Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hidden Backdoor Discovered In Chinese IoT Devices (techradar.com)

Posted by EditorDavid on from the telnet-trouble dept.

"A backdoor has been found in devices made by a Chinese tech firm specializing in VoIP products," reports TechRadar. An anonymous reader quotes their article: Security outfit Trustwave made the discovery of a hidden backdoor in DblTek's devices which was apparently put there to allow the manufacturer access to said hardware -- but of course, it's also open to being exploited by other malicious parties. The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device.

What's perhaps even more worrying is that when Trustwave contacted DblTek regarding the backdoor last autumn -- multiple times -- patched firmware was eventually released at the end of December. However, rather than removing the flaw, the vendor simply made it more difficult to access and exploit. And further correspondence with the Chinese company has apparently fallen on deaf ears.
The firmware with the hole "is present on almost every GSM-to-VoIP device which DblTek makes," and Trustwave "found hundreds of these devices on the net, and many other brands which use the same firmware, so are equally open to exploit."

85 comments

  1. Price for cheap labour by aussie_a · · Score: 5, Interesting

    There is a price for outsourcing all of your manufacturing needs to companies in countries with authoritarian governments. Having state sponsored Spyware in your devices is one such cost.

    1. Re: Price for cheap labour by Anonymous Coward · · Score: 0

      No more Cisco kit for me...

    2. Re:Price for cheap labour by rtkluttz · · Score: 4, Insightful

      There is a price for putting things on the internet that require command and control outside of the owners network. Authoritarian government == Authoritarian company. I love connected things but not when I have to ask someone elses servers to access or do shit with equipment behind MY firewalls.

      --
      Digital is, by definition, imperfect. Analog is the way to go.
    3. Re:Price for cheap labour by Anonymous Coward · · Score: 0

      Honestly strip off the 'Chinese' angle and you have summed up the whole IoT industry.

      I made these things for years. Is it that bad? Let me say this loud and clear. It is worse than you think and you *really* do not want to know how bad it is. Put everything you have behind a firewall. Only let the device talk to its designated remote servers. Do anything else is planning for trouble. Yes it is that bad.

    4. Re:Price for cheap labour by Anonymous Coward · · Score: 0

      Do you mind USA is a authoritarian country?

    5. Re:Price for cheap labour by interkin3tic · · Score: 1

      I seem to remember the following conversation here a few months ago

      US Gov: "Give us access to everyone's phone."
      Apple: "That would be a massive security threat, everyone could access it."
      US Gov: "Then just make it so that only we good government guys could access it."
      Apple: "(involuntary eye twitch) You... that's... I mean... (deep breaths) Okay, that's not something that's possible."
      US Gov: "Just do it."
      Apple: "You know what, fuck off."
      US Gov: "Ah, never mind, we figured it out anyway."

      I'm sure though the US government only tries to bully giant powerful companies like Apple and Google though, and gives the companies a chance to fire back publicly.

    6. Re:Price for cheap labour by Anonymous Coward · · Score: 2, Insightful

      What was the price the world has paid for years of using American products, not little IoT thingies, but huge equipment for Internet backbone services from Cisco, Juniper etc., being loaded with backdoors etc. by NSA?

    7. Re: Price for cheap labour by Anonymous Coward · · Score: 2, Informative

      FRom Snowden
      http://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html

    8. Re:Price for cheap labour by brunes69 · · Score: 2

      "Never attribute to malice that which is adequately explained by stupidity" - Hanlon's razor

    9. Re: Price for cheap labour by nukenerd · · Score: 1

      [citation needed]

      The GP asked a question. Why do you need a citation for a question?

    10. Re:Price for cheap labour by Anonymous Coward · · Score: 0

      The only virus I've ever infected myself with in the past fifteen years was from a cheap Chinese usb memory card reader. Since then, I won't buy anything without some sort of brand name that can be googled.

    11. Re: Price for cheap labour by Anonymous Coward · · Score: 0, Funny

      You're dumb as a fucking dog, aren't you? The whole NSA political and economical espionage and sabotage debacle has completely escaped you? Wow, talk about burying your head in the sand.

    12. Re:Price for cheap labour by sit1963nz · · Score: 2

      You do know the USA does this too.

    13. Re: Price for cheap labour by Anonymous Coward · · Score: 0

      We figured it out anyway

      And THERE WAS NOTHING ON THE PHONE

      Dumbass

    14. Re: Price for cheap labour by Anonymous Coward · · Score: 0

      What is a loaded question?

    15. Re: Price for cheap labour by Anonymous Coward · · Score: 0

      Yes but authority rests with the people, not the political party.

