Forgot your password?
typodupeerror
Networking Businesses Technology

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection 428

Posted by timothy
from the not-polite dept.
chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"
This discussion has been archived. No new comments can be posted.

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

Comments Filter:
  • Why... (Score:3, Insightful)

    by mewshi_nya (1394329) on Wednesday November 05, 2008 @05:47PM (#25652055)

    Is this even legal? This is my device; if it does something I don't like, and can't disable it, that seems like an attack on my rights; to do it to sell ads... that's just low, D-Link!

    • Re:Why... (Score:5, Informative)

      by matthewncohen (1166231) on Wednesday November 05, 2008 @05:51PM (#25652165)
      You have to manually upgrade the firmware and going back to plan old 1.20 is exactly the same process. It's not exactly hard to "disable". I have this router and also recently updated my firmware but I have not encountered this yet...
      • by Anonymous Coward on Wednesday November 05, 2008 @06:41PM (#25653223)
        If true, that's the end of D-Link. We would never buy from them again.

        Why are marketing people allowed to destroy companies? Then they go to a new company and do it again.
      • Re: (Score:3, Insightful)

        by Golddess (1361003)

        You have to manually upgrade the firmware and going back to plan old 1.20 is exactly the same process.

        Which raises the question, if you didn't know it was going to do this (because lets face it, who would honestly expect this to have happened before now?), and instead of hijacking google.com, it hijacks the D-Link page where you could download the previous version that you just overwritten, with a link to "pay us money and you can download a fixed version 1.21", what then?

    • Re:Why... (Score:5, Informative)

      by mattytee (1395955) on Wednesday November 05, 2008 @05:52PM (#25652191) Homepage
      If you RTFA, you'll see that you CAN disable it.

      Still pretty hinky, though.
      • Re:Why... (Score:5, Interesting)

        by Anonymous Coward on Wednesday November 05, 2008 @06:56PM (#25653449)

        What's annoying with things like this (and others) is that it just gets in the way and obstructs your work.

        I choose things based on their lack of snarkiness. I don't want a Windows PC full of crapware. I'd rather just pay the manufacturer a few extra bucks to cover the loss of crapware kickbacks. I used to run an AV, but occassionally, it would bring up a message telling me I wasn't fully protected because I wasn't running their antispam (despite running Thunderbird). When my renewal came up, I chose another company, and I told them that this was one of the reasons.

      • Re:Why... (Score:5, Funny)

        by Khyber (864651) <techkitsune@gmail.com> on Wednesday November 05, 2008 @07:19PM (#25653783) Homepage Journal

        whether or not we CAN disable it is moot - there's law regarding redirects without permission. I just can't find the damned thing, but I know it's there having read it here on slashdot.

      • Re:Why... (Score:5, Insightful)

        by Tom (822) on Wednesday November 05, 2008 @08:12PM (#25654515) Homepage Journal

        If you RTFA, you'll see that you CAN disable it.

        What are we becoming? Now every sleazy behaviour is ok as long as you can opt-out? That hasn't worked for spam for the past 20 years, has everyone suddenly got a learning disorder?

        The default behaviour of absolutely everything that's not a requested feature has to be opt-in.

        Opt-out is not good enough. I thought we'd learnt that by now.

        • Re:Why... (Score:4, Informative)

          by philspear (1142299) on Wednesday November 05, 2008 @09:32PM (#25655389)

          What are we becoming? Now every sleazy behaviour is ok as long as you can opt-out? That hasn't worked for spam for the past 20 years, has everyone suddenly got a learning disorder?

          Just to point out, if you RTFP (post) mattytee doesn't say it's ok, he says it's "hinky." Which might NOT mean okay. I admit, I don't know what it ACTUALLY means, so it might mean "good." I don't think I'd enjoy being called "hinky" so it doesn't sound like he's saying "You can opt out, so it's cool."

        • Re:Why... (Score:5, Interesting)

          by theshowmecanuck (703852) on Wednesday November 05, 2008 @11:50PM (#25656649) Journal
          A number of years ago in Canada, the cable companies started 'giving away' literally everyone in the country a month of viewing on any new speciality channel that came up. Then when the month was over they would start charging you for it. You had to 'opt out' at the end of the month if you didn't want it. So, you would get the trial without asking and then they would start charging you without asking. There was a HUGE outcry and the government quickly stepped in and put a stop to it, making the 'opt out or be charged' practice illegal... at least for cable companies.
      • by lpq (583377) on Thursday November 06, 2008 @03:23AM (#25658017) Homepage Journal

        Regardless of whether or not you can disable it, unless it was an *advertised* feature -- if it redirected you to a fake, substitute website that was other than the website you _thought_ you were going to, isn't that evidence of an unauthorized invasion and hack of the device to introduce a 3rd-party, fraudulent, redirection mechanism that can potentially be used not only by D-Link, but also by a cracker attempting a phishing exploit?

