Walmart-exclusive Router and Others Sold on Amazon and eBay Contain Hidden Backdoors To Control Devices

Bernard Meyer, reporting for CyberNews: In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. CyberNews reached out to Walmart for comment and to understand whether they were aware of the Jetstream backdoor, and what they plan to do to protect their customers. After we sent information about the affected Jetstream device, a Walmart spokesperson informed CyberNews: "Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it."

Besides the Walmart-exclusive Jetstream router, the cybersecurity research team also discovered that low-cost Wavlink routers, normally sold on Amazon or eBay, have similar backdoors. The Wavlink routers also contain a script that lists nearby wifi and has the capability to connect to those networks. We have also found evidence that these backdoors are being actively exploited, and there's been an attempt to add the devices to a Mirai botnet. Mirai is malware that infects devices connected to a network, turns them into remotely controlled bots as part of a botnet, and uses them in large-scale attacks. The most famous of these is the 2016 Dyn DNS cyberattack, which brought down major websites like Reddit, Netflix, CNN, GitHub, Twitter, Airbnb and more.

China-Mart is selling tech with Chinese backdoors!

[Joe_Dragon]

China-Mart is selling tech with Chinese backdoor!
Well this what you get when you don't make stuff in the usa any more.

Re:

[AutodidactLabrat]

Yeah, forgetful like tRump and the Mexican payment for the "Wall"

Re:

[JustAnotherOldGuy]

I don't care. The important thing is that we rid the country of fuckface Trump and his crooked, incestuous family.

Re:China-Mart is selling tech with Chinese backdoo

[Vlad_the_Inhaler]

No-one ever provided any proof when it came to Huawei, it was all "they could have . . .". Assuming these results are genuine, this is different. "They did".

Re:

[theshowmecanuck]

People who posses wisdom understand that Huawei is a security threat.

Re:

[AutodidactLabrat]

People who possess wisdom shut the fuck up when they have no evidence.

Re:

[AutodidactLabrat]

Enslaving...Amerindians?
Oppressing independent thought...via the HUAC?
Bribing Countries...NATO?
Infiltrating Universities...Ronald Reagan
Enacting Social Credit Schemes...Trusted Flyer Program?
sorry, everything you just said started in Capitalist U.S.A.
Better luck winning at "Stupid" next round

Re: China-Mart is selling tech with Chinese backdo

[MrNaz]

No, that sounds like my 5 year old.

Re:

[AutodidactLabrat]

In the case of Huawei, there is evidence. You're essentially saying the U.S. Intelligence reports are not credible sources to be counted as evidence. Intelligence work, by definition, involves facts, techniques, tactics, and sources that cannot be publicly revealed - this is why information is 'classified.' These conclusions are what underlies the reports, and they count as evidence.

Barefaced lie, Evidence is submitted, not conclusions, and that is how you got Gulf of Tonkin.
If they cannot support the claim, the story is a lie.
WMD comes directly to mind
If you don't have the evidence, RIGHT NOW, shut the fuck up until you DO have the evidence.

Re:China-Mart is selling tech with Chinese backdoo

[bws111]

The USA makes loads of 'stuff'. Just not the kind of 'stuff' you find in Walmart.

Re:

[Canberra1]

CryptoAG. Swiss backdoor are just better and take longer for reputational damage to kick in.

Re: China-Mart is selling tech with Chinese backdo

[jovius]

American backdoors, fuck yeah!

Re: China-Mart is selling tech with Chinese backdo

[denny_deluxe]

Yes, I do mind!

Re:

[mspohr]

We want 'merican stuff with 'merican back doors so ATT, NSA, etc. can monitor us!

Re:

[Canberra1]

Where is the FCC when you need them, and Class Action lawyers forcing an expensive consumer product recall. Not fit for purpose, hidden and latent defects may work in some consumer friendly states. Where is the password/password admin/admin nonsense going to be stopped. And Cisco beat all others and had undeclared userids at multiple levels. Every branded router and mobile has backdoors, I suppose there might be an exception or two. Now back to a repressive regime country - no not China but Australia. Ever

Re:

[lsatenstein]

China-Mart is selling tech with Chinese backdoor! Well this what you get when you don't make stuff in the usa any more.

So, lets see, A Chinese collaborator does not have to do his dirty deeds remotely. He could be an American, Britisher, Canadian, someone, who makes some $$$ to get the backdoor malware into the eprom software or other malleable storage devices. Furthermore, once installed, it will spread. The only way to have some security is to have source code delivered. We visibly scan the source code, sign it as "clean", and compile it to meet the instruction set of the host computer. We use certified compilers, not l

Yeah, it's out of stock

[Krishnoid]

"Thank you for bringing this to our attention. We are looking into the issue to learn more. The item in question is currently out of stock and we do not have plans to replenish it."

