Backdoored firmware lets China state hackers control routers with “magic packets”

Comments

• Bell@lemmy.world ⁨1⁩ ⁨year⁩ ago

  Maybe we could have a comprehensive tariff on goods that floats with the number of state-sponsored cyber crimes, human rights violations, etc. Hack our routers? The rate just went up 5%.

  source

  • xodoh74984@lemmy.world ⁨1⁩ ⁨year⁩ ago

    I think this is fair, but man the retaliatory tariffs for NSA backdoors would be atrocious

    source

    • SuckMyWang@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Working as it should be then

      source
  • 50gp@kbin.social ⁨1⁩ ⁨year⁩ ago

    better to block their goods form the market if they refuse to allow others to compete in theirs

    cant sell your goods or software in china without local business taking cuts and trade secrets? well bad luck now you cant do business in the west either until you drop that shit

    source

    • BeMoreCareful@lemdro.id ⁨1⁩ ⁨year⁩ ago

      China has the infrastructure to produce, the population to produce it, and the government to build more. I don’t think there’s really anybody that can compete with that.

      source

      • -> View More Comments
    • Zima@kbin.social ⁨1⁩ ⁨year⁩ ago

      I think that the most disappointing aspect of obama's presidency was that he did not do anything about china imposing those bullshit rules. he should have imposed some balance or outright make it illegal for those companies to put themselves in a situation where their ip's will be sucked dry.

      source
    • RobotToaster@mander.xyz ⁨1⁩ ⁨year⁩ ago

      The one thing that could get Americans to revolt would be blocking them from getting cheap 50" tvs.

      source
  • bdonvr@thelemmy.club ⁨1⁩ ⁨year⁩ ago

    American tech is gonna get way more expensive dang

    source
• mvirts@lemmy.world ⁨1⁩ ⁨year⁩ ago

  Lol. Ya don’t forget to monitor the router for unauthorized network access… in its logs, controlled by its firmware 😅

  source
• Buelldozer@lemmy.today ⁨1⁩ ⁨year⁩ ago

  Not much different than what the NSA has been doing for a long time.

  source
• halfempty@kbin.social ⁨1⁩ ⁨year⁩ ago

  "Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware."

  source

  • Aqarius@lemmy.world ⁨1⁩ ⁨year⁩ ago

    “Good news everyone, our old products are compromised, and the only solution is to buy new ones!”

    source
  • RobotToaster@mander.xyz ⁨1⁩ ⁨year⁩ ago

    “China found the backdoors we installed for the NSA, buy our new product with different backdoors.”

    source
  • Unaware7013@kbin.social ⁨1⁩ ⁨year⁩ ago

    I wonder if they're using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins' part.

    source

    • partial_accumen@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.

      source
    • ddkman@lemm.ee ⁨1⁩ ⁨year⁩ ago

      I do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.

      source
• autotldr@lemmings.world [bot] ⁨1⁩ ⁨year⁩ ago

  This is the best summary I could come up with:

  ---

  The threat actor is somehow gaining administrator credentials to network devices used by subsidiaries and using that control to install malicious firmware that can be triggered with “magic packets” to perform specific tasks.

  In an advisory of its own, Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities.

  Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products.

  Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware, the company said.

  BlackTech members use the modified firmware to override code in the legitimate firmware to add the SSH backdoor, bypass logging, and monitor incoming traffic for “magic packets.” The term refers to small chunks of data the attackers send to the infected routers.

  While they appear random and innocuous in system logs, these packets allow the attackers to surreptitiously enable or disable the backdoor functionality.

  ---

  The original article contains 522 words, the summary contains 160 words. Saved 69%. I’m a bot and I’m open source!

  source

  • Taleya@aussie.zone ⁨1⁩ ⁨year⁩ ago

    The threat actor is somehow gaining administrator credentials

    …lemme guess. Default logins.

    source

    • FaeDrifter@midwest.social ⁨1⁩ ⁨year⁩ ago

      We might never know how they managed to somehow to obtain the secret password …1…2…3 …4

      source

      • -> View More Comments
• ApeNo1@lemm.ee ⁨1⁩ ⁨year⁩ ago

  “You’re a hacker Harry”.

  source

  • SzethFriendOfNimi@lemmy.world ⁨1⁩ ⁨year⁩ ago

    Avad

    source

    • ApeNo1@lemm.ee ⁨1⁩ ⁨year⁩ ago

      It seems the spell suffered some packet loss.

      source

      • -> View More Comments
    • SzethFriendOfNimi@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Ka

      source

      • -> View More Comments
• HaggierRapscallier@feddit.nl ⁨1⁩ ⁨year⁩ ago

  "Alohomora"

  • Li Dazhou

  source
• RizzRustbolt@lemmy.world ⁨1⁩ ⁨year⁩ ago

  From the Grassy Node?

  source