Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Technology

Backdoor Account Found in D-Link DIR-620 Routers (bleepingcomputer.com) 118

Catalin Cimpanu, writing for BleepingComputer: Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. Discovered by Kaspersky Lab researchers, this backdoor grants an attacker access to the device's web panel, and there's no way in which device owners can disable this secret account. The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface, and hence, reachable from anywhere on the Internet.
This discussion has been archived. No new comments can be posted.

Backdoor Account Found in D-Link DIR-620 Routers

Comments Filter:
  • by Jimbo God of Unix ( 221452 ) on Wednesday May 23, 2018 @10:02AM (#56659354) Homepage

    This is why I will never buy or recommend any router that cannot be flashed/used with OpenWRT/LEDE.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Wednesday May 23, 2018 @10:05AM (#56659378)
    Comment removed based on user account deletion
    • Comment removed based on user account deletion
  • by bobbied ( 2522392 ) on Wednesday May 23, 2018 @10:19AM (#56659448)

    Cannot be flashed with third party firmware. I use OpenWRT and DD-WRT and I *refuse* to buy any consumer router that doesn't have at least a porting effort to one of these third party firmware packages.

    It's not a perfect solution, but it's one heck of a lot better than just trusting the manufacturer to do the right thing and fix their security issues in a timely manner.

    • by gweihir ( 88907 )

      Indeed. And while not perfect, you get updates and patches long-term and you can do thinks yourself if you like.

    • I browse with an extension that shows the flag of the country a site is hosted at [mozilla.org] in the URL bar. I was always nervous about using DD-WRT because for years the site was hosted in China (they changed hosts to Switzerland recently). So you shouldn't automatically trust third party firmware either. And if you're really paranoid you should be downloading source and compiling the firmware yourself. If you can trust that the source code is clean. (For those curious, OpenWRT is hosted in Germany.
  • Not the first time (Score:4, Interesting)

    by klingens ( 147173 ) on Wednesday May 23, 2018 @10:21AM (#56659464)

    Why would anyone still buy anything from D-Link or e.g. Cisco?

    With their stuff, backdoors are not the exception but mandatory feature for every device they sell. 2013, 2016, now.
    https://www.theregister.co.uk/... [theregister.co.uk] DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240" maybe more.
    https://thehackernews.com/2016... [thehackernews.com] DWR-932 B

    So, sure once maybe it's an error or oversight. But the number of backdoors with pretty much all router manufacturers, from low end cheapo consumer D-Link to usurious Cisco plated with gold stuff, shows it's not an oversight but pretty much deliberate. Both manufacturers are only examples here. All of them have similar holes several times over the last few years, repeatedly. Or they are too incompetent to be allowed to design and then sell anything to the public.

    • by gweihir ( 88907 )

      D-Link is a nice base to flash OpenWRT on. No other sane use.

    • by Agripa ( 139780 )

      Why would anyone still buy anything from D-Link or e.g. Cisco?

      Damn if I know.

      I gave up on D-Link more than 10 years ago when they reneged on firmware updates for Wifi security which they said they would support and then their routers just died one after another within a span of months. Since then I have been using the same Slot 1 x86 based FreeBSD router which is going on 20 years old now and has failed once ... when the ice machine upstairs sprung a leak and dripped water into it. And that only knocked it out of operation for 24 hours and 15 minutes of downtime sin

  • they rather you go buy a new D-Link Router, if i had one of these routers i would be sure to buy another brand, but if D-Link quickly made a new firmware and patched my router it would give me confidence in D-Link's attention to detail and would gladly make my next router a D-Link product, (something to think about D-Link people)
    • To be fair to D-Link, that's a really old router that according to the article less than 100 are still being used. But D-Link did say that an update would be provided if an enterprise customer requested it.
    • by Agripa ( 139780 )

      they rather you go buy a new D-Link Router, if i had one of these routers i would be sure to buy another brand, but if D-Link quickly made a new firmware and patched my router it would give me confidence in D-Link's attention to detail and would gladly make my next router a D-Link product, (something to think about D-Link people)

      I am still waiting on the firmware update for my DI-624s with D-Link's promised Wifi security updates. I am sure they will release them any day now; it has only been 15 years.

  • I basically just use an old Dell and threw OpenBSD on it. I have something that is really functional and secure.
  • And this is why I finished with commercial router firmware.

    First Tomato, then dd-wrt, now pfSense on custom hardware.

    • by gweihir ( 88907 )

      As anybody else with a clue is doing as well.

      • by afidel ( 530433 )

        I have a clue, I have managed enterprise class routers and firewalls and been using Linux since 1995, I use a Netgear router at home. Their no cost integration with OpenDNS for content filtering and anti-malware protection is better than any opersource solution I have found. They also continue to provide security updates for years after the device is no longer for sale (previous model was ~8 years old when I replaced it for better WiFi performance, it had had a firmware update about 3 months before I retire

  • I'd like to replace my vendor supplied router with one running open software.

    I'm just not sure which is considered the most current, or the pros and cons of the various distros.
    * DD-WRT
    * OpenWRT
    * Lede
    * Tomato (is that even still around)?
    etc...

    Suggestions? (Maybe I should make this an Ask Slashdot?)

    • by gweihir ( 88907 )

      First, check for patch history to see what is currently maintained. And then select the one of the remaining ones were you like the interface best.

    • DD-WRT is generally pretty solid and is available on a far greater number of routers.

      Tomato is my personal favorite, not the least of which because it does ad blocking at the router level and is a bit better with VLANs than DD-WRT.

      OpenWRT isn't my favorite, but it's gotten a lot better recently. I was particularly happy that it's available for some Cisco Meraki hardware. The least intuitive of the three IMO, but it does the job in lots of cases.

      All of them have upstream updates from within the past three mo

  • "The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface"

    Why would you willingly expose even the most secure login page to the net if you didn't have to? Between bruteforce, backdoor accounts, overflow errors, URL manipulation, and yes, even the dreaded default password,

    tl;dr: Why do you have your admin panel WAN-accessible in the first place? -_-
    • by pnutjam ( 523990 )
      All of those can be mitigated without too much work. Let's no cower under our beds like NRA members.
    • by Agripa ( 139780 )

      Why would you willingly expose even the most secure login page to the net if you didn't have to? Between bruteforce, backdoor accounts, overflow errors, URL manipulation, and yes, even the dreaded default password,

      If you trust the hardware and software, which I would not for any commercial or consumer stuff, then you might expose a secure login to the router so that the firewall rules can be modified to allow incoming connections only from your current IP.

  • They are too good at finding US backdoors in US products.

  • Kaspersky is a shill of the Russian government right?

    We don't trust anything they say!

  • I happen to have an old DIR 620 Router of which I'm locked out ....

Keep up the good work! But please don't ask me to help.

Working...