After exfiltrating all the data they were interested in, they exfiltrated themselves. Standard operating procedure for spies. Or maybe they camouflaged themselves as toilet paper on sale and people bought them out.

Let's get it done

[AndyKron]

We're almost forcing ourselves to be open source

Re:

[Tough Love]

Funny that.

Not "discovered", but rather "located"

[hawk]

Let's be serious.

That a bulk market ChiCom router has back doors is a *given*.

You don't "discover" that it has them; you either succeed or fail at finding them . . .

hawk

Re:

[AutodidactLabrat]

And when you fail, you admit you fucked up and lied

not really backdoor

[aepervius]

I would be highly suirprised to learn those are ACTUAL backdoor, e.g. intentional access left with malicious intent- What is far more probable, and happenned for a lot of router over the last decades, is that those are admin/dev or even debugging access which were left in by cheapo development company, as it happenned so many time in the past. But since this is China rather than call it poor dev practice and cheapo dev, they call it backdoor.

Re:

[Unnamed Chickenheart]

So the intent is different, but the result is the same?
Granted only if malicious hackers are aware of it.

Re:

[Entrope]

Lots of media were warning us about the possibility over the last few years. Then the 2020 general election polls came along, and almost all of them changed their tunes.

https://www.nbcnews.com/news/a... [nbcnews.com]
https://www.cbsnews.com/news/r... [cbsnews.com]
https://news.engin.umich.edu/2... [umich.edu]

Re:

[AutodidactLabrat]

The polls were wrong. And the thief was unable to steal having lost by 7%. Well DUH!

Re:

[bobbied]

The count is over. F* off

Actually.. The whole discussion before was about the NEXT count, for which there are no ballots cast yet. You need to F'n learn to read.

The whole process needs to be tightened up a bit for the next election so we don't go through this mess again. Like what happened in FL after Bush squeaked by Gore and the hanging chad thing. They tossed those old punch card system pretty fast after that.

Re:

[ZombieCatInABox]

haven't your kind been beating liberals over the head for the past four years by repeating "Trump won, get over it."

Well, eat your own dog food, trumptards. Trump lost. Get over it.

Re:

[AutodidactLabrat]

No one has proved god "yet", but just like this tRumpist bullshit, lack of evidence is proof enough of falsehood

Walmart Means "Chinese Made"

[theshowmecanuck]

Bill Clinton gave China most favoured trading nation status after he said he wouldn't (to get elected) very likely at the behest of his biggest backers. That is, fellow Arkansans, the Waltons. A.K.A. the owners of Walmart. If Walmart were a country, it would be the largest importer of Chinese goods in the world, next to America. Incidentally, Hillary Clinton worked as a Walmart corporate lawyer at one point, and sat on the Board of Directors. And when she ran for president she said (paraphrased), "my husband will be one of my closest finance policy advisors." So blame Walmart and the Clintons for a lot more than shitty routers. And fuck Walmart for them, too. FWIW, even Bernie Sanders wants to curb how much the west deals with China.

Re:Walmart Means "Chinese Made"

[youngone]

You do realise that Bill Clinton hasn't been the president since 2001 don't you?
Hilary hasn't been anything at all since 2013.
In the 20 years since Bill finished being president the republicans have controlled 2/3 of your government most of time and changed exactly nothing about China's trade status.
Stop pretending to yourself this is some sort of democrat plot, or that the Clintons have any power.

Re:Walmart Means "Chinese Made"

[gtall]

Really? Let's remember the Republican brain trust who told us "opening" China would make them a model nation: Nixon and Kissinger.

Re: Walmart Means "Chinese Made"

[dwater]

... and they were largely correct.

Re:

[Canberra1]

That's only 1/2 the elites story. China would do all the low pay bulk dumb-ass jobs making unimportant consumer non-durables , while Americans will magically find new high paying jobs faster than graduates come on stream. Somehow these high paying tech jobs NEVER turned up, and even call centres did a nosedive. Uber and Food delivery is not high tech well paying either. Only so many people can afford dog therapy, cat minding and phones that elevate ones social status - not. Now China and Taiwan are doin

Re:

[DNS-and-BIND]

Did we forget that Bill Clinton took illegal campaign contributions from the Chinese in the 1996 presidential campaign? He wouldn't have won a second term without their help. He then took the lead in admitting them to WTO, the death knell for the American working class. He had to, it was a quid pro quo payback for their help.

Nixon and Kissinger's idea was a good one. And it worked, until 1989 when anyone could clearly see that China had gone as far as it was going to go. After Tianenmen China should

Re:

[youngone]

Would you like to address the point that the republicans have controlled the levers of power for almost the entire last 20 years since either Clinton had any real power?
Or is this related to that pizza shop I keep hearing about?

