Intentional Backdoor In Consumer Routers Found

New submitter janoc (699997) writes about a backdoor that was fixed (only not). "Eloi Vanderbeken from Synacktiv has identified an intentional backdoor in a module by Sercomm used by major router manufacturers (Cisco, Linksys, Netgear, etc.). The backdoor was ostensibly fixed — by obfuscating it and making it harder to access. The original report (PDF). And yeah, there is an exploit available ..." Rather than actually closing the backdoor, they just altered it so that the service was not enabled until you knocked the portal with a specially crafted Ethernet packet. Quoting Ars Technica: "The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware ... Because of the format of the packets—raw Ethernet packets, not Internet Protocol packets—they would need to be sent from within the local wireless LAN, or from the Internet service provider’s equipment. But they could be sent out from an ISP as a broadcast, essentially re-opening the backdoor on any customer’s router that had been patched."

to be expected

[Anonymous Coward]

Rather than actually closing the backdoor, they just altered it so that the service was not enabled until you knocked the portal with a specially crafted Ethernet packet.

Well, somebody paid good money for that backdoor. If Sercomm closed it, they'd have to issue a refund.

Re:intentional back-door?

[gweihir]

No, it just means that if you have one of these devices, then you are fucked.

Re:PLA?

[jrumney]

Worrying about Chinese intelligence being involved because the product is from Taiwan is like worrying that North Korea is spying on you through Samsung products, or Mossad has added miniature tracking devices to gasoline imported from the Middle East.