Responsáveis: 
* Raphael Bastos aka coffnix
* Ewerson Guimarães aka Crash
* Gabriel Lanzi aka Glanzi

Who put the backdoor in my router?

Research Information

This is a INDEPENDENT research conduced by two freaks:

Raphael Bastos(Coffnix) - That efectvitly found the backdoor.

Ewerson Guimarães (Crash): Continue the research, did more device tests and contact with vendors.

Abstract

For quite some time we have been seeing espionage cases reaching countries, governments and large companies.

A large number of backdoors were found on network devices, mobile phones and other related devices, having as main cases the ones that were reported by the media, such as: TPLink, Dlink, Linksys, Samsung and other companies which are internationally renowned.

This article will discuss a backdoor found on the modem / router XXX, equipment that has a big question mark on top of it, because there isn’t a vendor identification and no information about who’s its manufacturer and there are at least 7 companies linked to its production, sales and distribution in the market. Moreover, some of them never really existed. Which lead us to question on the research title: “Who put the backdoor in my modem?”

Detailed Outline

In a recent research on a RTA04N device, supplied by GVT (Brazilian ISP) we have found some intriguing facts:

The vendor’s website does exist, but has only one screen with its logo, without any other links to other areas such as manuals, support and firmware

The device has the mac started by E4:C1:46 referring to the company: Objectivo y Servicios de Valor Anadido – which in the end, refers directly to ObservaTelecom

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf;hb=HEAD