UAE forcing to use routers with backdoor from D-Link UK

TNT_BOM_BOM · 2015-12-31 12:09:07 UTC

the ISP called Etisalat which is in UAE (United Arab Emirates) , they are using new strategy of forcing their surveillance on the ppl. they have used trick to lie on ppl, which is:-

they are calling & sending messages to UAE ppl , and telling them you can upgrade your internet speed from X megabit to 20 megabit with free router and wireless telephone.

now is this problem? no , but here is the deception inside this:-

they will force you to use their router because there will be no internet connection from your router. and their router is D-Link DIR 850L with etisalat firmware (not the original D-Link firmware). their firmware has the a backdoor inside it , which give the ability to any etisalat employee accessing the router and do/change what ever they want inside it. not to mention the firmware is closed source for sure, and MAYBE contain malicious programs inside it like e.g spyware or …etc.

but what is for sure now the firmware has a backdoor inside it.

and also you CANT go back to the original speed that you were using + your router. and also adding fees about 200$ if will cancel the internet.

and if you ask them why are you doing this? their answer is:-

we want to serve our customers as we can give them full support when having a problem regarding connectivity with routers.

(as you see very cheap excuse to kill your freedom of choice on routers with high security level and also achieving the goal which is killing your privacy)

can that effect Tor security/connectivity ?

Ego · 2015-12-31 12:23:13 UTC

Good day,

Sounds rather bad, especially if they’d include their own SSL certificate in the firmware, as to eavesdrop on https connections. However, I have to say that I couldn’t find anything about this anywhere else, which makes it hard to judge on how this would affect Tor users. Maybe pluggable transport helps, maybe they use a more advanced method, maybe they combine a few things (like the Chinese government, which to make obfs2, 3, etc. useless, pretty much pings every server on the net to see, whether it answers in anyway according to the Tor protocol and blocks it).

So, it would be great to get some more information, otherwise it will be hard to judge.

Have a nice day,

Ego

P.S.: Just a thought, do you have an image of the firmware? Maybe someone in the community could reverse engineer it to a certain degree.

TNT_BOM_BOM · 2015-12-31 13:30:06 UTC

yeah it is bad.i dont think anyone talked about it yet except me.

i dont think there is an downloadable image but i will try to find it.

TNT_BOM_BOM · 2015-12-31 13:45:23 UTC

maybe these answers explaining some of the issue:-

Patrick · 2016-01-01 17:20:36 UTC

Tor / Whonix doesn’t expect/rely on a trustworthy internet connections
but it certainly is a lot safer if your ISP is not actively attacking you.

TNT_BOM_BOM · 2016-01-04 13:38:13 UTC

the firmware is not possible to be available for download , and i think it is clear why not …

Fizzy_Joon · 2016-01-05 03:50:43 UTC

Yes you right and i got it already,
and when i replaced their router with another from after market, didnt work, as i called them already and explained my issue, they told me that i cant use another router except the one they provided for me which it is: D-Link DIR-850L.
Thats bad i cant use my preffered router instead.

TNT_BOM_BOM · 2016-01-05 12:36:02 UTC

warn whoever u know from this spying game , it is not just using the preferred router but their router has a backdoor inside it = welcome surveillance

Fizzy_Joon · 2016-01-05 12:55:04 UTC

I did already, Thx for replying

Fizzy_Joon · 2016-01-06 05:15:26 UTC

TNT_BOM_BOM

I did already some research to help this article to be understood for thoses who’s passing by to read your post.
Take a look at this link for more datiled info:
http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/

Unfortunately, UAE Etisalat did worst than D-Link already did is flush it with edited the alpha firmware it self so won’t be able to even upgrade the router in the future and locked it with their own (CUSTOM) FW.
am not an IT expert thou but here is what i could grab yet.
Its an auto config url that been attached in the router they installed for me:

TR-069 Configuration
http://86.96.241.17:7547/ACS-server/ACS/DXB-OMS-ZO02/1-1-6-555-gponport-600

I guess this is where the router takes a place including the router’s MAC address for banning any other router to get it work with the ISP.
Not sure thou.

TNT_BOM_BOM · 2016-01-06 15:06:53 UTC

thnx i c , etisalat need to be hacked from their own routers which will give them a V.Good listen. but who is the volunteer for this …

maybe if u spread this to the anonymous group or any other hacking groups , they might give a good hand help in destroying this spying project.

Joem042379 · 2017-08-09 10:02:11 UTC

Hello,

You can change to any router but you must tag theVLAn to ID 21 or 31.

