HFU HF Underground

Technical Topics => Equipment => Topic started by: NJQA on July 16, 2021, 0009 UTC

Title: KiwiSDR backdoor
Post by: NJQA on July 16, 2021, 0009 UTC

https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

Title: Re: KiwiSDR backdoor
Post by: NJQA on July 16, 2021, 1305 UTC

Check to see that your KiwiSDR is updated to V1.461.

www.kiwisdr.com

Title: Re: KiwiSDR backdoor
Post by: ChrisSmolinski on July 16, 2021, 1655 UTC

Quote from: NJQA on July 16, 2021, 0009 UTC

https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

On Wednesday, users learned that for years, their devices had been equipped with a backdoor that allowed the KiwiSDR creator—and possibly others—to log in to the devices with administrative system rights

FWIW, this has been public knowledge since at least 2017, not just since Wednesday. We're better off without this 'feature' as it was implemented, but I'm not sure we need to get the pitchforks out either :)

And yes, update to 1.461.

Title: Re: KiwiSDR backdoor
Post by: syfr on July 20, 2021, 0304 UTC

Agree entirely, Chris.

The auto update brought my Kiwis up to the recommended rev.