Stories
Slash Boxes
Comments

SoylentNews is people

Netgear Hides Router Backdoor Instead of Fixing It

posted by Woods on Tuesday April 22 2014, @11:07PM   Printer-friendly
from the best-fix-ever dept.

omoc writes:

A very recent firmware analysis (PDF) from the reverse engineer Eloi Vanderbeken shows that NETGEAR didn't fix the backdoor on port 32764 but instead implemented a knocking feature that is now required to unlock the service.

Summary from the slides: The knocking feature is initiated when a "packet type == 0x201" arrived at "ft_tool" that listens to the Ethernet packets. It only works with EtherType 0x8888 and the payload has to be "45d1bb339b07a6618b2114dbc0d7783e" which is the MD5-hash of the model number DGN1000. If such a packet arrives, the backdoor service /usr/bin/scfgmgr f- is launched.

Ars Technica reports:

The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. "It's DELIBERATE," Vanderbecken asserted in his presentation.

 
This discussion has been archived. No new comments can be posted.
Netgear Hides Router Backdoor Instead of Fixing It | Log In/Create an Account | Top | 39 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Funny) by Shijiyaku on Wednesday April 23 2014, @01:53PM

    by Shijiyaku (1553) on Wednesday April 23 2014, @01:53PM (#34872)

    Simply put, it's a knock, knock joke that knocks your SOCKS off.

    --
    Born too late for sail;too early for space
    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Total Score:   2