alt.hn

4/22/2026 at 11:10:49 AM

Iran claims US exploited networking equipment backdoors during strikes

 https://www.tomshardware.com/tech-industry/cyber-security/iran-claims-us-exploited-networking-equipment-backdoors-during-strikes

by pseudolus

4/22/2026 at 11:35:00 AM

Surely they don't need backdoors when they can just exploit the awful network security that American networking equipment vendors already come with out of the box?

The US needed to smuggle Stuxnet in, but with networking equipment there's a treasure trove of shitty practices. Cisco and Juniper have been caught hiding hard-coded password how many times now?

by jeroenhd

4/22/2026 at 12:42:26 PM

Sometimes it's hard to tell if it's a real bug or a backdoor masquerading as a vulnerability.

by mr_mitm

4/22/2026 at 1:02:25 PM

It's a bugdoor.

by CodesInChaos

4/23/2026 at 6:49:00 AM

That word is now permanently in my dictionary, thank you!

by nasretdinov

4/23/2026 at 9:51:56 AM

https://youtu.be/-9dbAQJIu1o

by thrownthatway

4/23/2026 at 1:46:44 PM

Ah Yes. When cartoons were curated with real essence.

Never heard of show before I will however now seek to watch.

by doublerabbit

4/23/2026 at 11:43:04 AM

>> Surely they don't need backdoors when they can just exploit the awful network security that American networking equipment vendors already come with out of the box?

For Cisco they literally keep doing it year after year. They are like the Boeing of the IT world. Its unbelievable how they are still in business and growing...and then people worry about Mythos… :-))

Even Bruce Schneier said that Cisco products have had hard-coded passwords made public repeatedly, and "you'd think it would learn.": https://www.schneier.com/blog/archives/2023/10/cisco-cant-st...

Cisco your core vendor...this is way the CEO earns the big bucks...

2010 (CVE-2010-1574): Cisco IE3000 switches shipped with hard-coded SNMP community names public and private.

2017 (CVE-2017-3834): Cisco Aironet 1830/1850 Mobility Express had default credentials that could let an unauthenticated remote attacker take control of the device.

2017 (CVE-2017-6689): Cisco Elastic Services Controller had a default weak hard-coded password for the admin user in the ConfD CLI.

2017 (CVE-2017-12317): Cisco AMP for Endpoints used a static key to protect the connector password

2018 (CVE-2018-0141): Cisco Prime Collaboration Provisioning 11.6 had a hard-coded SSH account password that could allow local access to the underlying Linux OS.

2018 (CVE-2018-0150): Cisco IOS XE had an undocumented privilege-15 account with a default username and password, allowing unauthenticated remote administrative access.

2018 (CVE-2018-15389): Cisco Prime Collaboration Provisioning’s install flow could leave a default hard-coded web admin username/password in place.

2019 (Cisco advisory; credential issue documented in the advisory): Cisco Small Business RV160/RV260/RV340 firmware images were found to contain undocumented accounts and hardcoded password hashes

2021 (CVE-2021-34795): Cisco Catalyst PON ONT devices had a default Telnet credential vulnerability when Telnet was enabled.

2021 (CVE-2021-34757 / CVE-2021-34744): Cisco Business 220 Smart Switches had a static-password issue and a static-key issue

2023 (CVE-2023-20101): Cisco Emergency Responder shipped with static root credentials that could not be changed or deleted, enabling unauthenticated remote login.

2024 (CVE-2024-20412): Cisco Firepower Threat Defense for Firepower 1000/2100/3100/4200 had static accounts with hard-coded passwords

And Juniper? And Fortinet ? Yeap...Our CEOs earn big bucks too...

- Juniper

2015 (CVE-2015-7755 / CVE-2015-7756): Juniper disclosed unauthorized code in ScreenOS that enabled unauthorized remote administrative access and, separately, VPN traffic decryption on affected versions.

2017 (CVE-2017-2343): Juniper SRX Integrated UserFW had hardcoded credentials in its authentication API.

2019 (CVE-2019-0020): Juniper ATP shipped with hard-coded credentials in the Web Collector instance.

2019 (CVE-2019-0030): Juniper ATP used DES with a hardcoded salt for password hashing

- Fortinet

2016 (CVE-2016-1909): FortiOS, FortiAnalyzer, FortiSwitch, and FortiCache had an undocumented Fortimanager_Access account with a hardcoded SSH passphrase.

2019 (CVE-2019-6698): FortiRecorder set a hardcoded admin password on managed FortiCameras.