        In the US, the unauthorized addition of redirection software to a hardware device (which itself would probably qualify as a small computer), with the right lawyer or prosecutor, could result in jail time for the perp, or, if it's a corporation, probably a bonus for the project manger. ;^/

    • Re:Why... (Score:5, Interesting)

      by TheRealMindChild (743925) on Wednesday November 05, 2008 @05:52PM (#25652197) Homepage Journal
      Probably not. But what are you going to do about it? After enough stink, there will likely be a class action suit. No one that has been wronged will get real resolution (maybe a coupon for a new D-link model router for their trouble!). The amount paid out by D-Link will be less than the profit they get from these things. Business as usual.

      The only solution is to burn the place down or kill a few key people, then let them all know why. But no one is going to throw their life away on a bad router purchase.
      • Re:Why... (Score:5, Funny)

        by speeDDemon (nw) (643987) on Wednesday November 05, 2008 @06:17PM (#25652793) Homepage
        "The only solution is to burn the place down or kill a few key people, then let them all know why."

        If only revolution was not such an outdated ideal.
      • Re:Why... (Score:5, Funny)

        by cjb658 (1235986) on Wednesday November 05, 2008 @06:51PM (#25653369) Journal

        Damn, and I thought D-Link was one of the better companies to buy a router from.

        • Re:Why... (Score:5, Insightful)

          by Anonymous Coward on Wednesday November 05, 2008 @07:16PM (#25653737)

          Hell NO. They're absolute garbage! I've seen more fried D-Link routers than every other brand combined. I'd sooner buy any other no-name brand for *more* money. Plus, they've been doing "evil" stuff like that for ages -- not long ago they were hammering a tier-1 NTP server with their firmware (and the poor guy was footing the bill for them on his own). Their garbage is best avoided.

          You want a good router? Get a Linksys WRT54GL (that is NOT the G or GS). Then put tomato on it or DD-WRT (they're Linux distros). Then setup opendns and all that in it too. Best router you can get under $500 perhaps (short of a specialized/fancy cisco router that runs IOS and is easy to mis-configure, an expensive specialized routerboard, or power-hungry computer with moving parts...)

        • Re: (Score:3, Informative)

          by hairyfeet (841228)

          Nope. Working PC Repair I've seen more dead D-Links than any other brand. If you are just wanting cheap I'd suggest either TrendNet or ZoneNet. I've bought and installed several for customers and they seem to run well and are easy to manage. I am currently typing this on a TrendNet I bought to set up the boys their own network so they can game and share files with each other and after a $10 rebate the thing was only $9! Runs quite well. Now if you are wanting one for tweaking or running a customized Linux o

      • Re:Why... (Score:5, Funny)

        by TheGratefulNet (143330) on Wednesday November 05, 2008 @06:53PM (#25653403)

        The only solution is to burn the place down or kill a few key people, then let them all know why. But no one is going to throw their life away on a bad router purchase.

        that's the problem with the youth today, no commitment to principles.

    • Re:Why... (Score:4, Interesting)

      by orclevegam (940336) on Wednesday November 05, 2008 @05:52PM (#25652211) Journal
      If you RTFA it is something you can disable (at least according to the D-Link rep, I don't actually own one of these). It sounds like he's ticked off because it was slipped in with the firmware upgrade, enabled by default, and if you're not technically inclined you'd probably not realize what was causing the hijacking. It is a scummy thing to do, but hardly illegal, and it's being made out to be a lot worse than it actually is. Had it been disabled by default, or perhaps included instructions on the site it directs you to on how to disable it then it wouldn't be an issue.
      • Re:Why... (Score:4, Funny)

        by Lazy Jones (8403) on Wednesday November 05, 2008 @06:09PM (#25652627) Homepage Journal

        If you RTFA it is something you can disable

        Since when do we need to RTFM for consumer products like a WLAN router? It's not something complicated like a microwave oven where you need warning labels telling you not to dry your pet in it...