    16. Re:Price for cheap labour by gl4ss · · Score: 1

      doesn't need to be state sponsored.

      look, the mindset is just that what bad is a backdoor in a product you maybe need to patch up and such. it's secret yeah? thats the mindset the chinese and asians build anything like this.

      coincidentally asian thieves rarely pick locks and the locks are of shit quality everywhere.

      --
      world was created 5 seconds before this post as it is.
    17. Re: Price for cheap labour by aussie_a · · Score: 1

      Yup. Cost is pretty high in lost trust. Same as when any government does it. Frankly the sanctions should be, alas Noone in power seems to care.

    18. Re:Price for cheap labour by Anonymous Coward · · Score: 0

      Yep, there are more and more cases popping up that I can't adequately explain with stupidity.
      No, really, stupidity is when you don't think things through.
      When someone warns you that the thing you are doing isn't good and you don't care about that warning it has left the territory that can be explained with stupidity.

    19. Re:Price for cheap labour by Anonymous Coward · · Score: 0

      There is a price for outsourcing all of your manufacturing needs to companies in countries with authoritarian governments.

      +1.

      Are there any non-authoritarian countries on the menu? It seems I won't be able to get the premium stuff, but I would put up with crappier devices if they were less likely to be backdoored.

        https://www.schneier.com/blog/archives/2016/04/details_about_j.html
        https://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html

    20. Re: Price for cheap labour by Anonymous Coward · · Score: 1

      What America are you fucking living in?

    21. Re:Price for cheap labour by ilsaloving · · Score: 1

      The age of Trump stretches Hanlon's Razor to the snapping point.

      Also, considering that they *buried* the code instead of actually removing it, makes it very clear that this was absolutely not an issue of stupidity.

    22. Re:Price for cheap labour by eric_harris_76 · · Score: 1

      Uh, "all"? Hyperbole much?

      Also, while it's certainly possible backdoors were added at the request/order of the Chinese government -- especially if the Chinese government owns some or all of the company -- it's also very possible they were placed there for the same reason U.S. firms do it in their hardware/software/firmware products: convenience during testing and service. Maybe it was meant to be removed/disabled before shipping, maybe not.

      Well, that's one reason U.S. firms do it. The Clipper Chip didn't happen, but I'm sure there have been other, less public efforts. http://duckduckgo.com/?q=clipp...

      --
      There's no time like the present. Well, the past used to be.
  2. Backdoors in Chinese made/sold devices? by Gojira+Shipi-Taro · · Score: 4, Funny

    I've just shat myself with surprise.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    1. Re:Backdoors in Chinese made/sold devices? by K.+S.+Kyosuke · · Score: 2

      Your life must be very shitty, then.

      --
      Ezekiel 23:20
    2. Re:Backdoors in Chinese made/sold devices? by Anonymous Coward · · Score: 0

      I would suggest you patch your backdoor, but it sounds like even that might not do any good.

    3. Re:Backdoors in Chinese made/sold devices? by Anonymous Coward · · Score: 0

      Naaa. That's all behind him now.

    4. Re:Backdoors in Chinese made/sold devices? by Anonymous Coward · · Score: 0

      They are called Depend in our new alternate reality. https://www.depend.com/

      Mandela effect.

      Most people remember them as Depends though.

    5. Re:Backdoors in Chinese made/sold devices? by Anonymous Coward · · Score: 0

      Keep an eye out for Klingons though.

  3. I'm shocked! by Anonymous Coward · · Score: 4, Funny

    Shocked to find there's gambling in this establishment.

    1. Re:I'm shocked! by HiThere · · Score: 1

      Yep, that quote about sums up the reasonable reaction.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  4. clearly by Anonymous Coward · · Score: 0

    This is clearly another instance where lack of government oversight leads to dangerous, illegal things in the wild. If my thingamajig gets hacked I'm suing China!

    1. Re: clearly by Anonymous Coward · · Score: 0

      God, not another regulatatory agency schill. The LAST think we need is govornment oversight on electronics. Look at where we have come from in the last 50 years precisely BECAUSE we don't have govornment control of that. If medicine didn't have to be approved through the US FDA to get into useful use, some people would die as a result of odd drugs getting out there that shouldn't have been caught, but millions afflicted with totally terrible illness would have been saved a lot sooner. Take your govornment regulations and shove it.

    2. Re: clearly by Anonymous Coward · · Score: 0

      I'm sorry if my sarcasm was unclear; cheers ;-)

  5. Telnet port blocked at router. Duh. by HornWumpus · · Score: 2

    This is made worse by the fact that default router configurations leave telnet open.

