Routers with backdoors ?

Discussion in 'hardware' started by Fly, Jul 14, 2010.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    How many routers have backdoors or similar functionality ?

    The most basic routers are probably safe.

    While attempting to get a *wired* router I ended up buying a Linksys (Cisco!) WRT120N router. I couldn't find what I wanted, was out of patience, tired, and ended up getting this one. 50 euros or something.

    I suppose there were plenty of warnings after I had opened the box ...
    But I rushed through everything. I won't attempt to return it to the shop, maybe I can find a hapless soul willing to pay for it ...

    The router actually seems quite advanced. Quite different from any other router I've used.

    I don't recall the full EULA and similar, but I remember *something like* a backdoor being mentioned. Data being sent and/or the ability by someone (Linksys/Cisco/NSA?) to access the router.

    'network magic' etc. Who would need such a sophisticated router ?
    Maybe a business. That business better not have any American competitors !

    What do you think ? Am I too paranoid ? As a simple home user the security features are total overkill.
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    How long is a piece of string ?

    You think so :eek:


    Paranoid means the fear of something that couldn't happen, so NO you're not. Doesn't mean it will happen, just that it could. Why risk it when people don't have to ;)

    If you use a bidirectional software FW set up correctly, alongside a router, you will be Much more secure :D

    Better still, kick out the router :thumb:
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Check the linked threads, on the balance of probability it is unlikely you need to be paranoid over some backdoor in the router.
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    The 120n is a very basic entry level home grade router from Linksys/Cisco. It's actually just average in features..but for home users, quite sufficient.

    I wouldn't put on the tin foil and worry about "backdoors".
    ISP provided combo modem/routers like in that thread above...yes they have full access to it, after all..we're talking about CPE here (customer premise equipment)...the ISP supplies you with their hardware to give you your internet connection. It's not like you went out and bought your own router and they drilled a backdoor into that.

    With your own purchased routers, general rule of thumb to keep secure...usually keep the firmware updated, change the routers web admin password, make your wireless SSID unique, and secure your wireless with WPA or higher security. Done! Phew..that was tough eh? Now sit back and enjoy.

    For all my clients I always insist on a NAT router at the edge of their network, even if they just have a single PC. Hardware firewall protection from inbound is desired. I will not support PCs that just run a software firewall and they plug directly into a broadband modem sitting on a public IP address.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Couldn't you just use a firmware such as DD-WRT to secure your peace of mind?
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    To some extent it appears to depend on the manufacturer.
    In this case, Cisco. They aquired Linksys some time ago ?

    The new router is not supplied by my ISP.

    It just seems like Linksys is a different kind of animal. Perhaps that has something to do with Cisco ?
    The router appears to be very advanced. Probably why there is a backdoor.

    I just prefer a basic router as a hardware firewall.

    Any other opinions ?
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Maybe. I don't know if that would be enough. When I tried to configure this router it was very different from other routers. I has some kind of auto-configuration. I tried to reconfigure it, but failed. I stopped trying, though.
     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I'm not sure whether this is much of an issue. Anything outside my firewall is the bloody internet, after all. I don't really need to trust the router, as long as it works. I run it in bridged mode, with the firewall in control.

    I did use a laptop to set up the router, but never connect that machine to my network. It's just for travel, and gets connected to all sorts of dodgy things. In any case, there's nada on it except the OS and apps.

    After all, my ISP can see as much about my traffic as they desire, because they're carrying it. If I want something to be private, I'll use OpenVPN.

    Have I missed something?
     
  9. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    3rd party firmware like DD-WRT, and may favorite...Tomato, add features, advanced VPN features and bandwidth settings/traffic shaping/QoS, stuff like that. But security wise..they add nothing to the plate. They still do just NAT, just like the factory firmware.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I guess you missed my point entirely, or didn't bother reading the OP's post. Using a different firmware, especially open source, would secure your peace of mind that there is no backdoor in it.
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    No I didn't, and "how"..unless you wrote the firmware yourself...all yourself, with no help from anyone else...how can you rest assured that there's no backdoor in it?

    I work with DD and Tomato by the dozens all the time, quite familiar with them.

    Next!
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851

    Next.
     
  13. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    http://dronebl.org/blog/8

    Can a routers software or daemons be downgraded to vulnerable versions? e.g. SSH
    Can vulnerable components be upgraded to fixed versions via an update?

    @fly

    WRT120N

    According to DroneBL it is in the family of vulnerable devices.
     
    Last edited: Jul 15, 2010
  14. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Maybe you're right.

    But when I set it up it started some kind of auto-configuration.
    I could try open source firmware. But would that really make a difference ?
    Isn't the risk partly a hardware/firmware or other hardware type of access ?
    BIOS, firmware/software that cannot be changed ?

    I'm no geek and not a nerd. Although I tried to reconfigure it I failed. Maybe the answer is somewhere in the manual ... It would take some time to figure that out.
     
