“Joel’s Backdoor” Wreaks Havoc on Routers

D Link Routers show gaping security threatThe Ethical Hacking Group named the Embedded Systems Hacker Collective is a group of individuals that attempts to hack into consumer electronics such as home routers and set top boxes.  As a sort of hobby, the members try to see what vulnerabilities these devices have and how it may affect the consumer using the hardware for firmware attached to the device.

This group identified a major security flaw in the administration interface which allows an unidentified user unlimited access.  The “master key” string is being referred to as “Joel’s Back Door”.  It can be accessed by finding the string “xmlset_roodkcableoj28840ybtide”.  If you read the first string backwards, you can clearly see that it reads editby04882joelbackdoor!  This means that if your router is accessible through remote management, someone can use your router with unsupervised access!

D Link Remote Access

How does Joel’s Backdoor Work?

If you were to tell the browser applications to identify itself as the above listed string instead of perhaps xxxxxxxx/4.3xxxxxx/854.41.58 Version/5.04.08, then you should have full access without Authentication.  On a good note, these routers are set as a DEFAULT not to allow remote access, but if you have set it up for remote  access, you may have exposed a serious vulnerability and should be cautious.  Please see figure attached to find the proper setting.  IF your are an IT Security Professional and would like to know the exact location of the affected string please reach out  for further information.

 Why would there be a “back door” to access my router?

Obviously companies like D-link placed the string there for a reason.  The real reason that the access is there is so that the organization can push updates (security and efficiency) to the device to prolong the product life cycle.  This does not change the fact that there is a hardwired back door to a number of D-Link Routers, and proper consideration should be given.  This string may be helpful to the hardware and firmware suppliers but it also allows access to ANY and ALL users that can gain access.

A list of the effected D-Link routers is listed below:

·         DIR-100

·         DI-524

·         DI-524UP

·         DI-604S

·         DI-604P

·         DI604+

·         TM-G5240

If your organization is unaware of the safety and security of your routers and other hardware or network devices, please CONTACT US for a Web Penetration Test or Vulnerability Test for all applicable hardware and firmware in your organization.

Subscribe Today to receive our monthly email newsletter
including new blog articles, news, and security awareness tips!