    Could be worse. Close that port and it's a non-issue. Should have closed it with the last batch.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    1. Re:Telnet port blocked at router. Duh. by Anonymous Coward · · Score: 0

      This is made worse by the fact that default router configurations leave telnet open.

      Could be worse. Close that port and it's a non-issue. Should have closed it with the last batch.

      Yeah but since there are now only 3 people in the world who know what telnet is does it matter?

    2. Re:Telnet port blocked at router. Duh. by thegarbz · · Score: 1

      How does this make any sense? Telnet open by default? How does that get through NAT?

    3. Re:Telnet port blocked at router. Duh. by aaarrrgggh · · Score: 3, Informative

      Device pings manufacturer's server every hour or so. Translation remains active for inbound connection, even with stateful firewall.

      You really have to segregate everything to stay protected, and block or proxy outbound connections for IoT devices.

      It gets harder when all the traffic is on 443.

    4. Re:Telnet port blocked at router. Duh. by Anonymous Coward · · Score: 0

      Universal plug-and-play (UPnP) is the other shoe here. It basically means that devices can automatically reconfigure the firewall to allow port forwarding. Whether that is enabled or not by default depends on the defaults chosen by the manufacturer - some opt for maximum "usability" and have it turned on. FIOS has hidden the configuration settings on their GUI - you almost have to do a google search to find the URL, and *then* you can turn it off.

    5. Re:Telnet port blocked at router. Duh. by thegarbz · · Score: 1

      Device pings manufacturer's server every hour or so. Translation remains active for inbound connection, even with stateful firewall

      Translation isn't that basic. If it's not an open TCP connection or a very recent UDP connection then it wouldn't be active.

    6. Re:Telnet port blocked at router. Duh. by aaarrrgggh · · Score: 1

      Based on my firewall logs that doesn't seem to be the case; my stateful firewall times out after 30 minutes, but my logs show inbound translations for at least an hour, often two. Am I looking at it incorrectly?

    7. Re:Telnet port blocked at router. Duh. by thegarbz · · Score: 1

      Just as an example think of two people playing a game at the same time behind NAT connecting to the same remote server. NAT is more selective than source / destination. I'm not sure what you're seeing but if it were as simple as you said then it could conceptually not work.

  6. Um ok by Anonymous Coward · · Score: 0

    China can't hurt the average citizen. Where as every single domestic and foreign made IOT device that comes to America have multiple backdoors, as a feature. If you ever attended a protest, or dumped a cop, or for no reason at all. You could be subject to Zersetzung style harassment.

  7. DVR, Roku, etc... by Anonymous Coward · · Score: 0

    I'd get a DVR but they all require an account be created to use them when there is no technical reason for it.

    I had to creat an account to use my Roku when there is no technical reason to do so - I used a throwaway email to fulfill their silly ass marketing requirement.

    My point is tag these IoT and every other electronic doohickey is gonna collect information because that's how these businesses work. Consumer data is gold. For advertisers and government.

  8. X-10 by AndyKron · · Score: 3, Funny

    And this is why I don't have any IoT devices. X-10 still works for me.

    1. Re:X-10 by Anonymous Coward · · Score: 2, Insightful

      Referring to every router and gatway as an "IoT device" is getting stupid. This has nothing to do with X10 or lightbulbs or switches or home automation.

    2. Re:X-10 by Anonymous Coward · · Score: 0

      Would like to mark your post +1 funny, but lack mod points.

    3. Re:X-10 by 93+Escort+Wagon · · Score: 2

      "Backdoor found in Chinese-made VoIP hardware" doesn't carry the same cachet though.

      --
      #DeleteChrome
    4. Re:X-10 by thinkwaitfast · · Score: 1

      And this is why I don't have any IoT devices. X-10 still works for me.

      Is your X-10 device connected to your internet connected computer?

    5. Re:X-10 by JustAnotherOldGuy · · Score: 1

      And this is why I don't have any IoT devices.
      X-10 still works for me.

      I have a lot of X-10 stuff running, but sadly they changed all the fucking light controllers to this asinine "soft start" shit and it's been a disaster. If you use them you probably know exactly what I'm talking about.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    6. Re:X-10 by thinkwaitfast · · Score: 1

      I tried x10 like 20 years ago when Fry's had a free giveaway, but couldn't see the point beyond novelty. And I built my own for some industrial processes that I was playing with a few years ago (hatching chickens), but what mostly for fun.

