Possible Backdoor Found in Chinese-Made Routers

A Netis 300-Mbps wireless-N router. Credit: NetisA Netis 300-Mbps wireless-N router. Credit: Netis

Wireless routers from Chinese networking-equipment manufacturer Netcore may contain a backdoor, security experts say. If true, then criminals or spies could take over the routers, infect them with malware or dismantle the routers' security settings.

Over 2 million vulnerable devices appear to be currently in use, said Tokyo-based security company Trend Micro in a blog posting earlier this week. Most of the routers are in China, but others are located in South Korea, Taiwan, Israel and the United States, where they're sold under the brand name Netis.

The Netcore and Netis lines include both residential and enterprise routers. If Netcore does not patch the vulnerability, Trend Micro says, owners' safest option might be to simply buy a new router.

MORE: Your Router's Security Stinks: Here's How to Fix It

"Backdoor" is a shorthand term for a hidden access method that bypasses normal security in computer hardware or software. For example, your laptop might have an administrator password that only you know, but the laptop's manufacturer may have built in a backdoor that lets tech-support personnel access the machine without the admin password — helpful if you forget the password or need help fixing your computer.

But there are backdoors, and then there are backdoors. If the one on your laptop can be compared to a sturdy, locked door, then the one on Netcore routers may be a screen door that flaps open in the breeze.

The Netcore backdoor can be accessed from anywhere on the Internet so long as the router has an externally accessible IP address — and most routers that handle Internet traffic would. (Specifically, the backdoor is an open UDP port listening at port 53413.)

Trend Micro said it contacted Netcore's headquarters in Shenzhen, China, but did not receive a response. Fear that Chinese networking equipment may contain backdoors has led several Western countries to bar certain Chinese companies from government contracts.

It would be easy for attackers to do a scan for IP addresses with that port open to the UDP protocol, which is exactly what Trend Micro did to estimate how many of Netcore and Netis routers may be in use. (Apple uses port 53413 for storage-system software, but it listens for the different TCP protocol.) If attackers knew the specific IP address of a Netcore router they wanted to access, it would all the better to hack you with.

You can check to see whether your router has port 53143 open by using Gibson Research Corporation's free Shields Up online port scanner.

The password to gain administrative access to a router using this port is written into each Netis/Netcore device's firmware — it can't be changed. Every single Netis/Netcore router, Trend Micro said, has the same password for the backdoor.

If attackers get the password and access the router's external IP address, they'll be able to log into the router as well as upload and run files to it. The attackers could also change the DNS settings, redirecting users to malicious websites, or conduct man-in-the-middle attacks that secretly control both ends of a communication or transaction.

Only one Netis/Netcore router appears to support open-source router firmware like dd-wrt or Tomato, Trend Micro said without naming the model.

"Users have relatively few solutions available to remedy this issue," Trend Micro said. "Aside from [replacing the firmware], the only adequate alternative would be to replace these devices."

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Off-Topic / General Discussion forum about this subject
This thread is closed for comments
2 comments
Comment from the forums
    Your comment
  • kissmye
    dd-wrt supported: NETCORE NW618 PB20
    0
  • axefire0
    This backdoor is obviously intentional and pre-meditated through the instructions of the Chinese Communist Party (CCP).
    0