back to article Securobods warn of wide open backdoor in Netis/Netcore routers

Routers sold under the brand Netis by Chinese security vendor Netcore have a hardcoded password that leaves users with a wide-open backdoor that could easily be exploited by attackers, claim researchers. The backdoor allows cyber-criminals to easily change settings or run arbitrary code on routers, securobods at Trend Micro …

  1. vagabondo

    As these routers have upgradeable firmware, it should not be too difficult to download the firmware, change the password, and install the modded image. It would only take a few minutes to write a script to randomize rhe password, providing the original password was known.

    Of course the manufacturer could provide firmware without the backdoor if their customers pressured them.

    1. RainForestGuppy

      Congratulations you work in IT.

      Unfortunately, most real people who buy home routers don't. They just want something that connects their PC/Laptop/tablet to the internet so they can access Facebook, ebay.

      Expecting people to upgrade firmware, change passwords, writing scripts is just not acceptable.

      1. vagabondo

        Re: Congratulations you work in IT.

        "Expecting people to ..."

        I thought that most "consumers" got their routers preconfigured from their ISP, and only "experts" bought their own. I would expect the ISP or other tech support to be able to perform the fix remotely -- this is a remote access vulnerability.

        1. Hargrove

          Re: Congratulations you work in IT.

          @vagabondo

          I thought that most "consumers" got their routers preconfigured from their ISP, and only "experts" bought their own. I would expect the ISP or other tech support to be able to perform the fix remotely -- this is a remote access vulnerability.

          The routers I'm familiar with are consumer products available anyplace that sells computers. (For example, Netis routers can be bought from Wal-Mart.). They are easy to set up. Amongst my circle of "non-IT expert" friends, a high percentage--well over half I'd estimate--set up their own wireless routers for home use. (That doesn't imply that any of us know squat about backdoor security. Therein lies the rub.)

          On a different point, I'm not sure that Netis is alone in having this vulnerability.

          1. vagabondo

            Re: Congratulations you work in IT.

            @Hargrove

            I am sure that anyone that has used a web interface to configure their router is sufficiently "expert" to use the same interface to install a firmware upgrade, if one was provided. I do not expect the average user produce their own.

            "I'm not sure that Netis is alone in having this vulnerability."

            These stories are a regular feature here. They are not confined to the low cost devices either.

    2. Lars Silver badge
      Happy

      @vagabondo "download the firmware"???

      Firmware is programming that's written to the read-only memory (ROM) of a computing device.

      ROM is "built-in" computer memory containing data that normally can only be read, not written to.

      PROM is read-only memory (ROM) that can be modified once by a user. (not sure about the once anymore)

      (whatis.com)

      You could download software that could perhaps fix the problem.

      Or if that device had the means to "burn" a PROM and it is a PROM then you could do that, but I am sure there is no such possibility.

      You could perhaps also pull it/them out and replace with what the factory sends you.

      Not an expert, must be some 30 years since I played with stuff like that, very much a part of IT and programming then, and fun.

      My point is however this "Short of a fix, Trend recommends replacing vulnerable devices"..

      And perhaps it will be like this:

      http://www.theregister.co.uk/2014/08/26/hp_recalls_six_million_laptop_power_cords_over_fire_risk/

      If those sold in the USA came from any ISP then I think they should replace the whole damned thing.

      1. Lars Silver badge
        Happy

        And I did forget the EPROM: But never mind the article was about hardwired.

        1. vagabondo

          @Lars

          Sorry but you also forgot about EEROM and Flash Memory. Also the term used was "hard-coded" not "hardwired" -- we are dealing with firmware here, not hardware.

          Most motherboards, "intelligent" devices, etc. -- including routers -- use flash memory to store their operating firmware. The system allows the flash memory to be overwritten and rebooted. That's how the firmware is upgraded. Firmware images are generally available for download from the device manufacturer's website.

          The recommendation for replacement was "short of a fix". A fix is trivial, and could be implemented in-situ remotely. I would expect revised firmware images to appear at http://netis-systems.com/en/Downloads/ within a few days, but that depends on the priorities of these low-cost (approx £10) devices.

          1. Lars Silver badge
            Pint

            Re: @Lars

            @vagabondo, Sorry and thanks, a dumb comment by me.

  2. Alan Brown Silver badge

    This kind of thing

    Is why so many attacks seem to come from china (or residential DSL in various countries)

    If you think the blackhats haven't been (ab)using such backdoors for a while you're sorely mistaken.

  3. herman Silver badge

    How much did GCHQ pay them to insert that backdoor?

    1. Anonymous Coward
      FAIL

      Did you read the article? I think you are getting your intelligence agencies mixed up.

    2. Anonymous Coward
      Anonymous Coward

      More likely the NSA, GCHQ is just their puppet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020