  9. USB temp device by QuietLagoon · · Score: 1

    A couple of months ago I purchased a temperature measuring device that plugs into a USB port. The device was made in China by a Chinese company and shipped directly from China. I am really reluctant to plug it into any USB port nowadays, as I do not know what will be activated in the device once it gets power. Coming from China, I doubt if it would be anything good...

    1. Re:USB temp device by Anonymous Coward · · Score: 1

      Fire up a VM after first taking a snapshot. Route the USB device to the VM. Plug it in and run diagnostics. Obvious thing to look for is enumeration of multiple end points at the device. Those temp monitors appear as a HID device. They're flakey as crap and unfortunately don't make it easy to enumerate multiple sensors - but after plugging it in you should be able to suss it out pretty painlessly.

      I'd be much more worried about the dodgy software they ship for reading the sensor...

    2. Re:USB temp device by thinkwaitfast · · Score: 1

      Does the device load its own software?

    3. Re:USB temp device by lokedhs · · Score: 2
      I agree with this, abd I would also like to add that Using Qubes OS makes this a much less painful process. Not as simple as a point-and-click operation, but at least manageable.

      https://www.qubes-os.org/doc/a...

    4. Re:USB temp device by ilsaloving · · Score: 1

      Connect it to a non-windows machine, preferably linux. The majority of malicious software tends to target windows. While the the number of malicious entities for Mac have climbed in the past couple years, it's still a drop in the bucket compared to Windows. Linux may as well be a rounding error.

      Then you can poke at it relatively safely and see if there's anything interesting on it.

      If you don't have a Linux machine available, you could always use some distro's liveCD version, or you could even download a free anti-virus bootable image and boot the machine with that.

  10. Wait, what? by Anonymous Coward · · Score: 0

    The backdoor is in the Telnet admin interface

    You mean to tell me you're still using freakin TELNET to communicate over the public internet? In this day and age? Hell, the mere EXISTENCE of a working Telnet interface is itself a back door as far as I can see.

    1. Re:Wait, what? by Anonymous Coward · · Score: 0

      telnet nethack.alt.org

    2. Re:Wait, what? by ExEm2SS · · Score: 1

      Quite a few IoT devices use Telnet.

  11. News Just in .. Chinese device has piss poor secur by Anonymous Coward · · Score: 2, Informative

    I'm so worn down by the number of news items about (yet another) shitty Chinese device having some a backdoor/malware/shitty or non existent security that I just assume that every device made in China has these flaws, we just haven't yet heard of them in the wild.

    What would be more shocking to me is a news story about a Chinese device that has been security audited and found to be secure. When that day comes I will be truly suprised.

  12. The crooks should at least use ssh by davecb · · Score: 1

    Then your IOT devices would have authorized_keys with names like repairman@factory.cn and spy@gov.cn

    --
    davecb@spamcop.net
  13. US does a better job by thygate · · Score: 1

    at least the US designers try to obfuscate their backdoors

  14. Sounds like China alright by Quietti · · Score: 3, Interesting

    China strikes me as incapable of responding to bug reports, because a bug report puts the manufacturer in a bad light and that amounts to losing face.

    Case in point:

    I was maintaining a driver for a widespread SoC. The driver would flat out crash the Linux kernel during bootup (kernel oops and complete freeze) at every other kernel release, but only when booted off a specific hardware vendor's product. On other vendors' products based on the same SoC, no such problem.

    I contacted the SoC's manufacturer, asking if that particular issue rang a bell. It didn't. However, their product specialist recalled that this particular hardware vendor had very pointy questions about hardware interrupts, back when they were building their BIOS image. As far as he could guess, the vendor had probably messed their build configuration and produced faulty BIOS images whose bugs were triggered by changes in the Linux kernel's other subsystems at every other release.

    He gave me the name of a contact person at the hardware vendor, suggesting to report the bug to them. My e-mail was passed around from department to department – OEM support, Marketing, Sales, etc. – to no avail. One department assumed that I didn't understand some BIOS settings, another presumed that I was placing an order that would require a custom BIOS build. No, I'm reporting a defect in the BIOS sold in your products. I'm asking you to find the cause of the issue I've described – which does NOT affect other products based on the same SoC reference design that are sold by other hardware vendors, so it HAS to be a BIOS bug – and to please release a fixed BIOS image. At that point, someone with a modicum of English skills figured out what the word "defect" means and promised to contact me as soon as they found the solution. They never did. They also stopped responding to any further e-mail.

    China. Sigh.

    --
    Software is not supposed to be about how to work around a useability issue. - Ken Barber
    1. Re:Sounds like China alright by Anonymous Coward · · Score: 0

      Incapable or unwilling?

