In the olden times, war was a straightforward kind of thing — two armies met and fought on a designated battlefield and the winner was usually the last one standing. Then we went ahead and ruined all of that chivalry with the invention of tomahawk missiles and Apache helicopters. Since then warfare has become a never-ending escalation on who can cause the most outright destruction in the least amount of time. A task we appear to be scarily good at and in no rush to slow down on.
Worse still, the battlefield itself has now also evolved. We now exist in the age of cyber-warfare on a global scale, with the modern battleground including the near-infinite expanse of the internet. A place where pasty-faced footsoldiers slouch double-time at their desks, moving silently through a digital expanse of ones and zeroes — faceless troops that don keyboards and launch full-scale assaults with lines of virtual code.
The same labyrinth of cables and wires that brings you your beloved BuzzFeed quizzes also works as the supply line for a global tug-of-war for digital dominance. It’s all very cloak-and-dagger stuff, so cloak-and-dagger that you’re probably unaware that you, yes indeed, you are now a part of it. At least you are if you own a TP-Link router.
Welcome to the CCP, Comrade
News just in, owners of TP-Link routers could now be unwitting agents of the Chinese Communist Party.
Over the last few months, Check Point Research has been investigating an alarming new piece of custom malware, going by the name “Horse Shell,” that’s infecting consumer and business-level TP-Link routers. Once deployed, the malware has full access to the infected device, granting it the freedom to upload or download files and mask the origin or destination of any traffic.
The result of which magically transforms your trusty personal wireless router into a fully functioning proxy for ner-do-wells to use and abuse as they please. So just who is behind the injection of this malicious code? According to the security sleuths at Check Point Research, this particular campaign can be traced back to the Chinese state-sponsored group they’ve labeled “Camaro Dragon.” Which, as it turns out is an Advanced Persistent Threat (APT) and not some sort of bootleg Pokémon.
The “Horse Shell” malware has already been found to play a part in the targeting of European foreign affairs entities — piggybacking through several of these infected nodes as it went. And, while the malicious code being researched included images of TP-Link firmware, the written code is referred to as “agnostic” in nature, meaning this problem could be more widespread than through one specific brand. So, if you’re within ten feet of a wireless device, you could effectively be surrounded by the impending threat of a foreign cyber attack at any moment. Enjoy carrying that bit of knowledge around with you today.
Outlook
Before you start ripping your TP-Link router from the socket and attacking it with a hatchet for making you an unwitting accomplice to treason, there are methods at hand for the prevention and removal of this malicious injection — methods that won’t result in you picking out shards of plastic and transistors from your white picket-fenced lawn over the next week and change.
The exact method of how “Camaro Dragon” have managed to inject its malware into these devices remains as of yet elusive. Though researchers do presume that weak, default, or otherwise insecure password protection may be as equal a culprit as other commonly known exploits.
As such, be sure to change the default credentials of your router (or any device for that matter) before it is connected to the internet. Also, make sure that your router’s firmware and any attributing software are regularly kept up to date. Simple measures like this may seem quaint, but they will often make your devices far too much of a headache for attackers to bother with.
Check back with Laptop Mag often for any further details and updates on software and online security issues that may be relevant to you.
