Security outfit Trustwave made the discovery of a hidden backdoor in DblTek’s devices which was apparently put there to allow the manufacturer access its hardware. Of course it is also available for any hacker who can crack it, and any government spooks who know about it.

The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device.

When asked about the backdoor DblTek issued a patch which rather than removing the flaw, the vendor simply made it more difficult to access and exploit.

Trustwave said that the firmware with the hole in the middle is present on almost every GSM-to-VoIP device which DblTek makes (hardware which is mainly used by SMBs). Trustwave has found hundreds of these devices on the net, and many other brands which use the same firmware.

The security company also said that it has been able to successfully exploit both the old backdoor, and the new (better hidden) modified version which was patched in at the end of last year.