There is a suspicious backdoor in an inexpensive router made in China, and there are also attempts to actively abuse it

A collaborative study between security researcher Mantas Sasnauskas of news site CyberNews and researchers James Clee and Roni Carta revealed that cheap routers made in China have a suspicious backdoor. ..

Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices | CyberNews

The existence of backdoors has been pointed out in Wal-Mart's exclusive 'Jetstream' brand routers and the 'Wavlink' brand routers sold on Amazon and eBay.

According to the research team, there were attempts to add terminals to the botnet of Mirai , a malware that caused an unprecedented DDoS attack in 2016, for these routers.

An unprecedented DDoS attack of 1 terabit per second occurred, and the attack source was hacked 145,000 webcams --GIGAZINE

By Mike Mozart

The research team came to this fact when Clee was interested in 'What kind of security does a low-priced Chinese router have?' When I bought a Wavlink brand router from Amazon, there was a backdoor, so I suspected that there was a similar hole in the router using the same firmware and expanded the scope of investigation, but I backed up with a Jetstream brand router. The flow is that the door was found.

Researchers didn't accidentally have a backdoor, as these routers provided a simple GUI for remote code execution, apart from what was displayed for router administrators. It points out that it is intentional.

Jetstream has an exclusive contract with Wal-Mart, and it is said that it also uses the brand name 'Ematic', but it seems that it is not possible to know what kind of company it is manufacturing.

On the other hand, Wavlink is known to be a company headquartered in Shenzhen. However, it seems that there is no reply to the inquiry of CyberNews.

Sasnauskas and colleagues researched corporate information and found that Wavlink and Jetstream are subsidiaries of a Shenzhen company called 'Winstars Technology Ltd.'. Although detailed information about Winstar Technology has not been released, the company has annual sales of $ 40 million to $ 45 million and exports 95% to 99% of its products. I heard that I knew that. Since the company's monthly production of routers is '1 to 2 million', it means that a maximum of 12 to 24 million routers with backdoors are on the market every year.

The research team commented that if you are using Jetstream and Wavlink routers, it is best to stop using them immediately and replace them with routers from reputable manufacturers. In addition, regardless of whether or not you continue to use the corresponding router, after temporarily disconnecting the Internet connection, you can scan the connected terminal for viruses and use it for login passwords and Internet services. I advise you to change your password.