869) Homepage

    Better firmware is only part of the problem.

    As a member of Melbourne Wireless [wireless.org.au] where we have lots of cheap wireless routers, I can say the best consistent brand of low end routers is ASUS. I expect they are the OEM for many of the early versions of other routers as well based on looking at the insides.

  • Re:D-Link (Score:2, Informative)

    by Anonymous Coward on Wednesday November 05, 2008 @08:40PM (#25654083)

    As a tech support worker for a very large ISP I can say that all the end-user brands have shit models, and decent models.

    It really is back and forth. Usually one company will have a crap model run or version, or a shitty firmwware.
    A few months later the other company does something that blows chunks.
    Either way I get a lot of idiots on the phone with router problems, and no one end-user brand is any better than the rest.

    I will say, however, the following:
    Netgear sucks ass, period. If yours works then congrats.
    Linksys is really hit/miss depending on the model and version. Some of them are rock-solid and run cool, others will heat up badly. I think it's a quality control issue, but they do tend to sell more junk hardware to big box stores like WalMart.
    It also depends on what function you enable. If you are using it as a switch with NAT, most of them aren't too bad. Start turning on the rest of the firmware features and then things change, again the model & version make more difference than the manufacturer.
    D-link generally does ok, same with belkin, but both of them have turds too. But if you really want a decent router you need to look into the $200 and above price range to start off with.

    If you have a choice between a Sonicwall and a Cisco, get the Cisco. Sonicwall is the cheap end of the business market, we see problems with them in our business groups quite often, but the other corporate-grade routers like Cisco, Juniper, and Pix are generally rock-solid. And get a UPS, I see more routers get bricked from bad power than anything else.

  • by synthesizerpatel (1210598) on Wednesday November 05, 2008 @08:49PM (#25654199)

    Thirded. I just completed a project that cost about $8k dollars by rolling a customized OpenWRT/DD-WRT setup that includes 802.1q VLANs (no wonky iptables junk to seperate networks), 802.1x with authentication against ActiveDirectory, public and private SSIDs available from a single access point, the list goes on.

    OpenWRT is enterprise wireless firmware for free that runs on home consumer priced hardware, making it enterprise quality hardware. (Although lacking POE)

    My company was going to spend about $75k on a comparable solution from Aruba and I was able to squeeze out every single feature they offer from OpenWRT. So instead of $75k, we're spending $4,500 for the same feature set. Not bad.

    So, while D-Link's own firmware is goofy, if you just buy their box and wipe it it you'll be saving yourself money in the long run.

  • by HTH NE1 (675604) on Wednesday November 05, 2008 @09:02PM (#25654377)

    Ah, I found one. The Risks Digest, Volume 16: Issue 55, Weds 9 November 1994 [ncl.ac.uk]. The relevant section is reprinted below for preservation's sake, edited only for spelling ("entirity"), converting asterisk-marked text to strong text, formatting, block quoting, and adding links.

    Hardware-borne Trojan Horse programs
    Chris Tate <FIXER@FAXCSL.DCRT.NIH.GOV [nih.gov]>
    Tue, 8 Nov 1994 12:34:36 -0500 (EST)

    I had an unpleasant experience this past weekend, and I imagine some other readers of RISKS [wikipedia.org] will find it interesting.

    I recently purchased an Apple [wikipedia.org] Macintosh [wikipedia.org] computer at a "computer superstore [wikipedia.org]," as separate components - the Apple CPU, and Apple monitor [wikipedia.org], and a third-party [wikipedia.org] keyboard [wikipedia.org] billed as coming from a company called Sicon.

    This past weekend, while trying to get some text-editing work done, I had to leave the computer alone for a while. Upon returning, I found to my horror that the text "welcome datacomp" had been inserted into the text I was editing. I was certain that I hadn't typed it, and my wife verified that she hadn't, either. A quick survey showed that the "clipboard" (the repository for information being manipulated via cut/paste operations) wasn't the source of the offending text.

    As usual, the initial reaction was to suspect a virus [wikipedia.org]. Disinfectant [wikipedia.org], a leading anti-viral application for Macintoshes, gave the system a clean bill of health; furthermore, its descriptions of the known viruses (as of Disinfectant version 3.5, the latest release) did not mention any symptoms similar to my experiences.

    I restarted the system in a fully minimal configuration, launched an editor, and waited. Sure enough, after a (rather long) wait, the text "welcome datacomp" once again appeared, all at once, on its own.

    As a next step, I contacted John Norstad, the author of Disinfectant, and one of the international response team for dealing with new Macintosh virus sightings. Very promptly I received a response, which I shall quote here in its entirety (it's brief):

    Yes, we have heard of this. It's a practical joke [wikipedia.org] in the ROM [wikipedia.org] code [wikipedia.org] in some third-party keyboards. The only solution is to get your bad keyboard replaced.

