Chinese-made routers, sold on Amazon and eBay, contain hidden backdoor and are being exploited by Mirai malware and other methods

CyberNews.com’s Investigations team today announced that they have identified hidden backdoors in Chinese-manufactured routers that share common firmware, with evidence that the routers are being exploited by the Mirai malware. In a collaboration between CyberNews.com Senior Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, the team found that routers sold by Amazon, eBay and Walmart are all affected, and vulnerabilities are already being exploited.

The two brands identified are, Wavlink routers that are available on eBay and also highlighted as an Amazon Choice Router, and Jetstream routers which are sold exclusively at Walmart. 

These critical vulnerabilities allow attackers to remotely control the routers as well as any device connected to that network and monitor all the traffic coming through that router. It's akin to constant surveillance on your personal network, with someone watching all your activity and stealing all your information. Additionally, the Wavlink routers contain a script that lists nearby wifi and has the capability to compromise those networks.

CyberNews has already detected multiple malicious attempts from a Chinese IP address, which is trying to upload and execute a harmful script on the routers. After investigating the suspicious file, the investigation team has identified that is part of the infamous Mirai botnet.

The Mirai botnet has been responsible for multiple major attacks, including a large-scale DDoS attack in 2016 that left much of the internet inaccessible on the US East coast.

“After my initial findings on the first router I purchased, I bought two more repeaters off Amazon,” said Clee. “Although they are very different physically and slightly different technically, all three had almost the exact same exploit chain. It's hard to make sweeping, definitive statements, but given that all three had the same flaws I’d suspect that many more Wavlink devices are the same.”

When CyberNews.com attempted to find information on the companies behind these routers, it appears that both Jetstream and Wavlink are subsidiaries of a Shenzhen-based company known as Winstars Technology Ltd, which reportedly exports 1-2M pieces per month.

To date, none of the retailers or manufacturers involved have responded to the findings.

Researchers Clee and Carta are in agreement that the backdoors found are intentional. “This is not a mistake,” Carta asserts. “Someone had to take the decision to make the password client-side. A human conceived this code knowing that this would be accessible from an unauthenticated user. Now, the question is why?”

“The fact that there’s a GUI for RCE, and the fact that a page was established to validate a password outside of the existing authentication mechanisms, leads me to believe that neither were an accident, Clee said.”

Mantas Sasnauskas, a Senior Researcher on CyberNews.com’s Investigations team, said “We are working hard to see if we can identify any active exploitation, as the investigation has revealed the vulnerabilities of these routers are being exploited by the Mirai malware. Such vulnerabilities in Chinese hardware or software can’t be discussed without acknowledging the Chinese government’s position on national and international surveillance.

Chinese data retention laws force Chinese companies, or companies operating in China, to keep data on servers located inside the country – and to provide practically unrestricted access to that data to law enforcement. This includes even encrypted data, with the Chinese government requiring access to decryption keys.” He continued, “This type of undocumented backdoor access is a major reason that the United States, Germany, and other governments around the world banned Huawei when they found that the Chinese company could secretly access sensitive information for devices that it sold.”

Existing customers are advised to stop using Jetstream and Wavlink routers, temporarily shut down the network, clean computers, and reset computer passwords and logins for online accounts to protect themselves, their families and their neighbors.

Featured

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.