← Back to context

Comment by BloondAndDoom

14 hours ago

At that point it’s not even a back door it’s just stupid default root password kind of design which used to be standard in this kind of hardware. Backdoor would at least try to be subtle :)

Backdoors are often (almost always?) designed to look like incompetence so that there's plausible deniability.

  • It's refreshing to see someone around here addressing the compulsively overlooked elephant in the room; plausible deniability. I am not implying it applies directly here, but notice the trend -- it's taboo to even speculate on and often gets rebuke for even hinting at it. The social convention around it is perfect cover. And I am not the only one that knows this. If we were to wake suddenly and realize the scale of relevance here, we'd probably all go full luddite. Call me paranoid though.

    • If this wasn’t Tenda maybe I would be more inclined to agree with you. We are talking about an extremely shitty bargain basement vendor. The three stars on Amazon kind of router company.

      I think sufficiently explained by incompetence over malice applies here. Some nefarious three letter agency having a backdoor like this is pretty pointless anyway.

      Unless you’ve enabled remote management you can’t even get to this backdoor from a physical network perspective.

      And then you change some router settings which really aren’t a magical access point into your devices in your home. My PC isn’t just going to magically allow you to browse the file system just because a malicious actor got on my local network. They can’t intercept anything moving over TLS.

      Not saying it’s good to have that kind of access, but I think at the scale of “typical home network of consumer devices” the utility and blast radius is pretty limited. Go ahead and launch a DDOS attack on my printer and use up my ink cartridges, I guess.

      1 reply →