Loading

研究人员说:在中共国的互联网设备中发现了“后门”入口 【中英对照翻译】

新闻来源:Fox News《福克斯新闻》;作者:Brooke Crothers;发布时间:July 17 2020 / 2020年7月17日

翻译/简评:文明明;校对:leftgun;审核:海阔天空;Page:拱卒

简评:

首先,网络安全问题是如今社会人人关心的敏感问题,因为它牵涉到人们生活的方方面面,从政治经济到个人隐私。 所以这个行业的立法极其重要。象C-Data和V-SOL这样的公司,向全世界提供有后门的设备,不仅要在道德上加以谴责,更要在经济上和法律上严惩不怠,彻底杜绝类似情况发生。

再则,C-Data和V-SOL 都是中共国的公司,难道这只是巧合?还是精心预谋?C-Data 公司承认了“后门”的确存在,但又否认是有意而为之,不禁让人联想起同是来自中共国的华为、抖音、Zoom等等。中共这种从网络上偷窃情报和信息的不齿行为让所有中共国的企业和普通老百姓跟着丢尽了脸。但愿这两家公司不是中共信息战和情报战中的两枚棋子。

原文:

'Backdoor' access found in Chinese Internet devices, re-searchers say

研究人员说:在中共国的互联网设备中发现了“后门”入口

The backdoor could give cybercriminals “complete ... access”

“后门”可能留给网络罪犯“全权...访问”的机会

Researchers have found a “backdoor” in Chinese networking equipment that could allow anyone to access the devices with the right tools.

研究人员发现中共国的网络设备存在“后门”。通过使用相应的工具,任何人都可以访问这些设备。

The devices’ vulnerabilities could allow virtually anyone to access the Telnet accounts of popular networking devices from Chinese companies C-Data and V-SOL, security researchers Pierre Kim and Alexandre Torres wrote in two advisories. Telnet is a protocol to ac-cess computer devices remotely.

网络安全研究人员Pierre Kim和Alexandre Torres在两个建议书中写道:这些设备的安全漏洞几乎允许任何人进入设备的Telnet帐户—— 这些受欢迎的网络设备是来自中共国公司C-Data和V-SOL。 Telnet是一种用于远程访问计算机设备的规程。

The backdoor could give cybercriminals “complete administrator CLI access,” the researchers wrote, referring to Command Line In-terface.

研究人员在提到命令行界面时写道,后门可能会留给网络罪犯“全权的指令线接口(CLI)管理员访问权限”。

Known as Fiber to the Home (FTTH) Optical Line Termination (OLT) devices, the products are the “endpoint” that provide access to service providers on an optical network.

这些被称为光纤到户(FTTH)、光缆终端(OLT)的设备,是服务提供商进入光纤网络的“端点”。

FTTH is now common, and many home users throughout the U.S. are plugged into these networks. These devices are also used in millions of networks glob-ally.

现在,光纤到户(FTTH)已经非常普遍,美国全国各地的许多家庭用户都已接入这些网络。这些设备还在全球数百万个网络中使用。

The researchers found the security issues in software — known as firmware — running on two of the C-DATA devices and one of the V-SOL devices but they speculate the vulnerabilities could be present in dozens of other models.

研究员们发现在两个C-DATA设备和一个V-SOL设备上运行的软件(也被称为固件)也存在着安全问题,他们推测该安全问题还可能存在于其他数十种型号中。

“A hacker can intercept and modify the traffic from all the customers connect-ed to these appliances and steal passwords sent in clear-text,” Kim told Fox News in an email.

金(Kim)在一封电子邮件中告诉福克斯新闻: “黑客可以拦截和修改所有与这些设备连接的客户的信息,并窃取以明文(cleat-text)形式发送的密码”。

Jayant Shukla, co-founder and CTO of K2 Cyber Security, said these vulnera-bilities pose serious problems. “Having a backdoor into networking devices like these … is as serious a compromise as you can get,” Shukla told Fox News.

K2网络安全的联合创始人兼首席技术官Jayant Shukla说,这些安全漏洞构成了严重的问题。他还告诉福克斯新闻说:“拥有这样的网络设备的后门……是您可以遇到的最大的威胁。”

“Network devices are often accessible to attackers, since many are directly on the internet, and they are typically not secured very well,” he added. “The oth-er issue is that networking devices do not get scrutinized very often for com-promises or receive regular patches with the zeal that is typically used for servers and desktops.”

他补充说:“因为许多设备直接在网络上,而且通常没有得到很好的安全保护,使网络攻击者可以经常攻入设备。另一个问题是,网络设备不经常进行受攻击的审查,或进行定期的自动修复。而这些却是经常使用在伺服器和台式机上的”

While it is not known what attackers, if any, would take advantage of this. The mere possibility of this happening also presents an opportunity for state-sponsored hackers.

现在还不清楚网络攻击者(如果有)会怎样利用这些安全漏洞,但是仅仅是这种可能性的存在也会给国家支持的黑客有机可乘。

“With backdoor access to the device, state actors can gain access to sensitive information passing through these devices. … They can also use these devices to launch attacks on the other parts of the network and wreak havoc [such as] shutting off or misconfiguring the device,” Shukla explained.

Shukla解释说:“通过进入设备的后门,国家级黑客可以获得由这些设备传递的敏感信息。 …他们还可以使用这些设备对网络的其他部分发起攻击,并造成严重破坏,例如关闭或错误配置设备。

“Backdoors in equipment is a serious concern. We have seen this several times over the past years and they tend to be in cheaper equipment from smaller Chinese manufacturers," Lamar Bailey, director of security research and de-velopment at Tripwire, told Fox News.

Tripwire的安全研发总监Lamar Bailey告诉福克斯新闻:“设备后门是一个严重的问题。在过去的几年中,我们已经多次发现这种情况,它们一般来自于较小的中共国制造商生产的廉价设备。”

C-Data posted a lengthy response on its website.

C-Data在其网站上发布了冗长的回复。

“C-Data admires the work of … Pierre Kim and Alexandre Torres, and thanks [them] for their identifying security breach problems through detailed test-ing," the company said in the statement.

该公司在声明中说:“ C-Data赞赏Pierre Kim和Alexandre Torres的工作,并感谢他们通过详细的测试发现的安全漏洞。”

The statement attributed some issues to “counterfeit” devices that are not made by C-Data but also recognized vulnerabilities in its devices. The compa-ny disputed, in some cases, the ability to remotely access the devices via a backdoor. The response also lists additional "measures to defend against cyber-attack" for customers.

该声明将一些问题归罪于非C-Data制造的“伪劣”的设备,但也承认了自己设备中的漏洞。在另一些问题上,该公司反对那些对它们通过“后门”远程访问设备的质疑。该声明还向用户列出了额外的“防御网络攻击的措施”。

Any vulnerabilities "should not be interpreted as C-Data intentionally left a backdoor," C-Data added.

C-Data补充说,任何漏洞“都不应被解读为C-Data有意留下了后门。”

Fox News has contacted C-Data and V-SOL for comment.

Fox News已经联系C-Data和V-SOL对此做出回应。

编辑:【喜马拉雅战鹰团】Edited by:【Himalaya Hawk Squad】