[ISN] Chinese backdoors "hidden in router firmware"

From: InfoSec News (alerts@private)
Date: Thu Mar 06 2008 - 06:18:27 PST


http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html

By Matthew Sparkes
PCPro
4th March 2008

The UK's communication networks could be at risk from Chinese backdoors 
hidden in firmware, according to a security company.

SecureTest believes spyware could be easily built into 
Asian-manufactured devices such as switches and routers, providing a 
simple backdoor for companies or governments in the Far East to listen 
in on communications.

"Organisations should change their security policies and procedures 
immediately," says Ken Munro, managing director of SecureTest. "This is 
a very real loophole that needs closing. The government needs to act 
fast."

"Would they buy a missile from China, then deploy it untested into a 
Western missile silo and expect it to function when directed at the Far 
East? That's essentially what they're doing by installing network 
infrastructure produced in the Far East, such as switches and routers, 
untested into government and corporate networks."

Late last year MI5 sent a letter to 300 UK companies warning of the 
threat from Chinese hackers attempting to steal sensitive data. Reports 
at the time suggested that both Rolls Royce and Royal Dutch Shell had 
been subjected to "sustained spying assaults".

The issue has been debated by government for some time. In 2001, the 
then foreign secretary Robin Cook, warned that international computer 
espionage could pose a bigger threat to the UK than terrorism.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Thu Mar 06 2008 - 06:35:53 PST