Friends, I’m a member of a somewhat esoteric tech group called NANOG — the North American Network Operators Group — that Is a wild and wonderful forum for keeping up with key cutting-edge developments and foibles of the often-invisible infrastructure that we rely on for connectedness.
So, at the moment, there’s a bit of a shockwave spreading through security-conscious netizens:
“Backdoor” accounts discovered in several FTTH devices from C-Data
The Z-D net article recounts the finding of what appear to be “intentional” hidden backdoors in the firmware of Optical Line Terminator (OLT) devices in Fiber-to-the-Home (FTTH) settings.
While “FTTH” may sound like it’s just about residential devices, that’s somewhat of a misnomer; FTTH devices are at the endpoints of essentially all fiber-optic internet circuits, both residential and commercial.
These devices are located all over an ISP’s network, and due to their crucial role, they are also one of today’s most widespread devices, as they need to sit in millions of network termination endpoints all over the globe.
One item that amps up these concerns: C-Data is a Chinese equipment vendor.
If many of us aren’t completely aware of this, at least we’ve probably all heard about the controversy surrounding Chinese internet switch manufacturer Huawei — regarding suspicions of similar nefariousness, but without as much definitive proof.
I think it’s reasonable to guess that today’s revelation may pump up lots more spin on Sino-American relations … in my best guess, lots of smoke and very little light. But the uproar most likely won’t be all from the US — other well-connected countries are likely to express their displeasure at this finding as well.
(Of course, just to pre-empt the comments … EVERYONE suspects that the US three-letter agencies have injected similar things in the products the US controls. Sure .. but they haven’t been indisputably detected and documented.)
As of right now, C-Data’s website seems to be pretty jammed up..