2019 (CVE-2019-6693): FortiOS / FortiManager / FortiAnalyzer used a hard-coded cryptographic key for sensitive config data

2020 (CVE-2019-16153): FortiSIEM had hard-coded PostgreSQL credentials in its database component.

by tcp_handshaker

4/22/2026 at 5:31:08 PM

It must be easier to do en masse if there are backdoors. Not saying I trust the allegations, but wouldn't be surprised.

by traderj0e

4/22/2026 at 12:14:52 PM

At this point, any US company's products on software and hardware side can be safely considered an espionage asset. Even ignoring well known things like intercepting international packages during transit and putting malware into them.

Same goes obviously for ie Chinese stuff, but I don't think you guys realize how for outsider the border between China and US in terms of morality is practically non-existent now. I don't mean it in any snarky way, just looking at facts.

Also, China doesn't invade countries half around the world and bring them to utter destruction and misery for generations to come, killing thousands to millions of civilians and creating breeding grounds for things like ISIS. They do their own thing, quietly and patiently, with laser focus and for outsiders its at most 'not great not terrible' category.

by kakacik

4/23/2026 at 11:25:19 AM

> Also, China doesn't invade countries half around the world and bring them to utter destruction and misery for generations to come, killing thousands to millions of civilians and creating breeding grounds for things like ISIS. They do their own thing, quietly and patiently, with laser focus and for outsiders its at most 'not great not terrible' category.

Here are a list of things that definitely don't fall under 'not great not terrible' category:

Great Leap Forward - estimated 15 million to 55 million people death

https://en.wikipedia.org/wiki/Great_Leap_Forward#Deaths_by_f...

One-child policy

https://en.wikipedia.org/wiki/One_child_policy

Tiananmen Square protests

https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests...

People's Republic of China annexation of Tibet

https://en.wikipedia.org/wiki/Annexation_of_Tibet_by_the_Peo...

Support of Khmer Rouge

https://en.wikipedia.org/wiki/Khmer_Rouge#Number_of_deaths

Uyghurs in China - est. ≥1 million detained

https://en.wikipedia.org/wiki/Persecution_of_Uyghurs_in_Chin...

Leaders of countries which want to do business with China, most countries in the world, have to talk only very quietly about these "sensitive issues", or better not mention them at all.

by leonidasrup

4/22/2026 at 2:22:25 PM

If the US tried their own belt and road people would be screaming about "imperialism/colonialism/white privilege"... thing's aren't as cut and dried as US evil and "oh shucks that clever Chinese government, not great but not terrible"

by Avicebron

4/22/2026 at 3:18:19 PM

I think you would find very few people who think belt and road wouldn't be vastly superior to what the us is doing now

by thatguy0900

4/22/2026 at 4:22:43 PM

American "belt & road" has been tried, but in a neoliberal way, through WB and IMF, and it has been an utter failure (see Joe Stiglitz or Ha-Joon Chang for examples). Chinese are way more pragmatic (smarter) about it.

by js8

4/22/2026 at 7:15:44 PM

Wait there is network equipment made in the US? I thought everything was basically made in Asia nowadays!

Oh and Nokia of course but Europe is just as bad as China in the conservative mind...

by expedition32

4/24/2026 at 7:00:51 AM

I wonder how much of the world now sees American and Israeli tech as security risk?

by mrcartmeneses

4/24/2026 at 12:03:14 PM

Hopefully the whole world

by drekipus

4/22/2026 at 12:12:44 PM

Which is why they should have bought networking equipment from their friends.

by throwawayffffas

4/22/2026 at 11:31:11 AM

So they burned through weapon stockpile and also through zero day stockpile. Good job, another strategic success which will help in war with China...

by Geof25

4/23/2026 at 1:13:43 AM

Facebook used to be known for their benefits & perks. Now it is known as San Quentin. I hope their top talent leaves in droves.

by sinoue

4/22/2026 at 4:30:54 PM

Of course they did

by Cluelessidoit

4/22/2026 at 12:46:49 PM

Turns out, a $14.5 Billion budget can buy some mind-bendingly awesome cyber effects.

by ungreased0675

4/23/2026 at 10:40:36 AM

Iran clearly has tech/network/hacking capability, while also having unprecidented authority to just do ANYTHING while they do a litteral strategic reboot. Given that Russia and China,(others) are interested in closeing "bugdoors" as well, it is likely that new network systems and protocals will be imposed by these countrys.

by metalman

4/22/2026 at 11:28:12 AM

Which is why banning chinese routers and banning chinese cars than can be remotely disabled by the komrades makes sense.

