IoT devices from a Chinese vendor contain a hidden backdoor that the vendor is refusing to fix, according to security researchers.
The backdoor was discovered in almost all devices produced by VoIP specialist dbltek, and appears to have been purposely built in for use by the vendor, according to security firm TrustWave. The firm says that it followed a responsible disclosure process, but claims the vendor responded only with modifications that leave the backdoor open.
Trustwave claims the vendor then cut off contact with it. The security firm says it has since been able to write exploits that open both the old and new backdoors.