Chinese hackers

tp-link-faces-possible-us-ban-as-hijacked-routers-fuel-chinese-attacks

TP-Link faces possible US ban as hijacked routers fuel Chinese attacks

Chinese hackers, Policy, tp-link / /

Chinese hackers use botnet of TP-Link routers

Microsoft warned on October 31 that hackers working for the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices for attacks on users of Microsoft’s Azure cloud service. Microsoft said that “SOHO routers manufactured by TP-Link make up most of this network,” referring to routers for small offices and home offices.

The WSJ said its sources allege that “TP-Link routers are routinely shipped to customers with security flaws, which the company often fails to address” and that “TP-Link doesn’t engage with security researchers concerned about them.” The article notes that “US officials haven’t disclosed any evidence that TP-Link is a witting conduit for Chinese state-sponsored cyberattacks.”

We contacted TP-Link today and will update this article if it provides a response. A TP-Link spokesperson told the WSJ that the company “welcome[s] any opportunities to engage with the US government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the US market, US consumers, and addressing US national security risks.”

A March 2024 Hudson Institute policy memo by Michael O’Rielly, a former Federal Communications Commission member, said it remained “unclear how prevalent TP-Link’s vulnerabilities are compared to other wireless routers—from China or elsewhere—as there is no definitive comparison or ranking of routers based on security.” O’Rielly urged federal agencies to “keep track of TP-Link and other manufacturers’ cybersecurity practices and ownership structure, including any ties to the Chinese government,” but said “there is no evidence to suggest negligence or maliciousness with regard to past vulnerabilities or weaknesses in TP-Link’s security.”

New push against Chinese tech

TP-Link routers don’t seem to be tied to an ongoing Chinese hack of US telecom networks, dubbed Salt Typhoon. But that attack increased government officials’ urgency for taking action against Chinese technology companies. For example, the Biden administration is “moving to ban the few remaining operations of China Telecom,” a telco that was mostly kicked out of the US in 2021, The New York Times reported on Monday.

TP-Link faces possible US ban as hijacked routers fuel Chinese attacks Read More »

us-recommends-encrypted-messaging-as-chinese-hackers-linger-in-telecom-networks

US recommends encrypted messaging as Chinese hackers linger in telecom networks

Chinese hackers, Policy, salt typhoon, Security / /

An unnamed FBI official was quoted in the same report as saying that phone users “would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant” multifactor authentication for email accounts, social media, and collaboration tools.

The FBI official reportedly said the hackers obtained metadata showing the numbers that phones called and when, the live phone calls of some specific targets, and information from systems that telcos use for court-ordered surveillance.

Despite recognizing the security benefits of encryption, US officials have for many years sought backdoors that would give the government access to encrypted communications. Supporters of end-to-end encryption have pointed out that backdoors can also be used by criminal hackers and other nation-states.

“For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys,” cryptographer Bruce Schneier wrote after the Chinese hacking of telecom networks was reported in October.

Noting the apparent hacking of systems for court-ordered wiretap requests, Schneier called it “one more example of a backdoor access mechanism being targeted by the ‘wrong’ eavesdroppers.”

1994 surveillance law in focus

CISA issued a statement on the Chinese hacking campaign in mid-November. It said:

The US government’s continued investigation into the People’s Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.

Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders.

The hacks raise concerns about surveillance capabilities required by a 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), which requires “telecommunications carriers and manufacturers of telecommunications equipment design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities to comply with legal requests for information.”

US recommends encrypted messaging as Chinese hackers linger in telecom networks Read More »