The backdoor affecting Sercomm wireless DSL routers has not been fixed, and lays hidden in the latest version of the devicesâ€™ firmware to intercept usersâ€™ home traffic, according to Ars Technica.
In December 2013, Eloi Vanderbecken discovered hackers could exploit his parentsâ€™ Linksys Wi-Fi router to gain administrative rights and manipulate local network resources without admin credentials. The device was listening on an undocumented Internet Protocol port number (32764) which allowed him to execute several commands, including running a script and enabling administrator privileges.
Allegedly, the backdoor required the attacker to be on the local network. The raw Ethernet packets were sent from within the local wireless LAN or from the Internet service providerâ€™s equipment. Vanderbeken later reported some routers could be hijacked via the Internet as well, leaving them vulnerable to remote attacks.
As a result, the systems based on the same Sercomm modem, including home routers from Netgear, Cisco and Diamond, have published an update meant to seal the vulnerability. However, the researcher recently disclosed that the communications flaw persists in the new code. The backdoor can be reactivated through a network packet used by â€œan old Sercomm update tool.â€ The packetâ€™s payload is an MD5 hash of the routerâ€™s model number (DGN1000).
Once the backdoor is turned back on, it monitors TCP/IP traffic and allows hackers to send commands to the router, including a screenshot of its entire configuration. It also gives access to hardware features such as blinking the routerâ€™s lights.
Due to the variety of models and manufacturers, the number of devices affected is unknown. The manufacturers have not issued an official response up to this point.