Santa Claus
If I give a friend a new Blekin router for X-mas. Am I a Santa Claus or Black Peter?
Belkin's N150 router is perfect for learning hacking skills – wait, what, it's in production?
Belkin's home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, we're told. Security researcher Rahul Pratap Singh warns that the Belkin N150's builtin web server, provided so users can configure their kit, doesn't perform enough checks on …
-
Tuesday 1st December 2015 05:49 GMT Anonymous Coward
Can telnet be disabled or the password changed?
If so, I don't see why this is a problem. You have to leave a new router open for people to access it, or they can't do any configuration. They all start out wide open in the GUI, and make you change the password first thing. If the password for telnet isn't reset when you reset the GUI password that's a problem, because the typical home user would say "what's telnet?" if you told him about this.
The biggest problem I have with this is using telnet instead of SSH. Not because unencrypted traffic on the local network in a product designed for home use is really an issue, but because telnet is outdated and you don't want to encourage anyone to use it even in cases where its insecurity isn't a problem.
-
Tuesday 1st December 2015 09:12 GMT LucreLout
Oi Belkin!!
Thanks very much for regarding this matter with all the urgency I regard my next fart. I'm going to give you until Friday for you to have a fix produced, tested properly, and released, after which time this will be my last ever Belkin product.
In the mean time I'll revert to using an ancient PoS router that nobody has heard of - security through obscurity seems my last line of defence, so, thanks for that you incompetent and lazy morons. Seriously, if your developers can't build software properly then you need better developers - and you'll not find those at your local outsourcer, or offshorian slaughter house in Pune.
-
Tuesday 1st December 2015 09:25 GMT David Roberts
Re: Oi Belkin!!
In fact, in future I'm only going to buy hardware which can be loaded with DD-WRT or similar.
So, LL, why are you shouting at Belkin? Why did you buy a router which is dependant on the badge sticker for quality of software and timely security updates? Hopeless romantic? A moment's inattention? Drunk at the time?
I do get mildly exasperated at posters who suggest that anyone contributing to this forum should have more sense than to........whatever....but still.......
-
Tuesday 1st December 2015 17:45 GMT LucreLout
Re: Oi Belkin!!
Why did you buy a router which is dependant on the badge sticker for quality of software and timely security updates? Hopeless romantic? A moment's inattention? Drunk at the time?
Not drunk exactly, more just needed something to prove to my ISP/OpenReach that the intermittent fault was not in fact the router (it wasn't). Belkin was what my local shop had and I didn't have time to do any research, besides the sale of goods act suggests that anything sold in the local store should be fit for purpose, which this clear is not.
Ok, that last bit does sound a bit hopeless romantic, but I really don't have time to build all my own hardware or reflash everything I own repeatedly. I'm not even wholly sure I possess all the requisite skills to sufficient standard (hardware). I accept that will lead to risks but what the article describes are not risks, they're issues of basic competency.
I'd be ashamed to turn out such garbage as my professional output, and I'm "shouting at Belkin" because corporate silence is not the way to resolve this - humility, ownership, and effort are.
-
Tuesday 1st December 2015 11:04 GMT Anonymous Coward
Belkin is crap, and always has been
"security through obscurity seems my last line of defence"
Seeing as the more obscure routers are probably based on standard components and software, it's quite possible they're vulnerable anyway, at least to attacks that are automated and/or probe the vulnerabilities of products.
Anyway, yeah, Belkin is crap and has been for a long time.
Remember that many years ago they were an early and enthusiastic adopter of the now-widespread practice of spamming users (i.e. *buyers*) of their routers with unwanted advertisements.
More recently, my boss had another of their routers, and while it had a very attractive and useful-looking LCD status panel on the front, it was a useless, unusable POS that was eventually returned. I can still remember one Amazon review which described it as being less stable than "a caffeine-snorting spider monkey".
Personally, I bought an "SVGA" cable from them around five or six years ago, and it exhibited *very* obvious ringing at 1024x768/85Hz (pretty average at the time) which wasn't present when using the several-years-older cable that came with my KVM (ironically, also a Belkin). As I noted in my review "I'm not sure what resolutions and refresh rates this cable *is* suitable for use with. It sure as heck isn't anything that most people have used since the 1990s."
Belkin's description now includes the final-line disclaimer that it "will only work on monitors smaller than 17 inches". (Mine was 17 inches and I bet the artifacts would still have been visible at 15). I doubt that market was worth specifically bothering with even circa 2010, sounds like a p**s-poor excuse to justify a cable that was so poor it couldn't even handle the most MOR of (then) present-day refresh rates you'd have expected from even a bog-standard no-name lead.
-
-
-
Tuesday 1st December 2015 15:11 GMT VinceH
"Belkin routers are like a barrel of fish for security researchers to shoot into, or rather a barrel of fish that Belkin has riddled with holes: its boxes have been vulnerable to DNS spoofing and Wi-Fi security cracking tricks in the past few months."
Surely, Shirley, they've been vulnerable for longer? It's only in the last few months these vulnerabilities have become public knowledge.
Biting the hand that feeds IT
