Hidden Backdoor Discovered In Chinese IoT Devices

"A backdoor has been found in devices made by a Chinese tech firm specializing in VoIP products," reports TechRadar. An anonymous reader quotes their article: Security outfit Trustwave made the discovery of a hidden backdoor in DblTek's devices which was apparently put there to allow the manufacturer access to said hardware -- but of course, it's also open to being exploited by other malicious parties. The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device.

What's perhaps even more worrying is that when Trustwave contacted DblTek regarding the backdoor last autumn -- multiple times -- patched firmware was eventually released at the end of December. However, rather than removing the flaw, the vendor simply made it more difficult to access and exploit. And further correspondence with the Chinese company has apparently fallen on deaf ears.
The firmware with the hole "is present on almost every GSM-to-VoIP device which DblTek makes," and Trustwave "found hundreds of these devices on the net, and many other brands which use the same firmware, so are equally open to exploit."

Price for cheap labour

[aussie_a]

There is a price for outsourcing all of your manufacturing needs to companies in countries with authoritarian governments. Having state sponsored Spyware in your devices is one such cost.

Sounds like China alright

[Quietti]

China strikes me as incapable of responding to bug reports, because a bug report puts the manufacturer in a bad light and that amounts to losing face.

Case in point:

I was maintaining a driver for a widespread SoC. The driver would flat out crash the Linux kernel during bootup (kernel oops and complete freeze) at every other kernel release, but only when booted off a specific hardware vendor's product. On other vendors' products based on the same SoC, no such problem.

I contacted the SoC's manufacturer, asking if that particular issue rang a bell. It didn't. However, their product specialist recalled that this particular hardware vendor had very pointy questions about hardware interrupts, back when they were building their BIOS image. As far as he could guess, the vendor had probably messed their build configuration and produced faulty BIOS images whose bugs were triggered by changes in the Linux kernel's other subsystems at every other release.

He gave me the name of a contact person at the hardware vendor, suggesting to report the bug to them. My e-mail was passed around from department to department – OEM support, Marketing, Sales, etc. – to no avail. One department assumed that I didn't understand some BIOS settings, another presumed that I was placing an order that would require a custom BIOS build. No, I'm reporting a defect in the BIOS sold in your products. I'm asking you to find the cause of the issue I've described – which does NOT affect other products based on the same SoC reference design that are sold by other hardware vendors, so it HAS to be a BIOS bug – and to please release a fixed BIOS image. At that point, someone with a modicum of English skills figured out what the word "defect" means and promised to contact me as soon as they found the solution. They never did. They also stopped responding to any further e-mail.

China. Sigh.