“Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation,” Ian Barker reports for BetaNews.
“The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor,” Barker reports. “The issue permits a remote attacker to gain a shell with root privileges on the affected device.
Barker reports, “Full details of the exploit and the devices affected can be found on the Trustwave blog.”
Read more in the full article here.
MacDailyNews Take: For home automation, smart people go the HomeKit route.
SEE ALSO:
DDoS attack: Apple’s HomeKit for a safer smarthome – October 24, 2016
Honeywell unveils Apple HomeKit-compatible Lyric T5 Wi-Fi thermostat – September 27, 2016
Google’s flaky Nest thermostat shakes users’ trust in the Internet of Things – January 19, 2016
Google’s Nest thermostat bug leaves users cold, angry – January 14, 2016
Honeywell announces ‘Lyric Round’ smart thermostat with Apple HomeKit integration – January 5, 2016
Apple HomeKit-compatible thermostat Ecobee closes in on Google’s Nest – September 28, 2015
Apple pulls Google’s Nest thermostat from stores with launch of HomeKit-compatible Ecobee 3 – July 23, 2015
First Apple-certified HomeKit-compliant devices launch – June 2, 2015
Google engineer trashes Tony Fadell’s precious Nest smoke alarm – February 19, 2015
And we’re surprised because…?
The NSA, and by extension all of the other spy agencies, know about all back doors in all devices. It deplors that vigilantees like Trustwave blew the whistle. Should DBLTek eliminate the back door, the NSA will lose some of its unaccountable and secret spy capability which it considers its exclusive domain.
SURPRISE!
Internet
Of
Trash
This case appears to be one of sloppy software engineering and testing practises rather than of deliberate spying. Regardless, it formed the basis of an exploit that affects ten thousand security cameras, not a good thing. The company doesn’t want to recall them; too expensive to contemplate. They need to hire a consultant to help them do a proper firmware upgrade.