Backdoor Still Hidden in Patch for Wi-Fi Routers
The backdoor affecting Sercomm wireless DSL routers has not been fixed, and lays hidden in the latest version of the devices` firmware to intercept users` home traffic, according to Ars Technica.
In December 2013, Eloi Vanderbecken discovered hackers could exploit his parents` Linksys Wi-Fi router to gain administrative rights and manipulate local network resources without admin credentials. The device was listening on an undocumented Internet Protocol port number (32764) which allowed him to execute several commands, including running a script and enabling administrator privileges.
Allegedly, the backdoor required the attacker to be on the local network. The raw Ethernet packets were sent from within the local wireless LAN or from the Internet service provider`s equipment. Vanderbeken later reported some routers could be hijacked via the Internet as well, leaving them vulnerable to remote attacks.
As a result, the systems based on the same Sercomm modem, including home routers from Netgear, Cisco and Diamond, have published an update meant to seal the vulnerability. However, the researcher recently disclosed that the communications flaw persists in the new code. The backdoor can be reactivated through a network packet used by “an old Sercomm update tool.” The packet`s payload is an MD5 hash of the router`s model number (DGN1000).
Once the backdoor is turned back on, it monitors TCP/IP traffic and allows hackers to send commands to the router, including a screenshot of its entire configuration. It also gives access to hardware features such as blinking the router`s lights.
Due to the variety of models and manufacturers, the number of devices affected is unknown. The manufacturers have not issued an official response up to this point.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021