• The Register, Monday, March 6, 2017 9:45 AM

IoT devices from a Chinese vendor contain a weird backdoor that the vendor is refusing to fix, we're told. The vulnerability was discovered in almost all devices produced by VoIP specialist dbltek, and appears to have been purposely built in as a debugging aid, according to researchers at TrustWave. The infosec biz says that it followed a responsible disclosure process, but claims the manufacturer responded only with modifications to its firmware that leave access open. Trustwave claims the vendor then cut off contact with it. The security firm says it has since been able to write exploits that open both the old and new backdoors.

Read the whole story at The Register »