SoylentNews

DannyB [soylentnews.org] writes:

Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices [cybernews.com]

In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas [cybernews.com] and researchers James Clee [twitter.com] and Roni Carta, [twitter.com] suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" [mashable.com] wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network.

[...] After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: “Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it.”

Watch the video [youtube.com] below to hear directly from Sasnauskas, Clee and Carta about how they discovered the backdoors and what it means for everyday consumers.

Besides the Walmart-exclusive Jetstream router, the cybersecurity research team also discovered that low-cost Wavlink routers, normally sold on Amazon or eBay, have similar backdoors. The Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks.

We have also found evidence that these backdoors are being actively exploited, and there’s been an attempt to add the devices to a Mirai botnet. Mirai is malware that infects devices connected to a network, turns them into remotely controlled bots as part of a botnet, and uses them in large-scale attacks. The most famous of these is the 2016 Dyn DNS cyberattack, [cybernews.com] which brought down major websites like Reddit, Netflix, CNN, GitHub, Twitter, Airbnb and more.

In starting the research, Clee originally wanted to see what kind of security low-cost Chinese devices like Wavlink had: “I was interested in seeing how much effort companies were putting into security. I decided it would be a great hobby to buy cheap Chinese technology off of Amazon and see what I could find out.” He then got in contact with Carta and Sasnauskas at CyberNews.

“After talking to James about his discovery,” Carta told CyberNews, “I immediately tried to look for other companies using the same firmware, and found that Jetstream’s devices are also vulnerable. The research was interesting to understand where the vulnerability came from, and how a malicious actor could fully exploit it.”

What can we learn? If you want a safe router, get an American brand. [nationalinterest.org]

Original Submission