Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 03-18-2013, 02:08 AM
codegreen codegreen is online now
 
Join Date: Mar 2011
Location: New Brunswick, Canada
Posts: 1,317
codegreen is a jewel in the roughcodegreen is a jewel in the roughcodegreen is a jewel in the rough
Default Backdoor discovers in TP-Link routers

http://www.h-online.com/security/new...s-1822720.html

The backdoor is built into the manufacture's firmware. This pretty much knocks TP-Link out of consideration for me.
__________________
Stephen Gilbert

Code Green Technology:
Fredericton Computer Repair
Reply With Quote
  #2  
Old 03-18-2013, 02:31 AM
phaZed's Avatar
phaZed phaZed is offline
 
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,743
phaZed is a jewel in the roughphaZed is a jewel in the roughphaZed is a jewel in the rough
Default

As has been the case with many communications products in the past 5 years it seems.. Chinese infiltration or honest mistakes? You decide.

Most notably the Huawei and ZTE scandal:
http://www.h-online.com/security/new...k-1823894.html
http://www.nytimes.com/2012/10/09/us...anted=all&_r=0
http://online.wsj.com/article/SB1000...689859530.html


Chinese manufactured silicon chips for US military may be compromised:
http://news.cnet.com/8301-1009_3-574...-chinese-chip/

Linksys:
http://www.coresecurity.com/content/...-vulnerability

100,000 routers with WPS easily back-doored:
http://thehackernews.com/2012/04/mor...rs-have.html#_

Etc. etc. etc.


If you stop buying a brand because a vulnerability or backdoor was found, your not going to have hardly any routers to buy.

Do what I have done, go fully commercial as in some EOL Managed Cisco gear and/or only buy routers that you can flash an open-source, peer reviewed, custom kernel (dd-wrt, tomato, monowall, pfsense, etc)
__________________

Aaron Heidlebaugh
Computer Technician / Owner
www.AaronsPCSupport.com
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting

Last edited by phaZed; 03-18-2013 at 02:49 AM.
Reply With Quote
  #3  
Old 03-18-2013, 03:24 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,965
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Quote:
Originally Posted by phaZed View Post
If you stop buying a brand because a vulnerability or backdoor was found, your not going to have hardly any routers to buy.)
yup.....true for pretty much any networked computer product.
A year or two ago those BIOS chips for many HP and Dell servers (and other brands I'm sure) were found compromised. Does't mean I stopped selling/installing their servers.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #4  
Old 03-18-2013, 04:40 PM
Martyn's Avatar
Martyn Martyn is offline
Administrator
 
Join Date: Apr 2010
Location: Bedfordshire UK
Posts: 5,662
Martyn has a spectacular aura aboutMartyn has a spectacular aura about
Default

All the more reason for having good protection on the client's computer. I still go out to router with the default user and password
Reply With Quote
  #5  
Old 03-18-2013, 04:46 PM
codegreen codegreen is online now
 
Join Date: Mar 2011
Location: New Brunswick, Canada
Posts: 1,317
codegreen is a jewel in the roughcodegreen is a jewel in the roughcodegreen is a jewel in the rough
Default

Quote:
Originally Posted by phaZed View Post
If you stop buying a brand because a vulnerability or backdoor was found, your not going to have hardly any routers to buy.
There's a difference between an unintentional security vulnerability and an intentional backdoor. At this point, this one appears to be intentional.
__________________
Stephen Gilbert

Code Green Technology:
Fredericton Computer Repair
Reply With Quote
  #6  
Old 03-18-2013, 05:14 PM
phaZed's Avatar
phaZed phaZed is offline
 
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,743
phaZed is a jewel in the roughphaZed is a jewel in the roughphaZed is a jewel in the rough
Default

Quote:
Originally Posted by codegreen View Post
There's a difference between an unintentional security vulnerability and an intentional backdoor. At this point, this one appears to be intentional.
I understand the difference quite well between the two. But what you must understand is that TP-Link may not have even written the code, it may have subcontracted that out to another company that inserted the backdoor. Most of these subcontractors are in China and are state-sponsored. Is that the case? If so, it's not like TP-Link is looking to back-door their customers intentionally. What would be the benefit vs. risk of that action if TP-Link was intentionally doing this? Was there a disgruntled employee? Are the acts of a few rogue individuals in a corporation to blame? Was TP-Link working off of Base-firmware provided by the chipset manufacturer? If so, does the original OEM firmware have the vulnerability? There are lots of unanswered questions here that need a lot of scrutinizing before you blame the "face" and brand, TP-Link.

Back-doors usually imply intention because, well, it's a backdoor... but that doesn't mean it is necessarily so.

So what brand are you going to go with now? I'm sure I can pull up a past or current backdoor or hidden terminal server on a port, or some ridiculously easy to use vulnerability that allows full access for almost any brand you pick. That's why I suggest you look for a router that is intentionally made to be re-flashed with an Open Source program that is known to be reasonably safe because the code is readily available for review. Pick up a managed Cisco 2970 28-port Gigabit commercial router (As was used in banks such as the Federal Reserve and Top 100 companies). These were the backbones for big iron for years and they were more or less "secured" because every aspect can be changed, set, and managed with Cisco iOS.