    I was furious. Apparently there are hardware products on the market which have embedded "Trojan Horses [wikipedia.org]," programs which affect the operation of the system without the user's consent (or knowledge!).

    I have returned the keyboard to the store where I purchased it, and I plan to contact Sicon about the problem. The potential for abuses in computer systems here is apparent, especially when the system involves "intelligent" peripherals [wikipedia.org] - such as many popular types of disk drive [wikipedia.org], Apple Desktop Bus [wikipedia.org] devices (such as the offending keyboard), and so forth.

    John Norstad informs me that he has little knowledge of the extent of this particular problem, other than the fact that he has received quite a bit of mail from people who have been bitten. What is almost

  • by Veggiesama (1203068) on Wednesday November 05, 2008 @09:37PM (#25654809)

    Meh. I bought a WRT-54 from the store because I read about how great a product it was, took it home, set it all up... then found out it was a "new and improved" model that had scaled back the onboard RAM so much that installing open-source firmware proved to be impossible. And it's not possible to know what version-model you've purchased until you break open the theft-proof box and look at the label, either. Unfortunately I did not have the luxury to purchase a used box or find the GL model online, but nonetheless I was highly dismayed to find out that my later model had less than half the RAM of earlier models [wikipedia.org].

    I took it back and decided not to skimp out by spending a mere $80 on a router. So I bought a DIR-655 for around $120 because of all the great reviews it was receiving.

    *sigh*

    To be fair, the DIR-655 has served me QUITE well. The QoS feature is reason alone to justify the extra cost.

    Simple solution to this firmware update, which applies to ALL firmware, regardless of hardware: if it ain't broken, don't patch it.

  • Re:Why... (Score:3, Informative)

    by hairyfeet (841228) <bassbeast1968@ g m a i l.com> on Wednesday November 05, 2008 @09:47PM (#25654935) Journal

    Nope. Working PC Repair I've seen more dead D-Links than any other brand. If you are just wanting cheap I'd suggest either TrendNet or ZoneNet. I've bought and installed several for customers and they seem to run well and are easy to manage. I am currently typing this on a TrendNet I bought to set up the boys their own network so they can game and share files with each other and after a $10 rebate the thing was only $9! Runs quite well. Now if you are wanting one for tweaking or running a customized Linux on I'd suggest a Linksys WRT54GL(just make sure you don't get the GS by mistake) so you can run DD-WRT. But after tossing one too many D-links I try to avoid them whenever possible,and stunts like this just make me really glad I do.

    And as for those that just say disable updates? What if they come out with another DNS or other security hack that REQUIRES you to update your firmware? I don't like the idea of either get crapwared or risk being hacked. With the TrendNet and ZoneNet routers they take a little longer to get firmware updates,but so far every update I've ever run from them has been just that,an UPDATE. Which either gave the router new functionality or closed security holes,but never any crapware from them,knock on plastic.

  • Re:Why... (Score:3, Informative)

    by Fulcrum of Evil (560260) on Wednesday November 05, 2008 @09:49PM (#25654955)
    damn straight. I went from resets every 2 days to rsets every 2 months - it just chugs along. The thing that really killed my linksys gear was bittorrent - something about huge numbers of remote connections.
  • by TheSHAD0W (258774) on Wednesday November 05, 2008 @10:04PM (#25655107) Homepage

    http://www.dd-wrt.com/wiki/index.php/Installation [dd-wrt.com]

    Some of the WRT300N and WRT600N models are usable.

  • Phonehome goodness (Score:4, Informative)

    by wirelessfreek (1326273) on Wednesday November 05, 2008 @10:23PM (#25655303)
    I have the DIR-625 and have tested out the Secure-Spot (3.06) firmware and even when its disabled it still phones-home and uses an SSL connection. Naturally you can not issue it a fake certificate to see what its really sending back. Test setup: 2 Routers, Favorite ARP spoofing program and a Network Protocol Analyzer (I use Wireshark) and watch the fun when you power on your D-Link router.
  • Re:Why... (Score:4, Informative)

    by philspear (1142299) on Wednesday November 05, 2008 @10:32PM (#25655389)

    What are we becoming? Now every sleazy behaviour is ok as long as you can opt-out? That hasn't worked for spam for the past 20 years, has everyone suddenly got a learning disorder?

    Just to point out, if you RTFP (post) mattytee doesn't say it's ok, he says it's "hinky." Which might NOT mean okay. I admit, I don't know what it ACTUALLY means, so it might mean "good." I don't think I'd enjoy being called "hinky" so it doesn't sound like he's saying "You can opt out, so it's cool."

  • by moxley (895517) on Wednesday November 05, 2008 @10:51PM (#25655579)

    I have this router and it's worked really well - has been very stable and has a whole lot of really nice features - I do a lot of remote stuff both ways too and from work - not to mentioned bittorrent and binaries, webcams. Never have a problem, never have to reboot it.

