BB Router Backdoor, A Nepali Security Firm's research
23 views
Skip to first unread message
Surmandal
Mar 25, 2015, 2:42:34 AM3/25/15
to NepS...@googlegroups.com
Its been a weeks, but I'm sharing a Nepalese research paper on broadband router backdoor, which shake the internet security world.Details can be found here :
http://blog.ensolnepal.com/router_backdoor
http://blog.ensolnepal.com/router_backdoor
--
HACKER vs CRACKER
Bipin Gautam
Mar 27, 2015, 2:09:44 AM3/27/15
to neps...@googlegroups.com
Detailed writeup /demonstration for anyone ! But dude.... this is not
a research paper, asin original research. The methods were widely
known for years ;)
But basically, if you have (or can get) router access, one can OWN
Almost any windows PC (that have third party software) from within the
network.
This is not the case with linux (binaries are digitally signed), or
software update that happens via https (but users can be tricked) or
software updates whose digital signature are verified before auto
update
I have always considered hidden auto update feature in app and app.
that connect back to its coder to report any data / even anonymous
stat? undesired from privacy prospective.
Prerequisite :
- need to be in the internal network of router to hijack affected router / DNS
- or bruteforce /get in the affected network and router.
- :D
Cheers. Do Keep posting!
> --
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
>
> LEGAL DISCLAIMER:
> https://groups.google.com/d/msg/nepsecure/SfYfVDAbtAM/YqdfKq-H4dEJ
> ---
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nepsecure+...@googlegroups.com.
> Visit this group at http://groups.google.com/group/nepsecure.
> For more options, visit https://groups.google.com/d/optout.
>
a research paper, asin original research. The methods were widely
known for years ;)
But basically, if you have (or can get) router access, one can OWN
Almost any windows PC (that have third party software) from within the
network.
This is not the case with linux (binaries are digitally signed), or
software update that happens via https (but users can be tricked) or
software updates whose digital signature are verified before auto
update
I have always considered hidden auto update feature in app and app.
that connect back to its coder to report any data / even anonymous
stat? undesired from privacy prospective.
Prerequisite :
- need to be in the internal network of router to hijack affected router / DNS
- or bruteforce /get in the affected network and router.
- :D
Cheers. Do Keep posting!
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
>
> LEGAL DISCLAIMER:
> https://groups.google.com/d/msg/nepsecure/SfYfVDAbtAM/YqdfKq-H4dEJ
> ---
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nepsecure+...@googlegroups.com.
> Visit this group at http://groups.google.com/group/nepsecure.
> For more options, visit https://groups.google.com/d/optout.
>
Reply all
Reply to author
Forward
0 new messages