Latest in D-link

Image credit:

Leaked D-Link code-signing key could make malware look legit

Sean Buckley, @seaniccus
September 18, 2015
Share
Tweet
Share

Sponsored Links

When your company is known for making wireless routers, network switches and home security cameras, leaking your code-signing private keys yourself is the last thing you want to do. Back in February, that's exactly what D-Link did, accidentally leaving a valid key visible in its open-source firmware. If found by an attacker, the key could have been used to make malware that can pass as official software from D-Link -- malware that wouldn't trigger security warnings when installed to Windows or OS X machines.

That's bad, but luckily would-be attackers would have had to stumble across the key weeks ago -- the leaked certificate expired earlier this month. Still, that means software created using the key between February and September is still valid. D-Link says it's issuing more firmware updates in the near future to address the issue

In this article: d-link, dlink, key, leak, router, security, verify
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
'Marvel's Avengers' hasn't turned a profit yet

'Marvel's Avengers' hasn't turned a profit yet

View
The best TV deals we could find for Black Friday

The best TV deals we could find for Black Friday

View
'Star Wars Squadrons' next-gen update packs 4K, 120 FPS tweaks

'Star Wars Squadrons' next-gen update packs 4K, 120 FPS tweaks

View
CD Projekt Red shows off 'Cyberpunk 2077' next-gen gameplay

CD Projekt Red shows off 'Cyberpunk 2077' next-gen gameplay

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr