March 6, 2017 11:54

Trustwave, a security company, reported last week that a hidden back door had been found in the VoIP products produced by Shenzhen Debre Technology Co., Ltd. The back door is located in the telnet management interface of the Debre device, which allows attackers to open a shell remotely on the target device with root permission. Trustwave contacted Debre many times last fall, and the company finally released an updated firmware at the end of December, but the firmware did not remove the back door, but only increased the difficulty of access and utilization. Further contact will no longer have any response. Trustwave found that the backdoor of firmware exists in almost all GSM to VoIP devices produced by detpak, and security researchers found hundreds of devices that can be remotely used by detpak and other brands using the same firmware in the network.