At the Defcon conference in Las Vegas, security researchers recently detailed several vulnerabilities in routers made by Huawei.
“The vulnerabilities — a session hijack, a heap overflow and a stack overflow — were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws,” writes Computerworld’s Lucian Constantin. “Huawei is one of the fastest growing providers of networking and telecommunication equipment in the world. Huawei equipment powers half of the world’s Internet infrastructure, Lindner said. The researcher, who also analyzed the security of Cisco networking equipment in the past, described the security of the Huawei devices he analyzed as ‘the worst ever’ and said that they’re bound to contain more vulnerabilities.”
“Lindner and his teammate Gregor Kopf were particularly troubled that Huawei has not issued any security advisories about its routers to warn users to take precautions,” AFP reports. “‘These machines have serious security issues,’ Kopf told AFP. ‘In my eyes, the greatest danger is that you don’t know how vulnerable it is; you’re left in the dark.’ Kopf referred to the routers studied by Recurity as having technology reminiscent of the 1990s and said that once attackers slipped in they could potentially run amok in networks. ‘It looks pretty bad,’ Kopf said.”
“Asked about reports that Huawei routers have back doors per the Chinese government’s request, Lindner said: ‘They don’t need to. You (just) need to have Huawei people running your network or help run your network… If you have so many vulnerabilities, they are the best form of (attack) vector,'” writes CNET News’ Elinor Mills.