    Additionally the router has a feature that can email you when a new update comes out, the download page had a link for 1.21 with securespot and 1.21 without - I checked out what it was and decided against it. As others have mentioned. Below is the link I used:

    ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_firmware_121_no_securespot.zip [dlink.com]

    I agree with how most people feel, that they need to be a little more upfront - a lot of the people here aren't going to want that feature - however, there are some people who may - among other things I think it has parental controls, it's like websense for the home user.

    When you're updating the firmware on any device and not paying attention to the changes and what they actually do you're going to end up getting fucked, - especially when it comes to consumer home devices like these.

  • by ibbey (27873) on Wednesday November 05, 2008 @11:00PM (#25655669) Homepage

    It would not be normal to expect entirely new features to be installed

    Oh, it wouldn't, eh?

    iPhone users, you hear that? You should be pissed at Apple for adding new features to your phone. How dare they try to make you experience better. Same for you Tivo users, and early adopters everywhere. Tell the companies: I bought your product when it sucked, and I LIKE it that way. STOP TRYING TO MAKE MY EXPERIENCE BETTER!

    I'm sorry, but you're an idiot. Firmware upgrades frequently add new features, and if those features are intended to make you internet connection more secure, then it is ABSOLUTELY reasonable for them to be added. I agree that the way D-Link handles the process (assuming that it is really the way it's described in the article) is bad, but the mere addition of the feature isn't. Criticize them all you want for their nagware, but don't be an idiot and complain that just because they are trying to add new features to their products they are somehow a bad company.

  • by synthesizerpatel (1210598) on Wednesday November 05, 2008 @11:05PM (#25655729)

    I should note, $4.5k in hardware costs, $3.5k in development time to get it all dialed in right. :D

    As well, the hardware in question was DIR-330's, which are roughly $95-100 off the shelf.

  • Re:Why... (Score:3, Informative)

    by Chris Pimlott (16212) on Wednesday November 05, 2008 @11:38PM (#25656025)

    BitTorrent is usually the culprit for random router slugginess. Here's the instructions for solving it in DD-WRT by increasing the max connections. [dd-wrt.com]

  • by russotto (537200) on Thursday November 06, 2008 @12:06AM (#25656279) Journal

    If true, that's the end of D-Link. We would never buy from them again.

    Funny, Belkin still seems to be around.

  • by bhtooefr (649901) <bhtooefr&bhtooefr,org> on Thursday November 06, 2008 @12:20AM (#25656387) Homepage Journal

    I've actually dealt with a D-Link USB WiFi adapter that the USB connector wasn't soldered to the board.

    It's a wonder the thing even worked at first without giving the user a problem. (Five minutes later, after the user complained, it was working fine... but it didn't work for long.)

  • by WK2 (1072560) on Thursday November 06, 2008 @12:28AM (#25656443) Homepage

    I bought a WRT54GL just a few months ago, and installed DD-WRT on it. It's OK, although DD-WRT has some issues. Nothing worth singing about. The hardware is only "antiquated" in that it has twice the RAM and Flash storage as newer, cheaper devices.

    And I totally agree about only buying routers that can run opensource firmwares.

  • by ewhac (5844) on Thursday November 06, 2008 @01:58AM (#25657167) Homepage Journal
    Belkin pulled this exact same crap back in the 2002/2003 timeframe, and got thoroughly and properly flayed alive for it. They quickly published an update that removed the "feature," but the fact that the "feature" got all the way through marketing, management, software development, and QA told me that everyone in that company was asleep at the switch, and Belkin got put on my shitlist. I won't even buy their cables anymore if I can avoid it.

    Now I get to add DLink to the same list. Unless and until DLink issues a public apology and shows contrition for this, there they shall stay, alongside Belkin.

    Schwab

  • Re:Why... (Score:4, Informative)

    by scotsghost (1125495) on Thursday November 06, 2008 @03:42AM (#25657801) Journal

    hinky: 1) Something as yet undefinable is wrong, out of place; not quite right; 2) "I've a bad feeling about that": something out of whack, wrong, off-kilter; 3) a state of being vaguely suspicious.

    source: http://www.urbandictionary.com/define.php?term=hinky [urbandictionary.com]

    this definition fits my previous (vague, contextual) knowledge of the term. some uses color towards sleazy, some towards kludgy; but they all have the general sense of something suspicious in some way.

  • Re:Why... (Score:2, Informative)

    by azemute (890775) on Thursday November 06, 2008 @10:15AM (#25660399) Homepage
    WRT54G isn't *really* a comparable device. It lacks both gigabit ethernet as well as Wireless-N [draft2] support. Don't get me wrong, I love the WRT54 series, but you may as well compare apples to apples.

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.

Working...