In December 2013, French security hacker Eloi Vanderbeken uncovered what appeared to be a backdoor programmed into several models of DSL routers. The affected devices were built around hardware manufactured by Taiwanese company SerComm and the finished products came from several well known brands like NetGear, Linksys and Belkin, to name a few. This backdoor allowed anyone with knowledge of the hole and local access to the router (say through a nearby Wi-fi access point) to gain administrative access to the router and could lead to a complete takeover of the network controlled by the device. Now, several months later, this backdoor is not only NOT fixed, but appears to have been purposefully concealed behind the digital equivalent of a secret knock, which once given, opens the backdoor right up to the same level of exploitation as discovered in December.
What this means for you:
If you own a DSL router, you should check this list to see if your model appears on it. If it does, I recommend replacing it immediately. Even if it does not, you should check to see if your router is among the many models that are compromised in other significant ways. If you happen to be among the fortunate that uses a router not on any of these lists, you should still review the security settings and passwords used by the device, and if you don’t know how to program or even access your router, you need to get someone who does to review the device for you. The router is the front door to your home or business network, and you should not trust your security to something that can be easily broken down or opened with a readily available master key.
Image courtesy of creativedoxfoto / FreeDigitalPhotos.net
Several models of popular Linksys-brand routers may impacted by a self-replicating worm that can exploit a security flaw in the router’s programming. The exploit allows attackers to install a worm in the firmware which can lead to further security breaches on any device connected to that router’s network. According to Linksys, this exploit requires that the routers have the “Remote Management” feature enabled on the device, a setting that is disabled by default on Linksys routers. Depending on who set up your router, this setting may have been enabled expressly for remote management purposes, and as such your device is vulnerable to the worm, dubbed “TheMoon”.
What this means for you:
Linksys routers are a popular choice for home and small businesses. Unless you know for certain your router is not a Linksys device, I would put an eyeball on your router and check the make and model against the list below. Your network router is a critical point in your network’s overall security, and a compromised router can lead to a variety of problems and significant invasions of your privacy and safety. Even if your Linksys model is not named below, it’s important to check whether or not “Remote Management” is enabled on your device.
As of now, the following model routers are affected: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N. Linksys hasn’t confirmed whether this list will grow, as it does not want to reveal other models and make them targets for attacks. Until Linksys can patch the loopholes and issue firmware updates the only workaround is to disable the Remote Management feature, install the latest version of the firmware available, and reboot the router to clear any possible worms.