An easy-to-exploit backdoor has been found in seven different models of domestic routers made by D-Link and Planex. http://www.bbc.co.uk/news/technology-24519307
The backdoor, if used, would let an attacker take complete control of a router or modem and spy on a home’s browsing activity.
D-Link has acknowledged the existence of the backdoor and said a fix would be available by the end of October.
So far, the backdoor does not seem to have been exploited “in the wild”.
The backdoor was discovered by security researcher Craig Heffner, who reverse-engineered the software used to control a D-Link DIR-100 router. Deep analysis of the code revealed a string of letters that, if used in the right way, unlocked remote access to the gadget.
Writing about his findings on his blog, Mr Heffner speculated that the password string was included to make it easier for D-Link to remotely update some of its products.
The same string has been found to work on seven D-Link routers (DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and the TM-G5240) and two from Planex (BRL-04UR and BRL-04CW).
Many thousands of people are believed to have bought the routers before they were revealed to be vulnerable.
In a statement, D-Link said it was working with Mr Heffner and other security researchers to find out more about the backdoor. It added it was also conducting a review of its other products to see if it was present in other models.
Planex has yet to issue a statement about its products.