OK, it was checked by Dan Rosenberg, a senior security researcher at Azimuth Security, who specializes in the reverse engineering of Unix and embedded devices
Now he states three facts. The third one is what confuses me
============================
The specifics of the vulnerability suggest that it was poorly programmed legitimate functionality rather than a secret backdoor. The authors had to leverage a directory traversal flaw in the handling of modem commands in order to cause the radio software to write outside of the /efs/root directory, which contains radio-related files. This suggests that the intended purpose of this functionality was rather mundane and not at all malicious, and that it was simply poorly implemented.
==============================
So, if it was poorly programmed/implemented then is it OK? .I am trying to find the explanation for words like "Bug" and "Vulnerability.
How did he come to the conclusion "not at all malicious" , can one determine the intent just by looking at code.
And , since it could be accidental , then it is not a secret backdoor (nevertheless , a Backdoor)
Sorry Sir, I find it hard to buy your 3rd (critical) fact.
For those of you interested , Here is my previous post on Bruce's view on the characteristics of a a good backdoor.
The links below has more information:
Previous Related Article:
No comments:
Post a Comment