Backdoor Found in Many Consumer Routers and Wireless Access Points

When’s the last time you updated the firmware in your router?  For almost all of you, the answer will be one of these:

  • Never
  • My router needs updates?
  • What’s a firmware?
  • router? what’s that?  I just connect to the Internet through that thingy over there.
  • I’m still waiting for this whole Internet thing to catch on before I decide to get rid of my 56K dial-up modem (if this is you, stop reading this article now and call an ISP!)

If you have wireless Internet or you have the capability of connecting more than one device to the Internet, you have a router.  This piece of hardware is connected to (or built in to) the modem (Cable/DSL/Fiber, etc) from your Internet Service Provider.

About a week ago, it was found that port 32764 is ‘open’ on many models of Linksys and Netgear routers (2 very popular router manufacturers).  This would potentially allow bad guys to get into your router and do things like reset it or add malicious monitoring software.  There has been a significant increase in traffic on this port since this exploit was discovered.  You can get find a list of many of the models that are affected here:

https://github.com/elvanderb/TCP-32764

You can use the ‘Shields Up’ website to check if this port, or other openings exist on your network by going here:

https://www.grc.com/shieldsup

The good news is that there are things you can do to ‘plug’ this hole.  You could set your router’s firewall settings, to specifically block this port.  There may actually be a firmware update that you can download that fixes this problem on your specific router (go to the support/download webpages for your specific router to find out – this may be good to do anyway).  There are also a few open source firmware options that may be available to install on your router that are safer and may add options to your network.   As a last resort, replacing your router is another option.

If you need any help to test for this security vulnerability or other security issue, we have experienced technicians at Discount Computer Service who can do this configuration for you and/or analyze your computers and network for other potential security problems.  410-358-7300.  Thanks!

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *