Linksys/Netgear Backdoor Part 2

linksys backdoorRemember the backdoor that was discovered in Linksys and Netgear routers a short time ago? Remember when they fixed it?

Not so fast.

It turns out that they didn’t fix it, they “fixed” it. Eloi Vanderbeken of Synacktiv Digital Security, the guy who found the original backdoor, has discovered that the “fix” simply hid the original problem without really fixing it. In a presentation he made describing his revelationVanderbeken claims that the backdoor still exists but is dormant until a special sequence of packets is sent to the device. This sequence can come from the LAN side of the network “Or if you’re an Internet provider”.

Given this information, it’s unclear whether this backdoor is simply an accident or put there for a reason. Vanderbeken makes it very clear what he believes when he states “It’s DELIBERATE“.