Time to Upgrade Your D-Link Router!

Recently a very dangerous backdoor on D-Link routers was discovered.

D-Link 655

D-Link 655 (Photo credit: Sean MacEntee)

Your best option is to:

  1. Find the make, model, and serial number of your WiFi router.
  2. Go to http://www.dd-wrt.com/site/index
  3. Search for a version for your router
  4. If you are unsure, then Google search “install DD-WRT on” whatever your router model is.
  5. Download the appropriate firmware
  6. Access the router’s control panel by typing in your web browser
  7. Type in your username and password for the router
  8. Configure DD-WRT with your WiFi settings.
  9. Security hole solved!

Now you could also just download the patched firmware from D-Link when it comes out, but where’s the fun in that? 🙂

D-Link router backdoor vulnerability allows full access to settings


On October 13, 2013, 3:30 PM

If you have a D-Link router, you should be particularly cautious as a fairly serious vulnerability has been discovered. A writer from embedded device hacking website /dev/ttyS0 was looking through the firmware for a D-Link DIR-100 router, and found something unusual. After a small bit of reverse engineering, a backdoor to the D-Link router was uncovered, allowing full access to the router’s web configuration interface.

The worrying part about this vulnerability is how it can be exploited. Anyone connected to the router, whether it’s through Ethernet or Wi-Fi, can simply set their browser’s user agent string to a specific codeword and then attempt to access the web configuration panel. The router will then detect the string and skip its standard authentication practices, allowing full access without needing to log in.

Only a certain selection of routers are known to be affected, all which use the DIR-100 firmware, but there’s the possibility that firmware for other D-Link routers also includes backdoor code.

Currently there is no way to stop this type of vulnerability from being exploited, other than preventing shady characters from connecting to your network. While the implications aren’t as serious for home networks, any small businesses that use an affected D-Link router, while allowing public access for free Wi-Fi (for example), could find themsevles in a bit of strife.

The backdoor has likely been coded in for maintenance reasons, although D-Link hasn’t explicitly stated the reasons behind the its inclusion. Hopefully the company can resolve the security issues presented here swiftly, before malicious users harness its potential in the wild.

Tagged with: , , , , , , , ,
Posted in Cybersecurity, Home Defense

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: