Hidden Backdoor Found In Another Chinese Network Gateway
The headline reads Hidden Backdoor Found in Chinese-Made Equipment. Nothing New! Move Along!
That headline by itself should scare you.
Researchers found a hidden backdoor in a Double Technology GSM gateway used by telephone companies and VoIP providers. DblTek is based in Hong Kong.
According to the security firm Trustwave, there is an account called Dbladm that is not listed in the documentation and that is allowed to telnet into the device with Root (admin) access.
Unlike other manufacturer supplied userids which are listed in the documentation, this userid does not use a password which the user can change. Instead, it uses a challenge phrase from which the user needs to calculate a response in order to log in.
So lets see where we are right now?
#1 – Hidden userid, not in the documentation
#2 – User cannot change the password even if they found out the userid was there.
#3 – User cannot disable the account
#4 – the account uses a challenge rather than a password and the response to the challenge is pretty easy to figure out.
Once the user figures out the challenge response, they have full access to the device, can listen to traffic or use the device for other purposes such as launching a denial of service attack on other web sites.
In the “this would be funny if it wasn’t so scary” category, when the researchers told Dbltek about the security hole, they didn’t remove it, they merely changed the algorithm to make the response a little harder to calculate. Still easily hackable.
So why does the headline say NOTHING NEW?
Researchers have already found similar back doors in MVPower DVRs, RaySharp DVRs, Dahua DVRs, AVer DVRs and Foxconn firmware used in some (cheap) Android phones.
And remember, just because the equipment has a name brand on the face plate does not mean that there isn’t some nosy Chinese software in it under the covers.
In 2012 a former Pentagon analyst told the media that China had backdoors in the equipment of 80% of the world’s telecoms.
Think about that for a minute. The Pentagon says that the Chinese can listen to traffic from 80% of the world’s telecoms.
So why would you buy Chinese equipment for your network?
One word. Price.
Just consider that you are getting a little extra value with your purchase.
A Free (no extra charge) backdoor.
Nice.
So when you are considering buying network and computer equipment, dig a little deeper, ask more questions, do some research. It might just help you keep the Chinese out of your stuff.
Information for this post came from Bleeping Computer.