All for the low, low price of sketchy
Image: ambar del moral / mashable
By Jack Morse2020-11-23 21:36:34 UTC
When it comes to your electronics, price shouldn’t be the only consideration.
The shopping extravaganza known as Black Friday is fast approaching, and bargain hunters have their eyes peeled for savings. However, a discount might not be the only thing on the menu for those unfortunate enough to purchase a WiFi router researchers say is riddled with dangerous backdoors.
According to CyberNews, cybersecurity researchers identified a backdoor in the Walmart-exclusive Jetstream router. The researchers, James Clee and Roni Carta, along with CyberNews’ Mantas Sasnauskas, say the backdoor is actively being exploited and would allow an attacker to remotely control victims’ routers. What’s worse, researchers say the backdoor would also allow a hacker access to devices connected to the routers.
The router is on sale at Walmart.com for $8.99, but if Clee and Carta are to be believed, the only one getting a deal here is the hackers already exploiting the device. The researchers note that Wavlink-branded routers have a similar backdoor.
“Gotta love when they copy/paste the same firmware with the same vulnerabilities across multiple brands and many devices,” writes Clee. “There could be more to come[.]”
We reached out to Walmart both for comment on the research and to determine if the company plans on pulling the router from its digital shelves.
“The item in question is currently out of stock and we do not have plans to replenish it,” a Walmart spokesperson explained over email. “We are working to remove it from our site.”
However, at the time of this writing, a search for “jetstream router” on Walmart.com turns up two options. We were able to add them both to our digital cart, and click through to the “checkout” option (although we didn’t attempt to complete the purchase).
Image: screenshot / walmart
Importantly, researchers say an attacker would not need physical access to the router to exploit it. Assuming a victim was online, someone with knowledge of the backdoor could remotely access it.
“Why would a company, which potentially knows the credentials of any of its routers, give itself the hidden ability to access anyone’s router and run commands?” Clee rhetorically asked CyberNews.
While we are unable to independently confirm the vulnerabilities identified by Clee and Carta, this is not the first time routers have been identified as a security point of failure. However, the alleged backdoor in the Jetstream stands out as particularly egregious.
SEE ALSO: Verified ‘Elon Musk’ Twitter account celebrates election with crypto scam
It turns out that there’s more to a deal than just dollars and cents — something to keep in mind as you go about your Black Friday shopping.