Sign In

Communications of the ACM

ACM TechNews

Hackers Exploit Backdoor Built Into Zyxel Devices


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A Zyxel USG40 Unified Security Gateway.

Hackers are trying to exploit a backdoor built into some Zyxel device models used as VPNs, firewalls, and wireless access points by thousands of individuals and businesses.

Credit: Zyxel

Niels Teusink, a researcher at Netherlands-based security firm Eye Control, found that hackers are attempting to exploit a backdoor built into several Zyxel device models used as VPNs, firewalls, and wireless access points by thousands of individuals and businesses.

This backdoor is an undocumented user account with full administrative rights that is hardcoded into the device’s firmware, which can be accessed over SSH or through a Web interface.

Said Teusink, "An attacker could completely compromise the confidentiality, integrity and availability of the device.”

A fix already is available for firewall models and will be available Jan. 8 for AP controllers.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account