TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

  • Avid Amoeba@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 days ago

    An even better way is to leave vulnerable pieces in all parts of the firmware / software stack. E.g. old version of SSH with a known vulnerability or two, old web server, etc. Then just exploit as needed.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      5 days ago

      The examples you gave are all at the OS level and installing OpenWRT would fix them. The firmware/BIOS level is much more custom and can be susceptible to attacks the OS is completely unaware of (effectively pre-installed rootkits). Hence why I mentioned it may not be enough to install OpenWRT.

      • richmondez@lemdro.id
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 days ago

        You are talking about the boot loader, but even that is pretty standard. There could be hardware exploits in place, sure, but we are mostly talking about a very low margin product and the volume of data that you’d need to retrieve and process to sift out anything useful would be massive and obvious so in general I think this is mostly conspiracy level thinking. Any shenanigans is going to be done in small targeted batches if it’s done at all to try to infiltrate specific targets and reduce risk of some curious researcher or enthusiast accidentally stumbling across it and ruining it.

        • Dark Arc@social.packetloss.gg
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          4 days ago

          but we are mostly talking about a very low margin product and the volume of data that you’d need to retrieve and process to sift out anything useful would be massive and obvious so in general I think this is mostly conspiracy level thinking

          Bold of you to assume they actually need to make money on these.

          They also don’t need to sort through data to be problematic; they just need to be able to be remotely disabled or remotely given the order to start sniffing if they are one of the higher end systems that would be used in major infrastructure (that could process at volume).

          Sure a researcher could stumble upon something… But closed source, embedded deep in the hardware, etc the number of researchers working at that level is not all that high AFAIK. The research is also from my understanding very very difficult at that level. It would be borderline equivalent to reverse engineering the Intel remote management engine or something.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 days ago

        Yes of course, you’re right. The point I’m making is that wherever you’re putting in backdoors, instead of backdoors, you can just leave unlatched vulnerabilities. Gives you solid plausible deniability.