Three times is Enemy Action. In this case there were more than 3 times that something bad was done. Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data.

So there is a problem with Chinese-manufactured, Internet hardware being set up to spy on users. Color me shocked.

The researchers found seven problems with the firmware from C-Data. Each a major problem in its own right.

The vulnerabilities are as bad as it gets, but by far, the worst and most disturbing of the seven is the presence of Telnet backdoor accounts hardcoded in the firmware.

The accounts allow attackers to connect to the device via a Telnet server running on the device’s WAN (internet-side) interface. Kim and Torres said the accounts granted intruders full administrator [Command Line Interface] access.

And once in, they could retrieve the passwords of other Administration accounts on the machine, and do a host of other things.

This was not “responsibly disclosed” because the researchers don’t believe these are bugs. These are backdoors deliberately installed in the Fiber To The Home (FTTH) Optical Line Termination (OLT) devices. If your ISP offers “fiber service,” but your house is wired with copper, then there is a device like this somewhere nearby, not necessarily from C-Data, though they were a cheap solution. They also sold a lot of equipment to resellers, so it is hard to say how many of these things there are. Shodan probably knows.

One of the reasons that an organization would have purchased these things is because of cost. I understand cost-accounting as much as anyone in Information Technology and probably more than most, but there are times and places to cut costs and stuff that impacts the security of your entire network probably is not a good candidate.