It’s a “trick” disguised as a “treat.” Your trustworthy D-Link router may actually be letting “demons” through the back door as we write. According to IT World in an article published October 14th, a backdoor found in firmware used in a number of D-Link routers can allow entry by attackers who want to change your device’s settings and survey your data.
Craig Heffner with Tactical Network Solutions discovered this vulnerability. He says that this occurs when the browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.” Through this setting an attacker can reroute susceptible D-Link router traffic to their own server, and read any unencrypted data.
WHAT TO DO?
- Be sure to check your D-Link router to see if it’s susceptible. The model numbers in jeopardy include: D-Link’s DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and possibly the DIR-615.
- Plus if you use routers made by Planex, they too can be affected. These model numbers are: BRL-04UR and BRL-04CW.