Slashdot Mirror

← Back to Stories (view on slashdot.org)

Quanta LTE Router May Be Most Unsecure Router Ever Made (softpedia.com)

Posted by BeauHD on from the backdoor-here-backdoor-there-backdoors-everywhere dept.

An anonymous reader writes: LTE routers made by Quanta Computer Incorporated, a Taiwanese hardware manufacturer, are plagued by over twenty major security flaws ranging from backdoor accounts to remote code execution bugs, from hardcoded SSH keys to undocumented diagnostics pages, and from weak WPS PINs to network eavesdropping functions. As the researcher explains: "A personal point of view: at best, the vulnerabilities are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor." The vendor has not fixed any of these issues even after almost four months.

16 of 76 comments (clear)

  1. So. by rmdingler · · Score: 3, Funny

    The router equivalent of your recorded answering machine message, "Leave a message; we're in Disneyland and you're not!"

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:So. by Thanshin · · Score: 5, Insightful

      The router equivalent of your recorded answering machine message, "Leave a message; we're in Disneyland and you're not!"

      The recorded message would rather have to be:
      "Leave a message; we're in Disneyland. If you're Bob, we left the door open so you can water the plants. Don't worry about the alarm. We changed the passcode to "1111" before turning it off, in case you turn it on by mistake. While you're there, could you check all the money is still on the big desk? We put it there so you could check faster, but now we're worried the wind may have pushed it outside the window. (we left the windows open in case the dog we lost five years ago comes back.)"

  2. At least... by BradleyUffner · · Score: 4, Funny

    But at least it's locked down so you can't install any custom firmware and mess with the power levels!

  3. Definition of unsecure by Thanshin · · Score: 2

    A steel chain with twenty wooden links is still stronger than a steel chain with one paper link.

    A router with no access control whatsoever is less secure than the given example.

    1. Re:Definition of unsecure by Thanshin · · Score: 3, Interesting

      Counterarguments:

      A steel chain with steel painted wooden links is way more dangerous than a steel chain with a clearly visible paper link.

      A router identified as having no access control is way safer than a router which is expected to be secure.

  4. Re:Does this mean it's the most unlocked router ev by pushing-robot · · Score: 3, Funny

    Yes! You have complete power, and so does everyone else! It's all part of Quanta's new paradigm holding-hands sharing culture!

    (Say... does anyone know how this /. shilling works? Do I just wait for my check now?)

    --
    How can I believe you when you tell me what I don't want to hear?
  5. About time? by TheReaperD · · Score: 3, Interesting

    Isn't about time for manufacturers to face civil and potentially criminal penalties, plus recalls, for shipping insecure and faulty electronic products like every other product industry? Until is is less expensive to ship a secure (understanding that nothing is perfectly secure) product than it is to pay fines, penalties and recalls, vendors will continue to ship faulty and insecure products. Right now they know that it will cost them little to nothing to deal with insecure and faulty products so they do so with impunity and we get stuck with the crappy products in the end with the only possible recourse being an expensive class-action lawsuit that will take years and net those affected very little in the end. The class-actions tend to be very hard to win as there's very little case precedent for the owners of insecure products. People don't want to be the ones first to risk millions in legal fees and lawyers to set the initial precedence.

    --
    "Be particularly skeptical when presented with evidence confirming what you already believe." -
  6. Re:Does this mean it's the most unlocked router ev by Jason+Levine · · Score: 3, Funny

    Based on how Quanta makes their router, I think you post your bank account information and wait for the money to come rolling in.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  7. Re:I'm all for language changing over time by Anonymous Coward · · Score: 4, Funny

    Slashdot Headline May Be Using Most Unpossible English Ever Made

    News at 11

  8. Re:I'm all for language changing over time by Jason+Levine · · Score: 3, Funny

    You want the editors to do their jobs? That's unpossible!

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  9. Re:I'm all for language changing over time by wonkey_monkey · · Score: 2

    I'm all for language changing over time

    Shush then.

    "Insecure", to me, is far more commonly used to mean "lacking in confidence." If the editors had gone with that, there'd be dozens of posts mocking the choice and insisting that all the router needs is to be told it's beautiful.

    Someone who is insecure has insecurities. Something which is unsecure does not have unsecurities.

    "Unsecure" has come to take "insecure"'s place since "insecure" gained its psychological connotations (which may have happened around 1980, when "unsecure" started gaining in popularity). So blame psychiatrists.

    --
    systemd is Roko's Basilisk.
  10. Re:I'm all for language changing over time by DarkOx · · Score: 2

    English does not really have many rules, and only descriptive not prescriptive dictionaries. You understood the writers intent, communication was successful. So I would say to you "get over it."

    That said I agree your usage is preferable. The faulty device is insecure.

    I don't think it would be wrong to say, "The house has been left unsecured."

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  11. The problem is written in the name! by LordHighExecutioner · · Score: 3, Funny

    Quanta routing is using Heisenberg's indetermination principle for routing, so their packets are either secure and insecure at the same time.
    Good old newtonian routing policy can fix this.

  12. Vulnerability Warriors meet EOL by Virtucon · · Score: 3, Interesting

    From: https://pierrekim.github.io/bl...

    Mar 15, 2016: Quanta confirms the product is EOL and the released firmware was approved by the operator. Quanta can't modify of change without the customer's approval. Quanta does not have plan to patch or change FW as the product is EOL. Quanta thanks Pierre Kim for the information and will consider the findings into our next product development in the near future.

    So then the Vulnerability finder discloses, which is fine but the product is EOL. Don't buy it, don't use it. As a rule don't buy network routers from unknown or little known manufacturers. It may be cheap now but it'll cost you eventually.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:Vulnerability Warriors meet EOL by TheReaperD · · Score: 2

      Other industries, such as cars, if the product you shipped has a serious design flaw then you have to recall and fix it, regardless of the product's age or if it is considered EOL. The same should apply here.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    2. Re:Vulnerability Warriors meet EOL by WhiteKnight07 · · Score: 2

      Unless of course that router is in a hospital or medical insurance office. Then someone very well could die due to incorrect treatment or lack of treatment.

      --


      We're going to make information free Mr. Anderson, whether you like it, or not.