  15. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm sorry, I could not find that reference to the WRT120N, either on DroneBL or the link above. Please clarify ?
     
  16. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    http://www.networkworld.com/news/2007/012307-us-govt-wiretapping-laws-and.html

    It applies to Cisco. But what about a basic router designed in Europe and manufactured in China (Sitecom) ? Yes/no/ how do I figure it out ?

    I haven't seen anything like this even mentioned in the manuals, EULAs or anything like that in any of the other routers I've used in the past. Belkin, Sitecom, Netgear, perhaps others. ASUS router ?
     
    Last edited: Jul 16, 2010
  17. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    The router I currently use is a Sitecom router. Not good, but it's one of the major brands in this region.

    I think I got the router plus wireless adapter for about 50 euros ... The cheapest router I could get.

    Given: http://blogs.securiteam.com/index.php/archives/826

    I decided to test my own router. Using nmap and telnet.

    Apparently I can telnet to a certain port that may be able to accept commands. From what I gather, a GET command plus syntax.
    I tried something but got an error message. Telnetting to that port actually worked. I know little about networking and the use of various tools.
    Would it be possible by means of telnet and the GET command (or a different command) to gain access to my router/computer, change its settings, or to bypass the router ? I have tried, but as I said I'm no geek.
    Can I get a few pointers about how actually test this ?

    It has a primary WINS server, same 'address' as the one I use to access the router (192.168.X.X). It seems the router doesn't have any options to change/remove it. There is just no place in the menu. I don't know if this is important. Configuration: cable modem>router>wireless connection to my computer, no other devices in the network.

    My apologies for these posts, I know this is all a bit disorganized.
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Doesn't have anything to do with backdoors added by isp/vendors. It's actual malware that takes advantage of an exploit.

    When it comes to flawed hardware I assumed you'd need to buy a new router.

    As far as I know, it's the firmware that controls all network level functions, so unless they added an extra isolated "spy chip" which I don't think any company would do(increased cost, increased network overhead, etc), you should be safe with open source firmware.
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    My point about backdoors in the router were that it depends on what vulnerable software is running in the Operating System of the router.
    DD-WRT is a Linux Operating System not a firmware.
    Is the Kernel vulnerable?
    Is the SSH server vulnerable?
    Is PAM vulnerable?
    Can a vendor ship vulnerable versions of any of the above?
    Can you install updates to a router the way you update a desktop system?

    This is a flawed concept.
    The firmware you are talking about is for wireless network functions not wired.

    @fly

    http://dronebl.org/blog/8
    We can say that all MIPs processor based routers are vulnerable to exploitation by attacks similar to the Router Blue Pill based on the info provided.
    If the user of a MIPs router has a strong password policy then an attacker has to subvert a vulnerable service or a process to install the Router Blue Pill.
    Some MIPs Routers allow the attack to be carried out from the WAN side, no need to infect your computer first.
    Is this a hardware backdoor?
    Could it have been designed to be vulnerable?
    Sure.

    Routers using an ARM based processor have not been shown to have a similar vulnerability, yet.
     
  20. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Gaining access to your router.

    @fly

    What commands are available depend on what the vendor installed.
    After telnet 192.168.1.1 username:password you can try typing help or help all for a list of commands.
    If that doesn't work then you will have to find out what OS version with uname -a then do some googling.
    Or try googling "(your router) telnet command line"
     
  21. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    o_O Whaaaaat..? Did you typo something here? Wtf are you talking about that the firmware is only for wireless functions? The firmware controls EVERYTHING about the router.


    I repeat myself, it's an exploit used by malware. Not a backdoor added by the isp/vendor to monitor your connections. You're taking this thread completely off-topic. A modern router would suffice to prevent this.
     
  22. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    ROFL who cares if it's open source..that only means more people have their spoons in the pot. Yeah..good logic.

    And if you really want to bite your fingernails, loose sleep at night, and wear a tin foil hat...one can say that "so what if it's called open source...someone may have poisoned the firmware before hosting it for downloads and just called it what they wanted." Who is to say the guys at DD don't have a back door for their use? Can you prove it? or not? or just say you don't "think so"? Huh?

    And guess what, to continue making some people lose sleep at night...software firewalls can have back doors too! Yup! So if you're afraid of routers and backs doors in them, might as well be afraid of software firewalls too!
     
  23. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Open Source means the code can be reviewed, if it had a backdoor, it would have be well documented by now, but since it took me what, 3 posts to get you to understand that, I won't hold my hopes further.

    Why are you posting in this thread if you have such an issue with the OP's request for information? Just because you do not share his paranoia doesn't make you right and him wrong. :cautious:
     
  24. wat0114

    wat0114 Guest

  25. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    No luck yet. It's certainly not on the website of the manufacturer.
     
Loading...
Thread Status:
Not open for further replies.