中英对照：中国生产的路由器可能会有后门

 

 

许多人有时会收到来自网络服务商的通知，告知他们家中与网络链接的设备正在干扰周边地区的网络运行。过去，这类问题可追溯到那些从亚洲来的可以让你免费看电视节目的电视盒，或者是因为恶意软件进入了你的电脑。

 

From time to time, people receive notifications from their Internet Service provider (ISP) informing them of problem with an internet-connected device in their home that is interfering with the ISP's network in the area. In the past, many of these cases were traced to the Television Boxes purchased from Asia to watch television without paying for cable charges or invasion of personal computers by malicious software.

 

通常，你只要断开电视盒，用扫毒软件清理电脑，这些问题就消失了。在个别情况下，你须清除硬盘驱动器并重新格式化才能解决问题。如今，在进行了广泛的研究之后，计算机行业中一些专家又发现了造成网络运行问题的另一个罪魁祸首。

 

These issues go away when the Television boxes are disconnected and/or the personal computers are scanned by anti-virus programs and the malware removed. In extreme cases, hard drives have to be wiped out and re-formatted. These days, another culprit emerges after extensive research is done by some very competent technical people in the computer business.

 

网络安全研究专家发表了一篇题为“沃尔玛专卖的路由器，以及在亚马逊和易贝上出售的有些路由器有隐藏的远程控制功能”的文章。专家们说，他们在沃尔玛，亚马逊和易贝上出售的中国制造的Jetstream和Wavlink路由器中发现可疑的漏洞（也称“后门“）。这些后门不仅可以让不速之客远程控制路由器，而且可以远程控制与其连接的任何设备。

 

In an article titled “Walmart-exclusive router 路由器and others sold on Amazon & eBay contain hidden backdoors to control devices”, security researchers described their discovery of suspicious backdoors in Chinese-made Jetstream and Wavlink routers sold in WalMart, Amazon, and Ebay. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network.

 

文章称，Wavlink路由器还包含一个不仅能列出周围的WiFi信号，而且可以连接到这些WiFi的功能。这一后门已经被人利用。他们将连接的设备通过一个叫“ Mirai”的恶意软件将其成为远程控制僵尸。你与网络连接的设备会在你不知情的情况下参与大模网的络攻击。

 

The Research team claimed that Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks. The backdoors are being actively exploited, and connected devices are added to a Botnet 僵尸网络through a malware named “Mirai” turning the devices into remotely controlled bots (zombie) as part of a botnet, and uses them in large-scale attacks known as “cyberattacks” on targeted networks.

 

尽管Jetstream与是沃尔玛的独家品牌，但生产Jetstream的厂家还以Ematic等其他品牌出售路由器。人们几乎搞不清究竟是哪家中国公司生产这些路由器。研究人员认为，Jetstream和Wavlink都是位于深圳的Winstars Technology Ltd的子公司，后者与Wavlink的公司地址相同。 “ WAVLINK”大约有1,000名员工，在深圳有一家工厂。它还在香港的一家商务中心有办公室，在美国加州有一家研究所。当对这些公司的网络中继器进行测试时，结果显示他们都有集体参与网络攻击的功能。

 

While Jetstream has an exclusive deal with Walmart, it is also sold under other brand names like Ematic, there is very little information available about which Chinese company actually produces these products. The security researchers believe that both Jetstream and Wavlink are subsidiaries of a Shenzhen-based company known as Winstars Technology Ltd that shared the same physical address as Wavlink. There are approximately 1,000 people working in the “WAVLINK group, including one factory in Shenzhen, China, one business centre in Hong Kong, and one research facility in California, USA. When network repeaters 网络中继器from these companies were also tested, they all showed the same exploit chain.

 

无论是否得到授权，居心叵测的人都可使用这些路由器的“后门”来对根访问，从进入系统内部。你在本地网络供应商中得到的路由器虽然也有“后门”功能，但那是你事先给了网络供应商的访问权限。这种权限通常是出于网络管理，比如技术支持。你需要牢记的是，Wavlink和Jetstream不是网络供应商，他们没有权利访问你的设备。

 

Both authorized and unauthorized persons use “Backdoors” to gain access to a closed system – in this case, a router – by bypassing the standard security measures and take control, which is known as root access 根访问权限. It is common for routers that you get from your local ISP to have a type of backdoor enabled on the device – usually for admin purposes (authorized) to assist you if you have any problems when you call for technical support – there’s one thing to remember: Wavlink and Jetstream accesses are unauthorized since they are not ISPs.

 

事实是，这种人不知鬼不觉的后门是美国，德国和世界其他国家禁止华为的主要原因，因为他们发现华为可以查看网络中的敏感信息。

 

In fact, this type of secret backdoor access is a major reason that the US, Germany, and other governments around the world have banned Huawei when they found that the Chinese company could secretly access sensitive information for devices that it sold.

 

“ 后门”是设计软件过程中的人为失误，还是有意加进去的？我将在下篇文章中介绍研究人员是怎么说的。

 

Are the “Blackdoors” a careless mistake or an intentional design? Next time, we will finish revealing the security research team's findings.