Chinese routers sold on Amazon, Walmart, and eBay have backdoors in them that are already being exploited by hackers.
Senior information security researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, in collaboration with CyberNews, have discovered that the Jetstream routers sold exclusively by Walmart have a backdoor that hackers as well as all devices connected to the network could be remotely controlled.
Researchers also found similar backdoors in low-priced Wavlink routers, also made in China and sold on Amazon and eBay.
These backdoors essentially allow hackers to gain unauthorized access to virtually closed systems.
Once access to a router, whether in the home or office, is gained, the hacker has a pathway to exploit other devices connected to that network. And this can be done without the hacker being aware that the hack is taking place.
While some router backdoors require physical access, these router backdoors and the hidden administrator-level user interface for them can be accessed remotely from across the Internet. This hidden interface is different from the standard administrator interface accessible to authorized users on the local network.
Once hackers reach this user interface, they can discover the router's user name and password by inspecting the HTML code of the administrator page. If that information is found in the page's JavaScript, the hacker will have the information needed to log into the administrator controls and gain remote access to the router.
"We have also found evidence of active exploitation of these backdoors, with attempts to add devices to the Mirai botnet... Mirai infects devices connected to the network, turning them into bots that are remotely controlled as part of a botnet, which can then be used to launch large-scale malware that is used in large-scale attacks," CyberNews explains.
The Mirai botnet is one of the largest in the world. It is essentially a massive network of routers and other "Internet of Things" devices that can be used for large-scale cyberattacks, from spreading malware to executing distributed denial-of-service (DDoS) attacks. In 2016, it took down a lot of Internet access on the East Coast of the United States. Mirai botnet.
In short, the fact that these backdoors are being placed in routers that are positioned as affordable devices, devices that could be sold in large numbers, means that many people could be victims of cyber attacks, which is quite alarming This is quite alarming.
When CyberNews contacted Walmart to learn more about the problem, the retailer said it was investigating the issue and that it no longer had any affected Jetstream routers in stock and had no plans to restock. However, that still means that a huge number of routers are still out in the wild and may contain active vulnerabilities.
This is because Internet service providers tend to have backdoors in the routers they provide to their customers for remote diagnostics and updates.
However, Winstars Technology Ltd, to which the Jetstream and Wavlink bands belong, is not an ISP.
The fact that this backdoor leads to a user interface accessible via the Internet means that these vulnerabilities can be exploited fairly easily by hackers with knowledge of backdoors. This knowledge first surfaced in April, when CyberNews and researchers discovered that backdoors were being actively exploited.
One might also wonder why such backdoors exist in two seemingly different routers. The researchers found that they are manufactured by the same company based in Shenzhen, China, and that the Jetstream model is effectively a white-label version of the Wavlink router. (As of this writing, the Wavlink router, which sells for $36.99, is Amazon's Choice. )
These security issues are a problem with cheaper routers, where quality control and security firmware testing may not be done as well as with more expensive routers.
If you have one of these Jetstream or Wavelink routers, your best bet is to remove them. Currently, there does not appear to be a firmware fix for the backdoor.
Unfortunately, this is one of those cases where you pay the price you pay. We suggest trying to buy the best router you can afford.
However, we also recommend that you check out our selection of the best Wi-Fi routers. Also, don't forget to change your admin password so that hackers can't get lucky guessing your common admin password.
.
Comments