    2. Re:Sounds like China alright by Mandrel · · Score: 2

      Companies like these know that support is their biggest cost. Their aim is to have their products bought because they are a cheap and readily-available option that promises to do what people want. How well they do this isn't important if they can get customers past a return impetus, and if they can rely on few customers seeing a product review or security alert. They then make it hard to contact and converse with support, like your experience, but also often by not having a website, an English website, or an email address, or even by not listing a manufacturer on their packaging.

      There's so much potential for Chinese/Taiwanese companies that can be both reasonably priced and keen on both quality and customer service.

    3. Re:Sounds like China alright by Anonymous Coward · · Score: 0

      Perhaps it is "incapable of being willing to".

    4. Re:Sounds like China alright by AHuxley · · Score: 1

      The options are to have users look up revision and device codes to find some password, user name that works for that device for hours.
      Find some printed paper in the box with a code to enter? Find a read me file deep on the desktop?
      Or to have working plug and play as supported by most modern computer systems.
      So a device opens up the network and everything works with default passwords in seconds.
      Its not the device or OS issues, just that a home network is now open to default ports using expected passwords.
      The device is working, it just opened the home network.
      Vast networks then scan ISP users for any such open ports and try default passwords.

      --
      Domestic spying is now "Benign Information Gathering"
  15. Not hidden at all. by Anonymous Coward · · Score: 0

    https://s-media-cache-ak0.pinimg.com/736x/69/b7/ae/69b7ae08af4a503b9bcc00459d40d4f6.jpg

  16. No way by JustAnotherOldGuy · · Score: 3, Insightful

    "Hidden Backdoor Discovered In Chinese IoT Devices"

    Shocking *cough*.

    Seriously, this should surprise no one. No one who's been paying attention, anyway. At this point I pretty much assume that any internet-enabled Chinese hardware likely contains some sort of backdoor, hard-coded passwords, or other hidden stuff.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  17. UL for IoT by Anonymous Coward · · Score: 0

    There needs to be a UL type organization for IoT security.

    1. Re: UL for IoT by Anonymous Coward · · Score: 1

      UL has one. I started down the path with them for a device, it's not easy for a small firm and I quickly found how many companies slapped a UL OR CE certification on their device with no actual certification.

  18. Re: Shocked, shocked I tell ya. by Anonymous Coward · · Score: 0

    Why is this marked as troll? It's funny given all the various articles related to China and security in their devices. Their culture doesn't enshrine privacy and user control like ours in the USA does.

  19. IoT - really ? by slincolne · · Score: 3, Informative
    Does this device sound like an IoT gadget ?

    From reading the article (yes - I know - and no I'm not new here) it's nasty piece of telephony hardware and more like a router than anything else. I know it's a current meme to thrash IoT as a platform but this is not a case of a programmer taking shortcuts on a feature constrained device, but rather a programmer or designer who is just dumb. This has been a problem long before the IoT ever came around.

  20. Re:Shocked, shocked I tell ya. by Anonymous Coward · · Score: 0

    I rhombus have just thought you're an asshole.

  21. Re: Shocked, shocked I tell ya. by Anonymous Coward · · Score: 0

    Yes because the USA is just a beacon of privacy

  22. Not IOT by campuscodi · · Score: 2

    It's not an IoT device. It's basic networking equipment. Stop calling everything IoT.

    1. Re:Not IOT by Anonymous Coward · · Score: 0

      Are you a campus?
      Is your name Codi?

      Stop calling yourself a campus, codi!

  23. Hidden Backdoor Discovered In Chinese IoT Devices by Pascal+Sartoretti · · Score: 1

    This sounds like a feature, not a bug

  24. Not a back door by FeelGood314 · · Score: 1

    Many vendors put a method to contact and trouble shoot their devices. Windows telemetry could be considered an example of this. For the average consumer (who doesn't even know what privacy is) this is almost always a good think. Customer support can easily fix their device. Unfortunately, this is IoT so the security is going to be shit. It's not just a Chinese problem it's the entire industries attitude.

  25. Slurs = troll by Immerial · · Score: 1

    It was marked because of the Chinaman slur. Now if it said 'the Chinese' instead of 'a Chinaman'... you would have a point.

  26. Re:News Just in .. Chinese device has piss poor se by Anonymous Coward · · Score: 0

    You only hear that because China makes all the devices. If America actually made anything anymore, you'd hear about all their backdoors...

  27. Re: Shocked, shocked I tell ya. by Anonymous Coward · · Score: 0

    There is no privacy when there are Africans around, and the same goes with Orientals. They even know what you are doing inside restrooms behind walls to a high degree of accuracy, no need for backdoors in devices.