The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: router backdoor

NSA Reportedly Intercepts US-made Internet Routers to Install Spyware

NSA Reportedly Intercepts US-made Internet Routers to Install Spyware

May 13, 2014Swati Khandelwal
The US Intelligence Agency, NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering " backdoors " and other spywares before they are exported and delivered to the international customers, reported by the Guardian. Yesterday in a published excerpt of his forthcoming book, " No Place to Hide ", Journalist Glenn Greenwald underlines the interest of National Security Agency in planting backdoors in U.S. suppliers' routers and other networking devices in order to carry out its massive surveillance program. " A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit ," Greenwald said. " The NSA routinely receives — or intercepts — routers, servers and other computer network devices being exported from the US before they are delivered. " While US government is always prohibiting the purchase of Huawei products due to suspected
Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

April 20, 2014Swati Khandelwal
At the beginning of this year, we reported about the secret backdoor 'TCP 32764' discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken , who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file 'scfgmgr' which contains the backdoor is still present there with a new option " -l ", that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse en
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.