NSA-inspired paranoia within the hacker community about the pervasiveness of the government’s power to compromise equipment may be bearing real fruit.
A curious computer security professional published findings Saturday that deconstructed the firmware code for some D-Link router devices and discovered a backdoor built directly into the code. By changing the user-agent in a web browser to “xmlset_roodkcableoj28840ybtide,” a user could bypass the security on the device and get online or control the higher functions of the router.
The hackers at devtts0.com say models DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 use the compromised firmware.
Note the name of the user-agent needed to bypass the router security, spelled backward: edit by 04882 joel backdoor.
D-Link’s international headquarters are located in Taipei, Taiwan, Republic of China.