Selling cars, worldwide, made sense when they weren't always connected to the mother land. Germans selling you a BMW in the 80s? You've got the key: you turn the key. They couldn't turn off all the BMWs if suddenly the US were to be at war with Germany again.

But this madness of cars receiving OTA updates and remote subscriptions and whatnots?

by TacticalCoder

4/22/2026 at 11:59:30 AM

The era of "smart cars" actually makes targeting much easier. You don't need to bulk disable cars in a country.

Imagine an enemy country using zero-days to track a military leader via their personal device(s), then disabling their smart civilian vehicle they use to commute to work. Final leg is they had previously parked drones along their expected commute routes for just such an occasion and..

edit: see interesting hypothetical future war series on YT, specifically this bit.. https://youtu.be/drr7mmibt9E?t=157

by steveBK123

4/22/2026 at 12:20:51 PM

I presume the very basic safety requirement for any VIP person in the future will be fully offline car, with updates only done at certified secured service, or simply not done since the car just keeps working. Something along melting chip of 5g/whatever antenna or ripping out whole comm box.

Ah, think about it, the luxury of owning your own car, you and only you. I can almost imagine it. The future, its bright.

by kakacik

4/22/2026 at 12:50:58 PM

Have you missed the Trump presidencies?

by halJordan

4/22/2026 at 1:58:31 PM

If there was a pill for that, I would take it

by steveBK123

4/23/2026 at 4:07:25 AM

Why do they need drones? They could just make the car accelerate as fast as it goes, when the GPS says it's coming up to a T-junction or something.

by brokenmachine

4/22/2026 at 11:38:23 AM

If you bought a BMW in the 80s and you were suddenly at war with Germany, you'd be stuck scavenging for replacement parts the moment something in the engine failed. It's not as easy and direct, but the problem is still there.

Doing business with the enemy always comes with a risk. For countries that don't build their own networking equipment (including the PCBs and chips), you have to accept some level of risk or you have to avoid such technology all together.

by jeroenhd

4/22/2026 at 11:58:10 AM

> Doing business with the enemy always comes with a risk.

Or indeed with allies, as Europe is just finding out...

by kilpikaarna

4/22/2026 at 12:06:48 PM

Indeed, though we are also finding out how bad it is to not have any local competition in many fields of hardware, software, and manufacturing.

Heavily sanctioned countries like Afghanistan and Iran have one thing going for them, and that's that they can't easily build a dependence on foreign technology (though not having such technology at all is arguably just as bad).

by jeroenhd

4/22/2026 at 11:46:49 AM

The average time before a car NEEDS a replacement part to run must be at least a few years. That's a different situation from flipping a switch to turn all connected cars off.

by exitb

4/22/2026 at 11:54:28 AM

But on average, all cars are a few years old, and wars aren't over in a few months.

by jeroenhd

4/22/2026 at 12:05:14 PM

Mechanical parts can be reverse engineered after you run out of inventory and the ability to gray-source them via 3rd parties/countries.

Also that is an "eventual problem".

The era of smart everything exposes you to pinpoint time/place/person disablement by the enemy.

by steveBK123

4/22/2026 at 2:28:08 PM

Who's "the enemy"? I surrender.

The philosophy and structure we rest on is much more precarious than our technologies.

by catigula

4/22/2026 at 3:14:11 PM

Avoid becoming important enough to be targeted by any nation state

by steveBK123

4/22/2026 at 12:45:07 PM

Not for a BMW though.

by dasKrokodil

4/22/2026 at 10:53:30 PM

They'll also remote-disable all your seat warmers

by traderj0e

4/22/2026 at 5:29:20 PM

Italian cars give you this experience without there even being a war

by traderj0e

4/23/2026 at 11:04:13 AM

Isn't that like saying they made use of projectiles during a shooting war? Color me shocked.

by classified

4/22/2026 at 12:32:18 PM

[dead]

by aaron695

4/22/2026 at 12:49:56 PM

[flagged]

by mugiseyebrows

4/22/2026 at 3:23:05 PM

Is it worse than murdering 30,000 protestors though?

by jazz9k

4/22/2026 at 5:34:01 PM

If the number is true, that means the US and israel go and kill even more. Makes sense /s

by za3faran

4/22/2026 at 3:58:34 PM

[flagged]

by therobots927

4/22/2026 at 1:53:23 PM

But why do have all these Intel ME, AMD PSP and ARM TrustZone / Secure Bootloader backdoors in all but RISC-V CPU's now, when they have to reboot poor stupid Jupiter, Cisco, Fortinet, and MikroTik devices? Oh, that's for the real enemies, the socialists. The ones with workers rights.

by rurban