Backdoor in wireless DSL routers lets attacker reset router, get admin

Eloi Vanderbecken explains the motivation for hacking his own WiFi router in pictures.
Eloi Vanderbeken

A hacker has found a backdoor to wireless combination router/DSL modems that could allow an attacker to reset the router’s configuration and gain access to the administrative control panel. The attack, confirmed to work on several Linksys and Netgear DSL modems, exploits an open port accessible over the wireless local network.

The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources. Update: Vanderbeken reports some routers have the backdoor open to the Internet side as well, leaving them vulnerable to remote attack.

Eloi Vanderbeken described the backdoor in a PowerPoint posted with the code to Github. In his illustrated report, he explained how over the Christmas holiday he was trying to get access to the administrative console of his family’s Linksys WAG200G wireless DSL gateway wirelessly—mostly so he could limit how much bandwidth the others in the house were using. But Vanderbeken had previously turned off wireless access to the administration web console (and had forgotten his administrative password).

Read 7 remaining paragraphs | Comments