Chinese-made routers that have been sold at Amazon, Walmart and eBay seem to have backdoors in them that are already being exploited by hackers.
Senior information security researcher Mantas Sasnauskas and researchers James Clee and Roni Carta worked with CyberNews to find that a Jetstream router sold exclusively by Walmart had a backdoor and enabled hackers to gain remote control over not only it, but also any devices connected to the network.
The researchers also found that low-cost Wavlink routers, also made in China and sold on Amazon and eBay, have similar backdoors.
- Check out what we rate as the most private VPN
- The best identity-theft protection services
- Plus: Forget M1 MacBooks: Now Chromebooks are ditching Intel, too
These backdoors basically allow hackers to gain unauthorized access to what’s effectively meant to be a closed system.
Once access has been gained to the router, whether it’s in a home or an office, a hacker then has a route to exploiting other devices connected to that network. And this could be done without people noticing that hacking is taking place.
While some backdoors in routers require physical access, the backdoor in these routers and a hidden admin-level user interface for it can be accessed remotely from across the internet. The hidden interface is different from the standard admin interface accessible to authorized users on the local network.
Once a hacker has got to this user interface, they can discover the username and password for the router by inspecting the admin page’s HTML code. Once that's found in the page's JavaScript, they will have the information they need to log into the admin controls and thus gain remote access to the router.
Already under attack by a botnet
“We have also found evidence that these backdoors are being actively exploited, and there’s been an attempt to add the devices to a Mirai botnet. Mirai is malware that infects devices connected to a network, turns them into remotely controlled bots as part of a botnet, and uses them in large-scale attacks,” explained CyberNews.
The Mirai botnet is one of the largest in the world. It’s basically a huge network of routers and other "internet of things" devices that can be used to carry out cyberattacks on a large scale, from spreading malware to carrying out distributed denial of service attacks (DDoS). It was the Mirai botnet that took down a lot of internet access on the U.S. East Coast back in 2016.
So these backdoors in routers that have been positioned as affordable devices, and thus ones that could be sold in large volumes, are pretty alarming as it means a lot of people could have fallen victim to cyber attacks.
CyberNews approached Walmart for more clarity into the issues and was told that the retailer is looking into the issues and has run out of the affected Jetstream router and has no plans to replenish its stock. However that still means there’s potential for huge amounts of routers to be out in the wild and contain active vulnerabilities.
- Set up a virtual router to share your VPN connections with other devices
Backdoor threat
Now backdoors aren't necessarily an unusual thing in routers, as internet service providers tend to have them in the routers they provide customers with to handle remote diagnostics and update.
However, Winstars Technology Ltd, to which the Jetstream and Wavlink bands belong, is not an ISP, which raises some eyebrows.
The fact that this backdoor leads to a user interface that can be accessed across the internet, means these vulnerabilities can be fairly easily exploited by hackers with knowledge of the backdoors. That knowledge first surfaced back in April, which is why CyberNews and the researchers have found the backdoors are actively being exploited.
You might also be wondering why such backdoors exist across two seemingly different routers. The researchers found that they were made by the same company based in Shenzhen, China, with the Jetstream model effectively being a white-label version of the Wavlink routers. (As of this writing, one Wavlink router that sells for $36.99 is an "Amazon's Choice" selection on Amazon.)
Such security issues are problematic with cheap routers where quality controls and security firmware might not be in place or rigorously tested to the extent they are in more expensive routers.
What should you do?
If you do have one of these Jetstream or Wavelink routers, the best bet is to get rid of them. Currently, there don't appear to be any firmware fixes in place for the backdoors.
Unfortunately, this is one of those cases where you get what you pay for. And we suggest that you try and buy the best router you can afford.
But we’d also suggest you check out our picks for the best Wi-Fi routers, as these picks will ensure you get a stable and secure router. And do remember to make sure you change admin passwords to make sure hackers can’t get lucky by guessing at generic admin passwords.