        • Re: (Score:3, Funny)

          by Anonymous Coward

          Oh shit, I didn't read those warnings.... FLUFFY!!! NOOOOOOOOOOoooooooo.....

          • Re: (Score:3, Funny)

            by Anonymous Coward

            Oh shit, I didn't read those warnings.... FLUFFY!!! NOOOOOOOOOOoooooooo.....

            There's no need to blame yourself. I've come to help you avenge your cat. [poetv.com]

      • Re:Why... (Score:4, Interesting)

        by TheMCP (121589) on Wednesday November 05, 2008 @07:50PM (#25654209) Homepage

        I think it's quite arguable that it's "hardly illegal". You could say that they're fraudulently claiming that the object they're selling is a "router" when in fact it's an "advertising machine". Or you could say that by hijacking the DNS for google, they are fraudulently making it appear that google is endorsing their software.

        Of course, the real solution is to never buy a d-link product. Haven't there been enough issues with them reported here over the years to scare away a responsible technician?

      • Re: (Score:3, Interesting)

        by DoofusOfDeath (636671)

        It is a scummy thing to do, but hardly illegal,

        Actually, could it be considered fraudulent? They intentionally did something that made the product somewhat not fit for use, because in certain cases it's actually not a correct router.

        Alternatively, Google might have a trademark claim or unfair competition claim against D-Link, because of the surreptitious redirect.

    • Re:Why... (Score:5, Insightful)

      by elrous0 (869638) * on Wednesday November 05, 2008 @05:52PM (#25652221)
      Legal? yes. Ethical? no. Tolerated by your customers? Hell no.
    • From The FA (Score:3, Informative)

      by Blue Stone (582566)

      >You can disable this feature by logging into the router and clicking the Advanced Tab and Secure Spot on the left side.

      >D-Link Customer Service

      Unethical to enable it by default and not tell the customer about it *until* it hijacks the connection (if you ask me) but easily disabled apparently.

    • Re: (Score:3, Insightful)

      by zappepcs (820751)

      Who cares particularly if it is legal or not. What you SHOULD be worrying about is how easy would it be for such a company to take a handsome bribe to allow others to hijack your connection via their firmware/router?

      Vyatta anyone? http://www.vyatta.com/ [vyatta.com]

      I think it's about time for some serious F/OSS hardware and firmware to replace what was once thought safe and sound from hacking and such.

  • Well.... (Score:5, Funny)

    by Fluffeh (1273756) on Wednesday November 05, 2008 @05:51PM (#25652175)
    Well, I for one welcome our new SUBSCRIPTION REQUIRED overlords!

    Please click here to renew subscription!
  • Huh? (Score:4, Informative)

    by Ritz_Just_Ritz (883997) on Wednesday November 05, 2008 @05:52PM (#25652189)

    I've been using rev1.21 for a few weeks now and I haven't seen this behavior at all.

    Wednesday, November 05, 2008 5:51:22 PM

    Firmware Version : 1.21, 2008/09/11

    *shrug*

  • by dmomo (256005) on Wednesday November 05, 2008 @05:52PM (#25652201) Homepage

    Before installing the new firmware, are you asked if this is Okay? If not, do they make it clear how it can be disabled?

    I am now reluctant to upgrade my DLink firmware. Is it's easy and clear that one can opt out.

  • Thank you! (Score:4, Insightful)

    by Per Wigren (5315) on Wednesday November 05, 2008 @05:54PM (#25652267) Homepage

    Thank you so much for the warning! I'll stay on 1.20 then and my next router certainly won't be a D-link.

  • by dr_wheel (671305) on Wednesday November 05, 2008 @05:55PM (#25652299)

    I helped my father-in-law purchase a wireless router for his home and set it up for him recently. I was rather surprised when I updated the firmware and was then greeted by spam upon opening a web browser. I have to say that I'm really disappointed by d-link on this one. Here's to hoping that the backlash is enough to make them reconsider doing this type of stuff again.

    Generally speaking, I'm a fan of their networking equipment (own a dgl-4300 that I'm very happy with myself), but if this is the direction that they are going in, I won't be buying or recommending their stuff anymore. I plan on e-mailing them and telling them I am unhappy with their practices.

  • Cheers! (Score:4, Funny)

    by Sasayaki (1096761) on Wednesday November 05, 2008 @05:56PM (#25652319)

    Won't be buying any more Dell hardware for a while!

