From time to time, people receive notifications from their Internet Service provider (ISP) informing them of problem with an internet-connected device in their home that is interfering with the ISP's network in the area. In the past, many of these cases were traced to the Television Boxes purchased from Asia to watch television without paying for cable charges or invasion of personal computers by malicious software.
These issues go away when the Television boxes are disconnected and/or the personal computers are scanned by anti-virus programs and the malware removed. In extreme cases, hard drives have to be wiped out and re-formatted. These days, another culprit emerges after extensive research is done by some very competent technical people in the computer business.
In an article titled “Walmart-exclusive router 路由器and others sold on Amazon & eBay contain hidden backdoors to control devices”, security researchers described their discovery of suspicious backdoors in Chinese-made Jetstream and Wavlink routers sold in WalMart, Amazon, and Ebay. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network.
The Research team claimed that Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks. The backdoors are being actively exploited, and connected devices are added to a Botnet 僵尸网络through a malware named “Mirai” turning the devices into remotely controlled bots (zombie) as part of a botnet, and uses them in large-scale attacks known as “cyberattacks” on targeted networks.
尽管Jetstream与是沃尔玛的独家品牌，但生产Jetstream的厂家还以Ematic等其他品牌出售路由器。人们几乎搞不清究竟是哪家中国公司生产这些路由器。研究人员认为，Jetstream和Wavlink都是位于深圳的Winstars Technology Ltd的子公司，后者与Wavlink的公司地址相同。 “ WAVLINK”大约有1,000名员工，在深圳有一家工厂。它还在香港的一家商务中心有办公室，在美国加州有一家研究所。当对这些公司的网络中继器进行测试时，结果显示他们都有集体参与网络攻击的功能。
While Jetstream has an exclusive deal with Walmart, it is also sold under other brand names like Ematic, there is very little information available about which Chinese company actually produces these products. The security researchers believe that both Jetstream and Wavlink are subsidiaries of a Shenzhen-based company known as Winstars Technology Ltd that shared the same physical address as Wavlink. There are approximately 1,000 people working in the “WAVLINK group, including one factory in Shenzhen, China, one business centre in Hong Kong, and one research facility in California, USA. When network repeaters 网络中继器from these companies were also tested, they all showed the same exploit chain.
Both authorized and unauthorized persons use “Backdoors” to gain access to a closed system – in this case, a router – by bypassing the standard security measures and take control, which is known as root access 根访问权限. It is common for routers that you get from your local ISP to have a type of backdoor enabled on the device – usually for admin purposes (authorized) to assist you if you have any problems when you call for technical support – there’s one thing to remember: Wavlink and Jetstream accesses are unauthorized since they are not ISPs.
In fact, this type of secret backdoor access is a major reason that the US, Germany, and other governments around the world have banned Huawei when they found that the Chinese company could secretly access sensitive information for devices that it sold.
Are the “Blackdoors” a careless mistake or an intentional design? Next time, we will finish revealing the security research team's findings.
我们鼓励所有读者在我们的文章和博客上分享意见。We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. Visit the FAQ page for more information.