Then ur PPPoe will work…

Etisalat using VLAN so if u have normal router only then ur PPPOE will not work if that is third party router.

Joem042379 · 2017-08-09 10:03:39 UTC

Hello,

You can change to any router but you must tag theVLAn to ID 21 or 31.
Then ur PPPoe will work…

Etisalat using VLAN so if u have normal router only then ur PPPOE will not work if that is third party router.

TNT_BOM_BOM · 2017-08-13 19:32:16 UTC

its not about Vlan , its about upnp. if the router support upnp design then it will work. which is an absolute security dangerous.

khalid · 2018-02-20 05:04:37 UTC

It is not true that you cant use any router. You have in fact the freedom of choice to select whatever router u want to use. You only need to configure the proper VLAN ID.
I am using a 850L router with stock firmware and it works like a charm.
Even if you dont know the correct vlan id you can still figure it out after few trial and errors. Try 21,24,27 or 31. 21 worked in my case although when I asked etisalat helpline they told me it should be 24 which did not work.

DCC · 2018-02-21 19:39:14 UTC

practice of use replacing https ceritficates is widely used in our days by semi-feodalic countries, as kazahstan, uzbekistan for example - but anyway they still have working services there, as local business, and which more important, equipment need it -

may try pick a proxy from one of these countries from public lists or google buy socks 1 proxy for up to $1 month or shared between 1-3 user proxy up to $0.5 a month, every is socks/http, and wardrive it)))

so all u need - is any IP (web address) which not blacklisted by your https kill firewall, that all - connect it via any free port (any proxy server able to work at any port - so if you will not be able to reach any other country at all so it will be North Korea intranet but not internet) - and then connect to TOR from it, forward. I think so))

also any RDP works on whichever port you wish - and if provider uses DPI (deep packet inspection) you need any VPN that use encryption, almost every. but as above, some kill every secure connection - but still, as they not closed to international traffic - accept google with their own SSL, china accept their own Ali Cloud opened to other world - so you just use Google VPS / proxy or Ali VPS / proxy for example, and OK.

there are few surrealistic fantasies as in russia, to make internet between BRIC for example - but there was and there present, as old good fido, already darknet sites wwh-club.net / .bit (Blockchain DNS) for example etc, which have TOR and Blockchain DNS mirrors and sure they will have communication in this BRIC and outbound gates sale)))

except only case people will have no phones at all as eg in North Korea, as even there you might hide a node in their intranet under DNS Blockchain))) and just such a passive modems with provider firmware, now hangs on every PON even mine there in russia so for the moment there no reason to worry above…

TNT_BOM_BOM · 2018-02-23 13:29:53 UTC

u CANT use any router EXCEPT if its support and only UPNP connection. and even ur router image isnt from etisalat this is the router from etisalat:-

your image is D-Link framework not etisalat.

and add to this there is SAMBA vulnerability inside it and been hacked through metasploit check here:-

(Content in arabic)

that been said , this is before 2 years and now the contract finished (mostly for all since that time), u can raise a complain against the upnp connection and change it to non-upnp connection and throw the router of etisalat and use ur own router.

khanjar · 2018-03-19 08:57:34 UTC

i have called etisalat and told them i would like to disable PNP feature
they tried to convince me not to ( it will be hard to support you in the future the speed might reduced … bla bla bla )
i insisted so they register my request after 1 hour one guy from etisalat called me and told me (i will cancel your PNP please note that the router will stop working and you have to configure your own router )
and its done

now if you like to use the etisilat router dlink 850 as extender or AP do the following
1- download the firmware from dlink website
2-set your computer to static ip adress 192.168.0.2 and default gateway is 192.168.0.1
3- plug the Ethernet to the lan port neareast one to the wan port
4-enter the dlink recovery mode by removing the power press and HOLD the reset while enter the power plug
,

5- pluge the eathernet to the lan port neareast one to the wan port
6- open browser ( 192.168.0.1 )
7-dlink recovery web page well load and you can upload stock firmware and use it as AP

Marsikus · 2018-04-15 08:26:16 UTC

As far as i concerned, original D-link DIR-850L firmware is not any better. I have searched over the internet and seen plenty of articles describing vulnerabilities and ways to hack this model of router. So if you concern about security, then better to choose more secure router by design, not Dlink.

TNT_BOM_BOM · 2018-04-18 22:27:00 UTC

yeah thats what have been choosen by UAE ISP to force it on their ppl.