  • by KoD7085 (1357011) on Wednesday November 05, 2008 @05:57PM (#25652335)
    I haven't upgraded to 1.21; however, the reason was when 1.21 first dropped it had SecureSpot. Now I found this out by reading the information on 1.21 so I didn't download and install it. They now (and have for some time) offer 1.21 without SecureSpot; perhaps you should download and install that.
  • by Anonymous Coward on Wednesday November 05, 2008 @06:09PM (#25652613)

    Back in 2003 Belkin introduced a router that periodically redirected HTTP connections to advertise its own software:
        Help! my Belkin router is spamming me [theregister.co.uk]

    Some commentary:
        Ease-of-use or marketing-driven sabotage: Does your hardware's software do only what you expect of it? [ibm.com]

  • by alanw (1822) <alan@wylie.me.uk> on Wednesday November 05, 2008 @06:09PM (#25652625) Homepage

    Here's [theregister.co.uk] an old article about Belkin doing a very similar thing:

    Belkin, the consumer networking and connectivity firm, has promised customers a firmware upgrade to disable a controversial 'spamming' feature built into its routers.

    As first reported on The Reg last week, the feature hijacks random HTTP requests every eight hours and redirects users to a page advertising Belkin's parental control software. There is an opt-out link but that failed to appease Net users who accused Belkin of creating a new mechanism for spam.

  • D-Link (Score:4, Insightful)

    by LordKaT (619540) on Wednesday November 05, 2008 @06:14PM (#25652717) Homepage Journal

    I've owned several D-Link routers, either through no fault of my own or pressed for time and had to buy it. In all of the years I've had to deal with them, I've learned this:

    D-Link is Shit. Buy Linksys.

  • by Chas (5144) on Wednesday November 05, 2008 @06:20PM (#25652853) Homepage Journal

    After massive amounts of pain with consumer/prosumer-grade (many of the D-Link) routers in the past two years, I finally dropped real money for a real broadband router earlier this year. So far, I've had months and months of trouble-free service.

    Now I start hearing crap like this. Makes me even MORE thankful I bit the bullet.

    Also "you can turn it off!" apologists? WHY IT IS ON BY DEFAULT? Moreover, tell that to some luddite who barely understands how to boot his computer.

    • Re: (Score:3, Insightful)

      by aztracker1 (702135)
      While I agree with your sentiment, said Luddite probably won't be updating his own firmware. Personally I think it's a horrible action, but am already a bit pissed off with D-Link hardware.. so doesn't surprise me.
  • So much for D-Link (Score:5, Insightful)

    by Iphtashu Fitz (263795) on Wednesday November 05, 2008 @06:23PM (#25652915)

    Even if there's an option to disable this, the fact that it seems to be enabled by default is enough for me. D-Link from this point on will never be on my list of vendors when looking for networking gear.

  • Idiots... (Score:5, Insightful)

    by geminidomino (614729) * on Wednesday November 05, 2008 @06:25PM (#25652957) Journal

    Apparently they didn't learn from the shitstorm that hit belkin when they did the exact same thing years ago.

    Another vendor goes down the tubes...

  • Simple solution... (Score:5, Informative)

    by Guspaz (556486) on Wednesday November 05, 2008 @06:28PM (#25653005)

    Only buy home routers that can run opensource firmwares. I'm quite happy with my WRT54GL, although the hardware is a bit antiquated at this point.

    • Re: (Score:3, Interesting)

      by Eil (82413)

      My WRT54GL is likewise running just fine. It has OpenWRT which has has no hijacking feature that I'm aware of.

      I'm curious, though, how is the hardware on these antiquated? They really just route ethernet and wifi packets and that's it. Some people are making robots out of them. The last benchmarks that I saw had these things slinging 30Mbits/sec and I know everyone's broadband speed hasn't quadrupled since the WRT came out.

    • Re: (Score:3, Informative)

      by WK2 (1072560)

      I bought a WRT54GL just a few months ago, and installed DD-WRT on it. It's OK, although DD-WRT has some issues. Nothing worth singing about. The hardware is only "antiquated" in that it has twice the RAM and Flash storage as newer, cheaper devices.

      And I totally agree about only buying routers that can run opensource firmwares.

  • Google Should Sue (Score:5, Interesting)

    by Nom du Keyboard (633989) on Wednesday November 05, 2008 @06:40PM (#25653213)
    This cannot be allowed to go unpunished. Google should sue since it was their domain name that was hijacked and a clear attack on their business.

