Backdoor discovers in TP-Link routers

As has been the case with many communications products in the past 5 years it seems.. Chinese infiltration or honest mistakes? You decide.

Most notably the Huawei and ZTE scandal:
http://www.h-online.com/security/ne...ticks-put-users-security-at-risk-1823894.html
http://www.nytimes.com/2012/10/09/u...onal-security-threat.html?pagewanted=all&_r=0
http://online.wsj.com/article/SB10000872396390443615804578041931689859530.html


Chinese manufactured silicon chips for US military may be compromised:
http://news.cnet.com/8301-1009_3-57...reat-posed-by-backdoor-found-in-chinese-chip/

Linksys:
http://www.coresecurity.com/content/linksys-wireless-router-security-vulnerability

100,000 routers with WPS easily back-doored:
http://thehackernews.com/2012/04/more-than-100000-wireless-routers-have.html#_

Etc. etc. etc.


If you stop buying a brand because a vulnerability or backdoor was found, your not going to have hardly any routers to buy.

Do what I have done, go fully commercial as in some EOL Managed Cisco gear and/or only buy routers that you can flash an open-source, peer reviewed, custom kernel (dd-wrt, tomato, monowall, pfsense, etc)
 
Last edited:
phaZed said:
If you stop buying a brand because a vulnerability or backdoor was found, your not going to have hardly any routers to buy.)
Click to expand...

yup.....true for pretty much any networked computer product.
A year or two ago those BIOS chips for many HP and Dell servers (and other brands I'm sure) were found compromised. Does't mean I stopped selling/installing their servers.
 
All the more reason for having good protection on the client's computer. I still go out to router with the default user and password:rolleyes:
 
codegreen said:
There's a difference between an unintentional security vulnerability and an intentional backdoor. At this point, this one appears to be intentional.
Click to expand...

I understand the difference quite well between the two. But what you must understand is that TP-Link may not have even written the code, it may have subcontracted that out to another company that inserted the backdoor. Most of these subcontractors are in China and are state-sponsored. Is that the case? If so, it's not like TP-Link is looking to back-door their customers intentionally. What would be the benefit vs. risk of that action if TP-Link was intentionally doing this? Was there a disgruntled employee? Are the acts of a few rogue individuals in a corporation to blame? Was TP-Link working off of Base-firmware provided by the chipset manufacturer? If so, does the original OEM firmware have the vulnerability? There are lots of unanswered questions here that need a lot of scrutinizing before you blame the "face" and brand, TP-Link.

Back-doors usually imply intention because, well, it's a backdoor... but that doesn't mean it is necessarily so.

So what brand are you going to go with now? I'm sure I can pull up a past or current backdoor or hidden terminal server on a port, or some ridiculously easy to use vulnerability that allows full access for almost any brand you pick. That's why I suggest you look for a router that is intentionally made to be re-flashed with an Open Source program that is known to be reasonably safe because the code is readily available for review. Pick up a managed Cisco 2970 28-port Gigabit commercial router (As was used in banks such as the Federal Reserve and Top 100 companies). These were the backbones for big iron for years and they were more or less "secured" because every aspect can be changed, set, and managed with Cisco iOS.

It's not so cut and dry here.
 
Last edited:
Being the tin-foil hat wearing individual that I am, this has been a real concern for a while. When you think about all of the networking and communication hardware used worldwide and all of the potentially exploitable micro-controllers, EPROMS, and FPGA chips contained therein, it becomes rather disconcerting. Component manufacturers source these chips from everywhere, and I'd be willing to bet that too few resources are expended to verify the integrity of the circuitry, firmware, and code contained on said chips. The potential is enormous, and you don't have to look far to find companies with the capability to do such things. It's just a matter of the color of hat they choose to wear. Mine remains shiny and foil-like. :)
 
Last edited:
phaZed said:
But what you must understand is that TP-Link may not have even written the code, it may have subcontracted that out to another company that inserted the backdoor. Most of these subcontractors are in China and are state-sponsored. Is that the case? If so, it's not like TP-Link is looking to back-door their customers intentionally. What would be the benefit vs. risk of that action if TP-Link was intentionally doing this? Was there a disgruntled employee? Are the acts of a few rogue individuals in a corporation to blame? Was TP-Link working off of Base-firmware provided by the chipset manufacturer? If so, does the original OEM firmware have the vulnerability? There are lots of unanswered questions here that need a lot of scrutinizing before you blame the "face" and brand, TP-Link.
Click to expand...

Of course. Given that the special URL needed to activate includes the word "debug" and apparently can only be exploited on the local LAN, I'm inclined to think that this was a development backdoor that got overlooked. However, that fact remains that a serious backdoor was discovered in several models of TP-Link branded routers. This backdoor hasn't been patched, and the company hasn't even responded to the issue yet, and said backdoor could exist in other TP-Link lines as well. Until those problems are resolved, TP-Link routers are off my buying list.

I can see that my initial post is a little ambiguous. To clarify: TP-Link isn't in my bad books permanently.

phaZed said:
So what brand are you going to go with now? I'm sure I can pull up a past or current backdoor or hidden terminal server on a port, or some ridiculously easy to use vulnerability that allows full access for almost any brand you pick.
Click to expand...

I'm sure you can. But "past" problems aren't of such concern to me. They been patched, removed, or otherwise mitigated. Only current problems will keep my from purchasing certain models or brands. Now, keeping up with the security issues of every router available would be a full-time job, so I don't pretend to do so. However, when I'm aware of an issue like this, I avoid purchasing those products until the issue is resolved.


phaZed said:
That's why I suggest you look for a router that is intentionally made to be re-flashed with an Open Source program that is known to be reasonably safe because the code is readily available for review.
Click to expand...

I always do for my own routers. However, I'm wary about doing so for customers. Do you normally re-flash routers you're installing for home users?
 
Ok, on all points..

codegreen said:
I always do for my own routers. However, I'm wary about doing so for customers. Do you normally re-flash routers you're installing for home users?
Click to expand...

No, not unless they are specifically security conscious or concerned. When asked, I do recommended that they purchase flash-able models and have me flash DD-WRT (For an additional fee, of course :cool:). I have been known to exploit routers and WIFI (WEP) (at the customer's home and with their permission) on numerous occasions in order to "prove" the need for my Network setup charges.
 
You must log in or register to reply here.

Similar threads

callthatgirl
Forms missing in New Outlook
2
Replies
21
Views
2K
Sky-Knight
Sky-Knight
GTP
Activate any version of Windows, Windows Server, Office etc...
Replies
5
Views
714
fincoder
fincoder
britechguy
Email Response Automation with Confirm Button in Web Browser
Replies
2
Views
400
britechguy
britechguy
HCHTech
Outlook New rant
Replies
12
Views
1K
dcomp12
D
Porthos
A ransomware gang made $260,000 in 5 days using the 7zip utility
Replies
1
Views
909
Sky-Knight
Sky-Knight
Back
Top