NETWORK EQUIPMENT MAKER D-Link has hurriedly prepared a patch for WiFi routers that are affected by a recent security alert.
Security researcher Craig Heffer of Tactical Network Solutions discovered a back door in seven models of D-Link equipment and two Planex routers that use the D-Link firmware. He described his findings in a blog post after reverse engineering the firmware.
The exploit appears to have been put there deliberately, and contains the words "edit by joel backdoor" in the source code. The reasons for including this vulnerability are unclear, but it appears to be a way for developers to make swift changes to the firmware during development. However, in the wrong hands, the exploit could allow a hacker to take control of a router and spy on the data communications activity of connected devices.
In a statement on its website, D-Link acknowledged the problem and said that it is "proactively working with the sources of these reports".
In the meantime, the company has posted an interim firmware update to address the problem, and also advised such helpful things as not opening unsolicited emails and disabling remote access, and said, "Make sure that your wireless network is secure."
Of course the people who are likely to read this advice are precisely the sort of people who would know that already.
The company stopped short of telling people not to poke forks into the toaster. It has, however, said that a full fix will be with us by the end of October. µ
Sign up for INQbot – a weekly roundup of the best from the INQ