    Google should sue because they have lots of high-priced lawyers and can really make DLink regret this.
  • Ugh. Why? (Score:3, Insightful)

    by ohtani (154270) on Wednesday November 05, 2008 @06:52PM (#25653379) Homepage

    So let's see, Linksys makes generic crap. I'm not completely impressed with my NETGEAR device so I don't think they're that great either. Don't even get me started on how bad Belkin's stuff was. D-Link sounded good, but now this?

    NOW what do we go with?

    I do agree it's not a HUGE issue since it's able to be disabled, but it's still not good that it's an opt in thing. I'd be buying a piece of hardware to connect to the Internet. NOT a subscription service. It may be good for those not comfortable with computers, but still, not so comfortable with those that DO understand them.

  • it's not illegal... (Score:3, Informative)

    by roc97007 (608802) on Wednesday November 05, 2008 @06:55PM (#25653429) Journal

    ...but dlink just fell off my vendor list.

  • by Duncan Blackthorne (1095849) on Wednesday November 05, 2008 @07:17PM (#25653755)
    Sounds like a prime example of what happens when salespeople get too much of a say in the development process. Wonder if they made them back-burner fixing actual bugs and security holes in favor of adding adware like this?
  • by chronopunk (1400951) on Wednesday November 05, 2008 @07:20PM (#25653797)
    This is the original poster. I did a firmware upgrade from withing the router setup page not by downloading it from their website.
  • DIR-655 (Score:3, Interesting)

    by bpsbr_ernie (1121681) on Wednesday November 05, 2008 @08:09PM (#25654465) Homepage
    This firmware has been in beta for almost 2 years. It adds the SecureSpot feature which allows for web filtering. The idea with the splash page is to allow the users to immediately decide whether they want the feature enabled or not. So, I install a new DIR-655 router, my kids are immediately blocked from all internet access. If I decide to disable it, suddenly everyone can get to their favorite porn website. If I turn it on, I now have parental controls and the kids can only get to the sites/categories I approve. Is it really that bad they they are forcing you to "choose whether you want the feature on or off?" Maybe they could have disabled it by default, but those that want the feature, may never realize its there.
  • Phonehome goodness (Score:4, Informative)

    by wirelessfreek (1326273) on Wednesday November 05, 2008 @09:23PM (#25655303)
    I have the DIR-625 and have tested out the Secure-Spot (3.06) firmware and even when its disabled it still phones-home and uses an SSL connection. Naturally you can not issue it a fake certificate to see what its really sending back. Test setup: 2 Routers, Favorite ARP spoofing program and a Network Protocol Analyzer (I use Wireshark) and watch the fun when you power on your D-Link router.
  • by moxley (895517) on Wednesday November 05, 2008 @09:51PM (#25655579)

    I have this router and it's worked really well - has been very stable and has a whole lot of really nice features - I do a lot of remote stuff both ways too and from work - not to mentioned bittorrent and binaries, webcams. Never have a problem, never have to reboot it.

    Additionally the router has a feature that can email you when a new update comes out, the download page had a link for 1.21 with securespot and 1.21 without - I checked out what it was and decided against it. As others have mentioned. Below is the link I used:

    ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_firmware_121_no_securespot.zip [dlink.com]

    I agree with how most people feel, that they need to be a little more upfront - a lot of the people here aren't going to want that feature - however, there are some people who may - among other things I think it has parental controls, it's like websense for the home user.

    When you're updating the firmware on any device and not paying attention to the changes and what they actually do you're going to end up getting fucked, - especially when it comes to consumer home devices like these.

  • by ChameleonDave (1041178) on Wednesday November 05, 2008 @10:23PM (#25655863) Homepage
    What annoys be about my D-Link DSL-504T router is that although it runs some sort of customised GNU/Linux (I did "ssh admin@10.1.1.1" and had a look inside), their documentation and website make not the slightest mention of this, let alone make the source code available.
  • by ewhac (5844) on Thursday November 06, 2008 @12:58AM (#25657167) Homepage Journal
    Belkin pulled this exact same crap back in the 2002/2003 timeframe, and got thoroughly and properly flayed alive for it. They quickly published an update that removed the "feature," but the fact that the "feature" got all the way through marketing, management, software development, and QA told me that everyone in that company was asleep at the switch, and Belkin got put on my shitlist. I won't even buy their cables anymore if I can avoid it.

    Now I get to add DLink to the same list. Unless and until DLink issues a public apology and shows contrition for this, there they shall stay, alongside Belkin.

    Schwab

Moneyliness is next to Godliness. -- Andries van Dam

Working...