Backdoor in D-Link Products
Security is often such an after thought for people in that they have an implicit trust in their purchased products. Security researcher Craig Heffner of Tactical Network Solutions recently uncovered a backdoor in D-Link router products. How easy is it to gain full access? Simply set the browser string in your HTTP User Agent to xmlset_roodkcableoj28840ybtide
and you can bypass the authentication mechanism. This one wasn't even well hidden, just read the string backwards and its obviously "editby04882joelbackdoor
". There's a short article on how this sort of thing was discovered on devttys0.com. The gist of it involved decompressing the firmware image, extracting the embedded filesystem, looking at interesting strings (found "auth
"), and then analyzed the disassembled code for the function. That revealed when a particular user agent was present, it automatically authenticated. Instant backdoor access to every device using that firmware.