Alert:A backdoor found in many D-Link devices allows to bypass authentication

Are you using Dlink wireless router? You need to watch out if your device is one of the following or any Dlink family (more info to be available as more tests are made available on affected devices);

  1. DIR-100
  2. DIR-120
  3. DI-624S
  4. DI-524UP
  5. DI-604S
  6. DI-604UP
  7. DI-604+
  8. TM-G5240

The backdoor identified enables the attacker to access the administration web interface of network devices without any authentication and view/change its settings. The backdoor was found in the  firmware v1.13. for more information visit http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/. The article the Reverse Engineering a D-Link Backdoor.

How to mitigate the vulnerability

The company also offered this advice: “As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.”http://www.dlink.com

Also ensure that;

  1. Unsolicited emails – Don’t open any unsolicited emails from unknown people or organisations. by clicking the URL you might enable unauthorized user access your router administration page;
  2. Make sure that your wireless network is secure by enabling secure communication by use of encryption (AES is the clear choice for best security);
  3. Disable remote access of your router (this is disabled by default);
  4. Download the firmware install guide provided within the ZIP firmware package and update the firmware when Dlink officially releasing the patch (visit http://www.dlink.com/uk/en/support/security for any official release of Dlink updates)
  5. Lastly, Ensure strong authentication passwords to access administration interfaces.

The flaw is serious as the attacker with the technical know-how of how to conduct the attack. I would recommend that we check the model of Dlink devices being used so as to determine if the devices we are using are affected and monitor closely the traffic in these devices. The firmware to be upgraded as soon as Dllink releases the update.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s