Thousands of Chinese routers sold on Amazon have back doors

A joint effort by CyberNews’ principal information security researcher Mantas Sasnauskas and investigators James Clee and Roni Carta has uncovered suspicious backdoors on a China-made Jetstream router sold exclusively at Walmart as a new line of WiFi routers. “affordable”. This back door would allow an attacker to remotely control not only the routers but also all devices connected to this network.

CyberNews reached out to Walmart for a comment and to find out if they knew about the Jetstream backdoor and what they are doing to protect their customers. After a Walmart spokesman shared information about the affected Jetstream device, he informed CyberNews: Thank you for letting us know. We’re investigating the issue for more information. The item in question is currently out of stock and we have no plans to replenish it. “

In addition to Walmart’s exclusive Jetstream router, the cybersecurity research team found that low-cost Wavlink routers typically sold on Amazon or eBay have similar backdoors. Wavlink routers also contain a script that lists nearby Wi-Fi and provides the ability to connect to those networks.

We also found evidence that these backdoors are being actively used and attempts have been made to add the devices to a Mirai botnet. Mirai is malware that infects networked devices, turns them into remote controlled bots as part of a botnet, and uses them in large-scale attacks. The most famous of these is the 2016 Dyn DNS cyberattack, which shut down important websites such as Reddit, Netflix, CNN, GitHub, Twitter, Airbnb and others.

Of the known devices that Mirai was affected in the 2016 Dyn cyber attack, the majority of them were routers:

Hidden back doors in millions of devices

One of the most fascinating aspects of this investigation was the discovery of suspicious backdoors that were activated on all devices.

Backdoors are a means for an authorized or unauthorized person to gain access to a closed system, in this case a router, that bypasses standard security measures and takes control known as root access. In fact, this type of secret backdoor access is one of the main reasons the US, Germany, and other governments around the world vetoed Huawei when they discovered the Chinese company could secretly access sensitive information on devices. to sell.

Source: Cybernews

Copyright © Grupo Edefa SA Reproduction, in whole or in part, of this article is prohibited without the prior authorization of the publisher.

Back to top button