Backdoor discovered in many common routers: SSO Alert Priority Moderate
10 January 2014
A backdoor (or deliberately added vulnerability) has been discovered which can give an attacker administrator access to routers commonly used in homes and small businesses.
A router is a device that creates and controls the network between computers. In many cases your modem, which you use to connect to the internet, is also likely to act as your router.
Backdoors are often put into products during their development for testing purposes, often with the intention of removing it later, but they can also be put in by attackers or disgruntled employees.
There is no suggestion of malicious intent with this backdoor, but unfortunately, it could be used by someone sending a specially crafted message to your router.
A large number of router models are likely to be affected including popular models sold by Linksys and Netgear.
Unfortunately, a complete list of the affected models and brands is not available, however, you can check whether yours is on this partial list. If your router model is not listed, its affected status is still not yet known.
Anyone with an affected router is advised to seek a firmware update for your router, and to disable external access to the router administration panel.
Regardless of whether your router is affected or not, it is always advisable to disable external access to your router and, of course, ensure you have a password set for your Wi-Fi.
Securing your router
Disable external access to your router's administration panel. This ensures that only computers directly connected to your router (either through a cable or Wi-Fi) can access your administration panel.
While the process will be different for each router vendor and model type, broadly, the steps are:
Log in to your administration panel (often by navigating to http://192.168.1.1 in your internet browser, but your configuration may differ).
Find an option such as “Allow WAN access to administration panel” or “Allow Remote Management”. This may be phrased differently for different devices.
Ensure this option is disabled.
You can refer to your router's user manual for specific instructions on performing these steps.
Firmware updates are specific updates for hardware and, much like software updates, can be used to fix security problems that have been discovered. Firmware updates for this backdoor should be released in the near future by each of the router manufacturers (Netgear, Linksys etc).
You may need to check with your router manufacturer about when (and if) an update will be available for your specific model. It may take some time before firmware updates are available for this issue, and the manufacturer may not specify if the update addresses it or not. The best you can do is to ensure you do have the latest firmware on your router as it becomes available.
Each router manufacturer’s website should provide step by step instructions for downloading and installing the latest firmware updates for your router model.
The procedure for installing firmware updates on a router will differ based on the manufacturer, model and version of router you have. It is normally a straightforward process, however, instructions do need to be followed closely. A bad firmware update can render your device unusable and, in the case of a router, could disconnect your computers from the internet.
A recent Stay Smart Online Alert addressed a similar backdoor found in DLINK products, containing more information on this type of vulnerability.
Additional information about this backdoor can be found on the Sophos blog.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.