FiberHome Networks is a major player in telecommunications and networking equipment for the Chinese market and trade allies, with hundreds of thousands of customers using their routers worldwide.
There’s plenty to tell about this company but today’s news is regarding the worrisome finding of at least 28 backdoor accounts and other severe vulnerabilities in the firmware of an FTTH ONT router from FiberHome that is widely used around the world, mainly in Southeast Asia and South America.
Pierre Kim, a cybersecurity researcher, published a report addressing abundant security issues in two different FTTH ONT router models developed, manufactured, and sold by the company.
What FTTH ONT Actually Is
To understand how critical these vulnerabilities are, we need to know what FTTH ONT is. These two terms stand for Fiber-to-the-Home Optical Network Terminal.
So basically, an FTTH ONT device is needed to convert optical signals sent via fiber optics cables into usable Ethernet and WiFi connections. These terminals are widely used in buildings to transform optical signals and even at homes and offices that opt for gigabit-type subscriptions.
Vulnerabilities Found
In the report, Pierre Kim does a great job describing an extensive list of issues found in these devices, some surprisingly simple yet severe.
For example, passwords and authentication cookies for the admin panel were stored in cleartext in HTTP logs, while the attackers were able to disable JavaScript on the browser and cause a leak of sensitive details when in the management interface, details such as the device’s MAC address.
The report also notes that proper firewall protection was only active on the IPv4 interface and not on the IPv6 one, leaving it completely unprotected and simply to hack if the malicious agent knows the IPv6 address.
Interestingly enough, the credentials in the web server binary were encrypted but the XOR key needed to decrypt these was also accessible in the binary. This issue alone denotes the severity of the mistakes made.
Also worth mentioning, Kim found a privilege escalation vulnerability in the Telnet daemon that allowed malicious agents to freely escalate their privileges up to root level.
A Problem of Different Nature
The researcher makes a very serious suggestion in the report, saying that he believes that due to the nature and characteristics of some of the backdoors, they may even be intentional, placed by FiberHome.
In fact, Kim notified the vendor but there has been no news coming from FiberHome regarding patching the vulnerabilities.
But there is more. In 2019, it was known that malicious agents were abusing FiberHome devices to assemble botnets. Then in May 2020, the U.S. Commerce Department’s Bureau of Industry and Security blacklisted FiberHome in an action against Chinese tech companies accused of cyberespionage and crimes related to human rights abuses in Xinjiang against Muslim minority groups.
While Huawei often steals all the front covers when it comes to cybersecurity issues and conflicts with US officials, FiberHome has its own stories to tell.
