Throw your backdoored D-Link router in the bin, urges security researcher

News by Rene Millman

Slew of bugs and backdoors means device is unsafe to use

A router made by D-Link is so full of bugs and backdoors, owners should throw them away rather than keep using them, claimed a security researcher.

Pierre Kim claimed that as it is so easy to hack the D-Link DWR-932B router that users should bin them as soon as possible.

“As the router has a sizable memory (168 MB), a decent CPU and good free space (235 MB) with complete toolkits installed by default (sshd, proxy (/bin/tinyproxy -c /var/tproxy.conf), tcpdump ...), I advise users to trash their routers because it's trivial for an attacker to use this router as an attack vector (ie: hosting a sniffing tool, LAN hacking, active MiTM tool, spamming zombie),” he said in a posting on Seclists.

The router has 20 vulnerabilities, according to Kim. These also include backdoors, backdoor accounts with easy-to-guess passwords, a default Wi-Fi Protected Setup PIN, and a weak WPD PIN generation algorithm.

He warned that as there was a lack of response from the vendor about the vulnerabilities, he wasn't expecting any security fixes to the router. He also said that users should stop using the device until fixes are in place.

The router itself is based on Quanta LTE routers, which is a number of vulnerabilities itself. So it is no surprise that the router has inherited a number of problems itself.

Kim said he had contacted D-Link over the issues in June, but he added at the present time, no update has been forthcoming. He also got in contact with CERT and it advised him to publish an advisory if D-Link failed to contact him with security updates.

Luke Potter, security practice director at SureCloud, told that replacing hardware often has its advantages, such as allowing consumers to take advantage of new features and functionality, “but the suggestion of replacing to ‘resolve' inherent security vulnerabilities isn't an acceptable ‘fix' in my opinion”.

“Manufacturers of hardware need to take overall responsibility for resolving vulnerabilities in their devices through a firmware update. Whilst also ensuring that their user base are actively contacted and advised accordingly. These routers are aimed at home users, who are likely completely unaware of the risks. These products may be discontinued, but this shouldn't forgo the need for D-Link to issue a patch. The router itself can still be found for sale on many websites across the UK and Europe,” he said.

Mark James, security specialist at ESET, told SC that replacing outdated hardware may be the only solution if updates are slow in coming, “the costs of replacing hardware are extremely insignificant when it comes to dealing with malware infections or data breaches.”

He added that making sure updates and firmware fixes are released in a timely manner is of utmost importance.

“Hardware security is just as important as software security but harder to accomplish. Not only is it hard for manufacturers to make the updates available, but even harder still in letting all affected users know about the updates and how to install them. It also needs to be fairly effortless for the end user to apply those updates, over-the-air (OTA) updates come with their own security issues but make it easier for the end user to apply. Whichever process they choose to use will have its challenges but sadly that's the nature of security, all too often we choose simplicity over security.”


A D-Link spokesperson told SC: “Security is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. It has recently been reported that multiple vulnerabilities are found on hardware version B1 of the D-Link DWR-932 4G LTE Mobile Router. Only this end-of-life hardware version B1 is potentially affected by the reported vulnerabilities. The current shipping hardware version D1 or any other hardware versions are not affected. We are currently working vigorously to investigate and verify all the reported vulnerabilities, and will subsequently provide a corrective course of action within the coming days.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews