Walmart-exclusive Router and Others Sold on Amazon and eBay Contain Hidden Backdoors To Control Devices

[securitybreach]

Quote

Bernard Meyer, reporting for CyberNews:In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. CyberNews reached out to Walmart for comment and to understand whether they were aware of the Jetstream backdoor, and what they plan to do to protect their customers. After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: "Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it."

Besides the Walmart-exclusive Jetstream router, the cybersecurity research team also discovered that low-cost Wavlink routers, normally sold on Amazon or eBay, have similar backdoors. The Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks. We have also found evidence that these backdoors are being actively exploited, and there's been an attempt to add the devices to a Mirai botnet. Mirai is malware that infects devices connected to a network, turns them into remotely controlled bots as part of a botnet, and uses them in large-scale attacks. The most famous of these is the 2016 Dyn DNS cyberattack, which brought down major websites like Reddit, Netflix, CNN, GitHub, Twitter, Airbnb and more.

 

https://tech.slashdot.org/story/20/11/23/1926237/walmart-exclusive-router-and-others-sold-on-amazon-and-ebay-contain-hidden-backdoors-to-control-devices

[raymac46]

Pretty hard to get any network gear that isn't made in China these days. Maybe some stuff is designed in North America.

[securitybreach]

Very true

 

I just make sure to get name brand things from established companies. BTW our government spies as well  

[V.T. Eric Layton]

28 minutes ago, securitybreach said:

BTW our government spies as well  

 

That it does... along with #Big_Tech sucking data to enrich themselves and their customers.

[raymac46]

I used D-Link (Taiwan) for years then my ISP's gateway - Hitron (Taiwan). Now I have Linksys (US) bought by Cisco (US) then by Belkin (US) then by Foxconn (Taiwan.) Does this mean anything? Probably not.

In addition I have had Motorola modems (US) now owned by Arris (US.) My ISP has an Internet TV offering that also uses Arris modems. It's all too much for my little mind to comprehend.

[securitybreach]

Yeah, everything is manufactured in China

[raymac46]

I read today that some companies like Foxconn, Pegatron and Compal are planning to move production (mostly Apple stuff) out of China. So things might be changing a bit.

[V.T. Eric Layton]

Yes...

 

https://www.reuters.com/article/us-foxconn-vietnam-apple-exclusive/exclusive-foxconn-to-shift-some-apple-production-to-vietnam-to-minimise-china-risk-idUSKBN2860VN

[V.T. Eric Layton]

On 11/24/2020 at 12:05 PM, securitybreach said:

Yeah, everything is manufactured in China

 

Or, BY Chinese owned companies somewhere in the Far East.

[securitybreach]

Right...

[crp]

why was Walmart singled out ? 

btw: 

 

 

[crp]

My router had a firmware update available dated 1029. makes me think that they knew about things before publication.

Oddly, the firmware was applied without the router losing it's functionality.