Several popular Chinese wifi routers and networked storage devices contain significant vulnerabilities, that, if exploited, could cause “severe damage,” security researchers have found.
Why it matters: Internet penetration in China has risen dramatically over the past few years, creating a black market for illegally obtained personal data.
- A large number of households and small businesses use vulnerable routers and storage devices.
- Chinese Internet of Things (IoT) devices have in the past been used to launch large-scale cyberattacks using botnets, networks of devices that have effectively been commandeered to inundate websites with fake traffic, causing them to crash.
“The growth of security awareness through programs such as bug bounties may result in vulnerabilities being patched, but their existence in the first place is troubling. Common devices that are deployed in small office and home office environments are likely vulnerable to exploits that can result in severe damage.”
–Independent Security Evaluators (ISE) in its report
Details: ISE researchers found that devices from Xiaomi, Lenovo, Terramaster, and Totolink manufacturer Zioncom could allow attackers to gain access to private networks.
- Once a network has been infiltrated, attackers would be able to monitor the data that gets transmitted to and from devices within the network, gain control of other devices, and launch attacks on targets outside of the compromised network.
- Each device evaluated was found to contain at least one vulnerability that could be used to execute commands on the device or gain access to its administration panel.
- These devices include the Xiaomi Router 3 and a Totolink WiFi router, as well as network-attached storage products from Lenovo and Terramaster.
- The researchers also evaluated products from Netgear, Asus, Synology, and Seagate, all of which were found to be susceptible to attacks.
- Collectively, the vulnerabilities could affect “millions” of people worldwide, the ISE said.
Context: IoT device manufacturers have long been criticized for not implementing adequate measures to effectively protect their users.
- This is also true in China, where companies often take shortcuts to make their products cheaper, thereby sacrificing security.
- In 2017, Chinese-made internet-connected cameras were infected by the notorious Mirai malware to form a botnet that launched a distributed denial-of-service attack on Twitter, Paypal, and Spotify, taking some of the sites offline and resulting in the worst attack of its kind in US history.