BiHu routers are government mandated in Qingdao, Xiamen, Chifeng China for any company providing wifi services, including all retail stores, or the stores will get a heavy fine.
The stick: If stores do not replace their routers they face fines of 100,000 yuan (US$18,589).
The carrot: for each device connected to the router they earn 8 fen
The cost: A 100RMB deposit, refundable
The switch to government-approved routers was based on Chinese laws and regulations on cybersecurity and counterterrorism, which require all premises offering internet services to install a security management system, according to a Qingdao police statement posted on Weibo by merchants who received the notice.
According to the Provisions on the Technical Measures for the Protection of the Security of the Internet effective from 2006, all premises with Wi-fi services should install the security management system to record and store data about registrations, logins and page visits as well as other activities by internet users…
The BHU routers have “multiple critical vulnerabilities” that could allow attackers to access sensitive information, according to analysis by IOActive, a US information technology service company.
One of the few stories about the company in English isn’t a good one: In 2016, a report says one of its routers had “multiple critical vulnerabilities,” including the ability to bypass authentication, gain access to admin functions, and even inserts a JavaScript file into all web traffic.source
BHU routers have also been found to have “multiple critical vulnerabilities” in a 2016 report. Bad actors could have potentially gained root access through the login credentials that are hard-coded on the router, which would permit hackers to eavesdrop on web traffic or redirect traffic to a specific location. The security report noted how the vulnerability allowed someone to brick the router by removing critical files. source
The expert also explained that the BHU Wi-Fi router comes with hidden users, SSH enabled by default and a hardcoded root password … not so bad for an attacker…
…it injects a third-party JavaScript file into all users’ HTTP traffic.
…An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges.” wrote Sauvage.”
…the CGI script running everything reveals the session ID of the admin cookie, this means that it could easily hijacked by an attacker that obtains admin privileges.
The BHU Wi-Fi router includes a hard-coded SID, 700000000000000, an attacker can get access to “all authenticated features” by presenting it to the router…
The router could be used by attackers to eavesdrop on the device traffic using a command-line packet analyzer like tcpdump or to hijack it for other malicious purposes.
“At this point, we can do anything:
Eavesdrop the traffic on the router using tcpdump
Modify the configuration to redirect traffic wherever we want
Insert a persistent backdoor
Brick the device by removing critical files on the router “. source