Backdoor Found In TP-Link Routers 197
New submitter NuclearCat writes "Polish security researchers have found a backdoor in TP-Link routers, allowing an attacker to not only gain root access to the local network, but also to knock down the router via a CSRF attack remotely. (Further information — Google translation of Russian original). According to the researchers, TP-Link hasn't yet responded to give an answer about issue. The good news: Users who replaced their TP-Link firmware with Open/DD-WRT firmware can sleep well."
I have to wonder why they bother... (Score:5, Interesting)
Given the relatively dismal reputation of vendor firmware on most routers, and the distinctly limited opportunities for software-differentiation in the 'well, it sits there and makes the internet wireless, right?' networking market, I honestly have to wonder why most vendor firmware isn't just thinly-skinned Open or DD WRT out of the box...
Re:I have to wonder why they bother... (Score:4, Interesting)
Because said vendors are the one that have to provide post sales support. I suppose they could fork Open or DDWRT (if even possible, I haven't checked) and go their own way. It's basically the same argument for why you don't see Linux desktops on the show room floor at your local B&M store.
That's actually the weird thing: If you wanted to extend the router analogy to PCs, you would see Linux desktops on the show floor at the local store; but they would all be running deeply dysfunctional bespoke distros, mostly out of date and broken in various ways, some built from scratch, some based off an elderly version of Redhat, along with the low end machines all running FreeDOS with a bundled program designed to resemble a KDE desktop. You would be justified in asking 'Why the hell didn't they just install debian?'
I'm not imagining that retail routers would be running open-wrt-SVN-Bleeding-edge-UNSTABLE, or ship without some drool-proof web interface that the support guys have a manual for. I just don't understand why(in the presence of free, solid, easily available 3rd party firmware) vendors keep spending on developing in-house or licenced firmware that has all kinds of nasty personality issues, time after time.