China based TP-Link who make routers that are pretty popular here in North America are being fingered by US lawmakers for being a national security threat. Here’s the details:
In a letter sent this week to Commerce Secretary Gina Raimondo, Reps. John Moolenaar (R-MI) and Raja Krishnamoorthi (D-IL) claimed TP-Link’s routers have been found to have an “unusual degree of vulnerabilities.” They called on the department to respond with findings on the company’s security risks by the end of August, and to determine if TP-Link products should be restricted in the U.S.
Amid China’s “increasingly draconian data protectionist and national security-focused legal regime,” the lawmakers wrote, “companies like TP-Link are required to provide data to the PRC [People’s Republic of China] government and otherwise comply with the demands of its national security apparatus.”
The congressmen, who lead the House Select Committee on China, cited the cyber activity by the Chinese APT group Volt Typhoon as a reason for concern around home and office routers. A hallmark of the group’s hacking campaign against U.S. critical infrastructure is the infiltration of home routers for the purpose of launching other attacks.
And the thing is that flaws in these routers that hackers can exploit are a thing:
For years, critical vulnerabilities in TP-Link routers have been abused by hackerswho use them as cover for subsequent attacks or add them to powerful botnetsthat disrupt websites with bogus traffic.
In May 2023, researchers at the cybersecurity firm Check Point attributed cyberattacks on “European foreign affairs entities” to a Chinese state-sponsored group they called “Camaro Dragon.” The hackers used a firmware implant for TP-Link routers to get control of infected devices and access networks.
TP-Link denies the accusations. But if you have a TP-Link router, you may want to reconsider if you want to use it. It could be perfectly safe. But it also may not be safe. These days you can’t take any chances.
Android Phones Vulnerable To Remote Access Vulnerability
Posted in Commentary with tags Android on August 19, 2024 by itnerdBad news if you have an Android phone, particularly a Pixel phone. A company named iVerify has discovered an extremely serious vulnerability in those versions:
The vulnerability makes the operating system accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections, and spyware installations. The potential impact of this Android security vulnerability is unknown and could result in millions of dollars in data loss and breaches.
iVerify, in concert with the information security team at Palantir Technologies, initially identified and investigated a vulnerability in an Android app package called Showcase.apk. The application runs at the system level and can fundamentally change the phone’s operating system. Since the application package is installed over unsecured HTTP protocols, this opens a backdoor, making it easy for cybercriminals to compromise the device. iVerify notified Google of the vulnerability and submitted a detailed report after discovering it on customer devices that did not pass iVerify’s behavior-based detections. It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks.
Furthermore, users cannot remove this app because it is part of the firmware image, and Google does not allow end-users to alter the firmware image for security reasons.
This is bad as at present, users of Android phones cannot mitigate this vulnerability on their own. They have to wait for Google to do it for them. Which Google has said that they will do. At least with Pixel phones that aren’t the Pixel 9 as that doesn’t have the .apk file in question. Google has said that it will notify other OEMs about this vulnerability. That means that it will potentially take longer for this issue to be addressed on non Pixel phones.
Leave a comment »