Hidden backdoor discovered in Chinese IoT devices leaves them open to exploitation, says Cylance
Security researchers at Trustwave have announced that they have discovered Chinese Internet of Things (IoT) devices containing a hidden ‘backdoor’.
This enables access by the manufacturer and leaves the devices open to exploitation by others, which despite the researchers following the responsible disclosure process, has repeatedly been left exposed by the vendor.
Commenting on this, Zach Lanier, research director at Cylance, said: “Unfortunately, this is not an isolated issue. Network devices from manufacturers all over the world have fallen prey to attackers time and time again – often by way of backdoor services and accounts. These backdoors are often present under the guise of providing ‘remote administration’ or ‘support’, but occasionally for more nefarious purposes.
Zach Lanier
“What’s frustrating about this particular instance is the vendor’s response to Trustwave’s findings: ‘security through obscurity’ is not the way to go, nor is cutting off communications with researchers who are trying to disclose something.
Trying to ‘hide’ something like this is what brings about the ‘Streisand Effect’ – it will only draw more attention,” Lanier added. “Chances are high that we’ll continue to see more of the same as far as backdoors go, especially as IoT-esque devices proliferate.”
Comment on this article below or via Twitter @IoTGN