We’d like to address the recent concerns regarding SSH access and the remotectl functionality on the ISG device.
- SSH “Backdoor”:
The SSH access mentioned is part of Termux’s built-in mechanism. It is used solely for internal communication between the ISG APK and Termux APK. In the latest ISG version, users can customize this password themselves via:
ISG Settings → Settings → System Access → Password
This ensures that the mechanism is fully secure and not accessible to unauthorized parties.
remotectl/ WebShell:
Theremotectlfunctionality is part of the ISG APK’s WebShell feature, which is disabled by default. Users can enable it manually via:
ISG Settings → Settings → Remote WebShell
Unless a user explicitly enables this feature, no external access is possible, and the device cannot be used as a botnet node or for any remote attacks.
We take device security very seriously, and these mechanisms are designed for legitimate internal functions only. Users are always in full control of enabling or modifying access.