Rogue Router Firmware Chaos #Backdoor

rouge-router-firmware                             200 K Online Home Routers Affected Worldwide (approximately)

There are more than 3 Billion internet users worldwide. With the growth of internet users, home router sales also have increased. But sadly the security risk in home routers has been raised rapidly.

There is an ongoing war between Red Team and Black team. They both are trying to find the security issues of the home router. Previously, different security issues have been identified in home router by security researchers and nobody seems to be concerned about these issues. Default credentials in online devices already are playground for ‘crackers’.

Before revealing our research, let’s see how this security issue can be used by an attacker.

cenriohack

The picture Above IS the typical home router Attack Scenario where an attacker CAN hack the router and CAN Hijack the DNS session. So if A home router IS hacked then the PC’s or Devices Connected to the router Could BE compromised Easily. Our Security Researcher Nabin KC  ( AttoN_Cnew ) HAS published his white paper Regarding this Issue . Here IS A demonstration That How A hacked router CAN BE USED to compromised PCs inside NAT.

The Story of a Discovery

Let’s begin with Our Story of discovery. It WAS A usual Day in Our Office and my COLLEAGUE Nabin KC WAS busy with his Research. But he HAD problems to Connect to Internet. One of the routers That we USED for lab purpose WAS A home router and was giving severe pain for us. Every time we use nmap for scanning purpose, that router faced a bottleneck issue.

So Nabin with Motive to Eliminate the Issue, he tried to upload Another Open source router firmware but he failed. And he Thought of an idea to reverse ENGINEER the router firmware USED in Our lab. But Surprisingly he Discovered A hard-coded backdoor username and password and it’s ” super

backdoor                                                                Hard-coded Backdoor

After getting this backdoor information, we got mixed feelings. Either we might have been pwned or there was something wrong with the firmware. The latter was highly likely in this case. So I started my research and tried to find the root cause. I never I found the answer that how this firmware came to existence but discovered many hidden things revolving around this firmware.

During our research, we tried to find the similar security issues in another model. And surprisingly what we found was that the same firmware have been implemented by the other routers vendors, too. More than 10 major router vendors have been using this same backdoor affected firmware.

major_vendor_backdoor

. We also found several unregistered and unknown router vendors that have been using this same firmware Here is the list of affected router vendor and their router model name:

Digicom
DAPR 150RN
DAPR 300RN

Alpha Network
AIP-W525H
AWAP806N

Pro-Link
PRN3001
WNR1008

Planet Networks
WNRT-300G

Trendnet
TEW-638APB
TEW-639GR
TWE-736RE

Realtek
RTL8181
RTL8186
RTL8186P

Bless
Zio-3300N
Zio-4400N
Zio-3200N
Zio-3300N

SmartGate
SG3300N
SG3100N

Blue Link
BL-R30G

We also found many forged routers that have been using the same affected firmware.

digicom1-265x300 digicom-2-298x300 digicom-1-300x295 realtek-1-300x225 realtek-300x240

So after three months of extensive research, we found out that more 200,000 home routers (online) have been affected by this same router firmware all over the world. So from this calculation we can say approximately half a million devices (combining offline and online) It is affected.

Moral of the Story

Every user need to know Their Devices and vendor before Purchasing.
Creating A hard time for an attacker IS Always A win win situation. Use as much defense as you CAN.
As an end user, the best way to BE Protect your home router IS to disable the Remote Web Management console if you do not need it. There’s no way you can change the backdoor-ed username and passoword.

And the last options is to use Open Source firmware if your device supports (eg. OpenWrt)

Public Disclosure

Above the Research Have Been recently Presented in International Conference on Cyber ​​Security and Cyber ​​Law 2015 (Feb 21) by Nabin KC and Bijay Limbu Senihang Held at Hotel Yak and Yeti, Kathmandu Nepal. Please View the Slide here .

PS Router Vendors Have Been informed about this Issue. Only TREDNET HAS replied till Date.

Comments
  1. Mark Hahn
    • Sarmik
      • Bijay Limbu Senihang
        • @bizzyunderscore
          • Nabin Kc
          • Abhibandu Kafle
        • Jason
          • Abhibandu Kafle
    • Abhibandu Kafle
      • Patrick C
  2. Anonymous
    • Nabin Kc
  3. Nunya Biz
  4. bill
    • Nabin Kc
  5. Steven Blakely
  6. meneame
  7. Liliana
  8. wat
  9. Earnestine
  10. Jack
  11. Marcia Georgl
  12. pirate kings cheat
  13. 情趣用品
  14. LeonoreSCarrauza
  15. Revival Beauty
  16. yua aida free
  17. camtasia studio 8 key
  18. quest bars
  19. Oren

Leave a Reply

Your email address will not be published. Required fields are marked *

*

nine + 18 =