Your best option is to:
- Find the make, model, and serial number of your WiFi router.
- Go to http://www.dd-wrt.com/site/index
- Search for a version for your router
- If you are unsure, then Google search “install DD-WRT on” whatever your router model is.
- Download the appropriate firmware
- Access the router’s control panel by typing 192.168.1.1 in your web browser
- Type in your username and password for the router
- Configure DD-WRT with your WiFi settings.
- Security hole solved!
Now you could also just download the patched firmware from D-Link when it comes out, but where’s the fun in that? 🙂
D-Link router backdoor vulnerability allows full access to settings
On October 13, 2013, 3:30 PM
If you have a D-Link router, you should be particularly cautious as a fairly serious vulnerability has been discovered. A writer from embedded device hacking website /dev/ttyS0 was looking through the firmware for a D-Link DIR-100 router, and found something unusual. After a small bit of reverse engineering, a backdoor to the D-Link router was uncovered, allowing full access to the router’s web configuration interface.
The worrying part about this vulnerability is how it can be exploited. Anyone connected to the router, whether it’s through Ethernet or Wi-Fi, can simply set their browser’s user agent string to a specific codeword and then attempt to access the web configuration panel. The router will then detect the string and skip its standard authentication practices, allowing full access without needing to log in.
Only a certain selection of routers are known to be affected, all which use the DIR-100 firmware, but there’s the possibility that firmware for other D-Link routers also includes backdoor code.
Currently there is no way to stop this type of vulnerability from being exploited, other than preventing shady characters from connecting to your network. While the implications aren’t as serious for home networks, any small businesses that use an affected D-Link router, while allowing public access for free Wi-Fi (for example), could find themsevles in a bit of strife.
The backdoor has likely been coded in for maintenance reasons, although D-Link hasn’t explicitly stated the reasons behind the its inclusion. Hopefully the company can resolve the security issues presented here swiftly, before malicious users harness its potential in the wild.
- Backdoor Found in D-Link Routers – (dslreports.com)
- Backdoor found in D-Link router firmware code (pcworld.com)
- Numerous D-Link Routers have Backdoor in Firmware (cyberarms.wordpress.com)
- Backdoor found in D-Link router firmware code (infoworld.com)
- Some D-Link Routers Have Backdoor Vulnerability (tomshardware.com)
- D-Link to padlock router backdoor by Halloween (pcworld.com)
- D-Link rushes to fix router backdoor (pcpro.co.uk)
- D-Link routers found to contain backdoor (zdnet.com)
- D-Link to padlock router backdoor by Halloween (computerworld.co.nz)