What's new

[Security] - Cheap Routers from Walmart/Amazon/Ebay

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sfx2000

Part of the Furniture
Wavlink, Jetstream, Winstars - pretty spooky stuff...


Basically they're backdoored from the factory...

Some folks might recall this screenshot from old Tomato builds...

blurred gui backdoor.png


there's a number of other concerns on the devices as well - while sold under different brands, they all from the same vendor in Shenzen.

sfx
 
Do these even have FCCID's? If not, retailers could have action filed against them for selling illegal product.
 
As always, you get what you paid for...
 
Wavlink, Jetstream, Winstars - pretty spooky stuff...


Basically they're backdoored from the factory...

Some folks might recall this screenshot from old Tomato builds...

View attachment 27924

there's a number of other concerns on the devices as well - while sold under different brands, they all from the same vendor in Shenzen.

sfx

I asked this question on Amazon and this is the seller's (Wavlink) reply:
Question:
Is it true that cybersecurity experts have found backdoor Malware baked into your Wavlink routers from the factory?
Answer:
Reply on a few concerns of router security

There is a report that says our routers have remote backdoors, hereby we officially clarify that our products DO NOT have any such codes that either obtain customer information or remotely control devices. Here are one-by-one clarifications against third-party false accusations.


1. System command web page

It’s common practice for router companies to receive customer reports to make analysis and give feedback to customers more easily. And it is only for local management by customer himself.


2. Externally accessible web pages without any authentication

These pages are part of the local management to analyze WiFi installation environment.

We agree that these pages can be taken advantage of in extreme case. And to avoid causing any confusion, we decide to remove them all.



3. Wi-Fi signal scanning function

It’s also common practice in this business that routers can detect surrounding WiFi SSIDs for customers to easily choose the right network and start setup process. Scanning DOES NOT in any way mean it can decipher other networks, because all other SSIDs have their security systems.


For WiFi repeater category, scanning is a must-have function, as well as some applications such as “wifiinfoview”, “netspot” and “inssider”, just to name a few.


4. Built-in network tool programs

With Telnet which is common practice for telecom operators to provide remote support to their customers, it might cause certain confusions and troubles for malicious use. We fully understand it and from the beginning of 2019 the Telnet function was no longer available.


5. Hidden backdoors

In the article they pointed out an attack on the Internet server, trying to find out a backdoor through a public IP address. The Chinese IP in the report is not related to our company and the IP was trying to upload a malicious file on the router. However, the article has already clarified for us that the response packet returned to the 404 error "File Not Found", which means absolutely no effect on the router.


Currently, there’s a possibility to access the router from YOUR local network, meant to be checking your Internet status or firmware upgrade.


Once again, we don't have remote access to any router, and therefore not any chance to access a backdoor, if there’s any backdoor at all.


And in the report, it mentioned Jetstream is part of WAVLINK, which we have to say is totally wrong information. It can be found in a public source that Jetstream is a US-registered company and nothing related to WAVLINK.


6. Our summary

We acknowledge that our products do have room for more security improvement, which requires more awareness from us.


As regards the local access which is addressed in the article, we’ll accept the constructive opinions proposed in it and make necessary modifications to avoid any confusion or suspicion.


We’d like to take this chance to thank the writer of this article for their constructive opinions to help us achieve even higher security standard!

Wavlink Technical Support Team see less
By Wirelessforce SELLER on November 26, 2020
 
Last edited:
That doesn't convince me.
 
I asked this question on Amazon and this is the seller's (Wavlink) reply:

Regarding the company's reply:

1. almost all isp routers do this. But its not for customer, thats a funny comment. ALthough I think I understand what he means. Its for your benefit "your own good". Really its just for their own benefit. for example google port 4567 on verizon fios routers. You use to be able to block the port on earlier routers, then they took that ability out and started going lax on other things like even having a functional mac address filtering option. It never had anythying to do with them remotely servicing your router. Noone really knows whats its for. Its not just the company's fault though, its society and the so called security industry who make money off having people vulnerable and exploiting them for profit, so they downplay and encourage all these things. Things will only continue to get worse. If you use some asus functions they are collecting your information as well.

2. Asus does the same thing on their later routers. For example, the ac86u has no authentication when you setup the router leaving you extremely vulnerable. The older ac68U, has no open wifi and forces you use a password thats hardcoded on the router itself, doesn't even let you copy and paste it like the ac86u does. NO regard for security from asus anymore, they are going backwards.

3. Merlin firmware has this same function.

4. Merlin firmware has this same type of tools. but he also removed telnet you would have to check that routers firmware to confirm they did the same. stock firmware still has telnet but I believe its disabled by default.

5. all routers have backdoors nowadays. Its just a conspiracy theory, but I would have to be pretty naive with the way the fbi and nsa act to believe that they don't. All the problems I had running a vpn with ai trend micro and other features on the ac86u causing all sorts of weird errors led me to believe just that. I already mentioned the very public backdoors on most isp routers such as verizon fios actiontec.

6. if you are looking for good network security i've come to realize that commercial consumer routers are going backwards. Open source firmware is dead in the water. Even ubiquiti's routers do nothing for security. And because of big brother almost nothing supports a vpn properly unless you put together your own router box.

When it comes down to it, Chinese hardware is no different then ours. Its all backdoored at the lowest levels. from the chipset to the cpu, etc... In the late 90s and early 2000's when Microsoft tried to backdoor their cpu's hackers went to congress, it made national news, was huge uproar from society and the plans were scrapped. Now we live in a society where noone cares and so the called "security" experts make their money exploiting people not building defenses. Why do you think Edward Snowden looks so depressed all the time? He realized most don't care and accept it.


I'm part of the problem too, I got amazon echos all over my house. cameras and microphones everyhwhere phoning home and doing weird shirt all day. No security on them at all. I put them on a guest network on a vpn but that doesn't help much in stopping a hacker from spying on me. I figure i'm a reality tv star for some criminal organization, abc agency, or little russian kid and I might as well enjoy life and fun toys before I die, rather then live like a paranoid monk. Because noone seems to care like they use to. We can only deter so much.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top