Re:

[kenh]

Uhm, the office of President was held by Obama for 8 of those 20 years, and by my math, that's almost half of the past 20 years.

Also, in America we have a President, Senate and Congress - it takes all three to do anything, and if an opposing party controls only one of them (House, for example), they can block passage of anything, and while a President can veto a bill passed by the house and senate (to a point), the President can not overcome a rejection by either the House or Senate.

Re:

[youngone]

Yeah, I'm aware. Who controlled two of the three arms of your government for most of Obama's presidency, and refused to allow him to do anything?
OP above is trying to argue the Clintons are somehow still able to exercise power, which is nonsense.

Re:

[AutodidactLabrat]

Speaking of fools...MAGAT

If there is no OpenWRT support, don't buy.

[Arnonyrnous Covvard]

There are very few manufacturers who are trustworthy enough to be granted an exception to that rule. A router works with OpenWRT or it might just as well not exist.

Re:

[Ungrounded Lightning]

A router works with OpenWRT or it might just as well not exist.

So do these?

Re:

[Arnonyrnous Covvard]

No.

OpenWRT

[PPH]

Anyone know if OpenWRT supports these routers? At these prices, I might pick one up and overwrite the Chinese firmware.

Re:

[Tough Love]

Don't forget, your dsl modem is also a vulnerability.

Re:

[PPH]

dsl modem

DSL. How quaint. At any rate, the ONT is on the wrong side of a firewall.

Re:

[Tough Love]

Making it a vulnerability you can't control. Thanks for your insightful contribution. /s

Re:

[PPH]

Making it a vulnerability you can't control.

The entire Internet beyond a firewall is full of vulnerabilities we can't control. Deal with it.

shocked picachu face

[alkurta]

I would be shocked if there weren't any back doors in Chinese made routers. Also, I'm sure American made equipment has back doors that the NSA is aware of.

ONN crapola

[boojumbadger]

I bought a cheap wireless mouse of their store brand. It frequently froze for several seconds for no reason I could tell. It is sitting on a bookshelf now unused. I went to a computer store and paid about the same for a wired gaming mouse that works.

how

[bloodhawk]

Not to downplay the seriousness of this but how the fuck do they get control of any device connected. I am 99.9% sure if I connect to a compromised endpoint you aren't going to gain control of my device unless I also do something stupid or have a vulnerability in the device I am using.

Re:

[MobyDisk]

unless I also do something stupid or have a vulnerability in the device I am using.

Those do not sound like particularly high bars, especially considering we are talking about average consumers who bought a Chinese router.

Re:

[MobyDisk]

yes but those issues exist with or without a compromised router

Exactly: that is why a compromised router is a such problem.

What users need to understand is that a breach usually requires multiple points of failure. A malicious email + a vulnerable email client; a phishing email + a foolish user who downloads and runs executables; a hacked router + a vulnerable browser, for example. So one cannot simply say "a hacked router is not a problem because it will only matter if the browser has a vulnerability" then also say "vulnerable browsers are not a problem unless you h

Re:

[kenh]

Agreed. A back door in a router doesn't suddenly breach security on every connected device.

"affordable"

[farble1670]

Why the quotes? It can be affordable AND allow the Chinese state to surveil your activities. Those goals are independent.

Oh, oh, do Apple next!

[Anonymous Coward]

Can't wait to see what backdoors Apple routers and WiFi devices have, since they are made in China afterall. Would love to see Apple have to fix them after abandoning all of their customers.

Re:

[DontBeAMoran]

Indeed. For a company that loves vertical integration, it was kind of a WTF moment when they announced EOL for their AirPort routers.

Re:

[speedlaw]

They did update the routers, even the old N only ones, when a problem was found, about a year ago....

And how it's "news"?!

[fbobraga]

It happened since web-marketplaces exists..

This kind of post generates so many FUD

[fbobraga]

... about "Evil" China

Re: This kind of post generates so many FUD

[MrNaz]

Much FUD. Many confusion.

China bot spotted.

Re: This kind of post generates so many FUD

[fbobraga]

China bot!? Selling on AliExpress!

OpenWrt or PFSense

[Revek]

Pick one. I currently have a OpenWrt router. i will probably go back to the PFSense router soon. Why would you think any closed source lightweight walmart router would be secure?

Never Trust

[Hydrian]

When it comes to tech, never trust anything that is 'given' to you by a business. You are either customer or the product. Sometimes you are both.

China-Part routers now as good as Cisco's

[burni2]

Yeah breaking news, but it's just disgusting and is an important argument that you need to have full access on a device.

And btw. "exclusive", what a joke, more true: "exclusive plastic outer shell and images for the webinterface".