It's not so cut and dry here.
__________________

Aaron Heidlebaugh
Computer Technician / Owner
www.AaronsPCSupport.com
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting

Last edited by phaZed; 03-18-2013 at 05:30 PM.
Reply With Quote
  #7  
Old 03-18-2013, 05:21 PM
SilverLeaf's Avatar
SilverLeaf SilverLeaf is online now
 
Join Date: Jan 2012
Location: Kentucky
Posts: 1,145
SilverLeaf is a jewel in the roughSilverLeaf is a jewel in the roughSilverLeaf is a jewel in the rough
Default

Being the tin-foil hat wearing individual that I am, this has been a real concern for a while. When you think about all of the networking and communication hardware used worldwide and all of the potentially exploitable micro-controllers, EPROMS, and FPGA chips contained therein, it becomes rather disconcerting. Component manufacturers source these chips from everywhere, and I'd be willing to bet that too few resources are expended to verify the integrity of the circuitry, firmware, and code contained on said chips. The potential is enormous, and you don't have to look far to find companies with the capability to do such things. It's just a matter of the color of hat they choose to wear. Mine remains shiny and foil-like.

Last edited by SilverLeaf; 03-18-2013 at 05:39 PM. Reason: Removed link to Chinese company advertising potentially nefarious services
Reply With Quote
  #8  
Old 03-18-2013, 08:21 PM
codegreen codegreen is online now
 
Join Date: Mar 2011
Location: New Brunswick, Canada
Posts: 1,317
codegreen is a jewel in the roughcodegreen is a jewel in the roughcodegreen is a jewel in the rough
Default

Quote:
Originally Posted by phaZed View Post
But what you must understand is that TP-Link may not have even written the code, it may have subcontracted that out to another company that inserted the backdoor. Most of these subcontractors are in China and are state-sponsored. Is that the case? If so, it's not like TP-Link is looking to back-door their customers intentionally. What would be the benefit vs. risk of that action if TP-Link was intentionally doing this? Was there a disgruntled employee? Are the acts of a few rogue individuals in a corporation to blame? Was TP-Link working off of Base-firmware provided by the chipset manufacturer? If so, does the original OEM firmware have the vulnerability? There are lots of unanswered questions here that need a lot of scrutinizing before you blame the "face" and brand, TP-Link.
Of course. Given that the special URL needed to activate includes the word "debug" and apparently can only be exploited on the local LAN, I'm inclined to think that this was a development backdoor that got overlooked. However, that fact remains that a serious backdoor was discovered in several models of TP-Link branded routers. This backdoor hasn't been patched, and the company hasn't even responded to the issue yet, and said backdoor could exist in other TP-Link lines as well. Until those problems are resolved, TP-Link routers are off my buying list.

I can see that my initial post is a little ambiguous. To clarify: TP-Link isn't in my bad books permanently.

Quote:
Originally Posted by phaZed View Post
So what brand are you going to go with now? I'm sure I can pull up a past or current backdoor or hidden terminal server on a port, or some ridiculously easy to use vulnerability that allows full access for almost any brand you pick.
I'm sure you can. But "past" problems aren't of such concern to me. They been patched, removed, or otherwise mitigated. Only current problems will keep my from purchasing certain models or brands. Now, keeping up with the security issues of every router available would be a full-time job, so I don't pretend to do so. However, when I'm aware of an issue like this, I avoid purchasing those products until the issue is resolved.


Quote:
Originally Posted by phaZed View Post
That's why I suggest you look for a router that is intentionally made to be re-flashed with an Open Source program that is known to be reasonably safe because the code is readily available for review.
I always do for my own routers. However, I'm wary about doing so for customers. Do you normally re-flash routers you're installing for home users?
__________________
Stephen Gilbert

Code Green Technology:
Fredericton Computer Repair
Reply With Quote
  #9  
Old 03-18-2013, 09:06 PM
phaZed's Avatar
phaZed phaZed is offline
 
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,743
phaZed is a jewel in the roughphaZed is a jewel in the roughphaZed is a jewel in the rough
Default

Ok, on all points..

Quote:
Originally Posted by codegreen View Post
I always do for my own routers. However, I'm wary about doing so for customers. Do you normally re-flash routers you're installing for home users?
No, not unless they are specifically security conscious or concerned. When asked, I do recommended that they purchase flash-able models and have me flash DD-WRT (For an additional fee, of course ). I have been known to exploit routers and WIFI (WEP) (at the customer's home and with their permission) on numerous occasions in order to "prove" the need for my Network setup charges.
__________________

Aaron Heidlebaugh
Computer Technician / Owner
www.AaronsPCSupport.com
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:55 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.