Hack In The Box: researcher reveals ease of Huawei router access

Hack In The Box: researcher reveals ease of Huawei router access

Summary: At Hack In The Box researcher Felix "FX" Lindner has shown how Huawei routers are easy to access with their static passwords and how one machine could give an attacker access to an entire network.


Researcher Felix "FX" Lindner has just revealed to attendees of his talk at security conference Hack In The Box how easy it is to gain access to Huawei routers and telco equipment, spelling out how backdoor access is not necessary if an attacker wants to get in and access traffic that runs through them.

He told the packed room in Kuala Lumpur, "I don't know if there are backdoors - but it doesn't matter since there are so many vulnerabilities."

More from Hack In The Box:

Lindner showed that code running the routers - used by billions worldwide - is shockingly dated and riddled with security holes. While he says he has not found any new vulnerabilities per se, he says he has discovered some revelatory "special features."

These "special features" include the telco's bootloader protection - where one would set a password to protect against loading new software. 

Huawei's bootloader protection apparently has a static password across the board in its routers that can't be disabled - though physical access is key to the attack.

Lindner had a slide with examples of actual current Huawei router passwords, with amusing words such as "supperman."

See also: More transparency needed from Chinese tech vendors | US report catalyst for complaints against Huawei, ZTE | The Huawei dilemma: Should the UK be worried? | Huawei fires back at Congress: 'Customers know and trust us' | Can Huawei crack the U.S. data center market?

There were more revelations in Lindner's talk, including the fact that if you have a home Huawei router that your ISP doesn't want you to have access to, all you need is a serial cable.

Unbeknownst to nearly everyone, three representatives from Huawei were in the audience. They were not amused and left the talk quickly the minute Lindner concluded.

Huawei routers

Lindner made headlines after Defcon in July when he presented a talk showing Chinese Huawei routers to be so riddled with security holes that they were fairly trivial - potentially ideal - for attackers to reconfigure, intercept, monitor and alter all traffic that runs through them.

Chinese Huawei routers are used by billions of people worldwide, Huawei is the second-largest telecommunications firm in the world and it is considered the fastest-growing router manufacturer in the world.

This Monday Congress issued a report raising concerns about national security in relation to Huawei's suspected role in using technology to help the Chinese government expand its overseas spying operations. 

The House Intelligence Committee released the findings Monday and has urged U.S. companies doing business with Huawei to use another vendor.

The Atlantic reports,

An October 8 House report held that Huawei and ZTE "failed to provide evidence that would satisfy any fair and full investigation" into their ties to Chinese intelligence-gathering operations, and recommended that both U.S. government entities and private enterprises avoid doing business with the two given "long-term security risks."

Ancilliary national security threat documentation for Congress' statements is currently held in a classified report - the results of a yearlong congressional probe.

Huawei representatives

Huawei's reaction to the report's conclusions has been a warning of reprisal according to statements made by its Vice President of external affairs, William Plummer.

The Chinese government has lashed out at the U.S. government report with a Chinese minister calling it "groundless accusations."

When Computerworld spoke with Lindner before his talk today they went on to report:

The accusations contained in the report are broad and unspecific.

Lindner said the report is "lacking truth in data," which is exactly why he tears apart millions of lines of router code looking for security problems.

With Huawei, he's found plenty.

In July just before Felix Lindner announced his findings on the Huawei routers, a former Pentagon analyst reported that the Chinese government has "pervasive access" to around 80 percent of the world's communications (and wants more), saying Huawei was complicit in this telecom backdooring.

After Defcon, Lindner told c|net that the Chinese government didn't need backdoors with Huawei's routers acting essentially as a network's man-in-the-middle.

felix FX lindner

When news of Lindner's discoveries went public after this July's Defcon hacker conference, Huawei went on the defensive and issued a statement saying the claims had yet to be verified.

Lindner runs Berlin-based security consultancy Recurity Labs.

I spoke to Lindner just after his talk and asked about Huawei's huge router problem and its surveillance-friendly, dated code - and how the issue might be solved.

Lindner told me,

"I don't think this was something that was done with intent. I believe the static passwords were to simplify customer service and easier for mass support calls."

On a wider level, Lindner believes that what's needed at Huawei is a consciousness shift in regard to approaching security and adopting security best practices.

He said,

"They need to understand security best practices as a global player, they need to have have secure coding developer practices. The consciousness shift to upgrade security practice is huge but necessary - Microsoft did it.

The question is how far are they willing to go to convince the public they care? It's also an image problem.

They will need to approach it as a long term issue that needs to be solved."

However he explained,

"They should be able to patch it - update the bootloader - because the images for larger machines carry bootloader updates with them. I haven't tried this but I assume this is how it would work."

Whimsically he added, "Tell your mom to do a bootloader update."

Meanwhile, today the Washington Post reported that Cisco has sent a document to telecom companies stating:

Fear of Huawei spreads globally. Despite denials, Huawei has struggled to de-link itself from China’s People’s Liberation Army and the Chinese government.

Huawei is Cisco's biggest competitor.

Needless to say, what Lindner has revealed at Hack In The Box today is a serious issue for all users of Huawei products.

Topics: Networking, Cisco, Government, Government Asia, Government US, Security, Telcos, China

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • you get what you pay for

    free google search - google is collecting your data.
    cheap Chinese router - your network packets end up in Beijing.
    • Totally Agree

      I'm still looking for a paid search engine. Haven't used search engines in years.
      • Actually, I'm thinking of opening a search engine myself

        Don't use the free stuff like Google, Bing or Yahoo. Mines will make you pay to search so you know you're getting something quality.
        • Mines????

          Your quality seems to lack eloquent speech?
  • Glad I don't use any of those routers...

    How did they become such a large company with such huge security issues? Oh wait, I guess that's not all that surprising. ;)
  • Huawei UK moving headquarters to be next door to Cisco

    Huawei announced yesterday that they are moving their U.K. headquarters from Basingstoke to Green Park, Reading. Cisco's U.K. headquarters is also on Green Park...
  • Hack In The Box: researcher reveals ease of Huawei router access

    It must be running linux.
    Loverock Davidson-
    • Almost right...

      No it's running Win CE. Who other than M$ would use "supperman"as a password!

      Johan Safari
  • NSA Involvement?

    Now we know how the NSA can intercept every bit of Internet traffic. All they have to do is monitor all these router's traffic to China.
  • You don't know what you don't know...

    Well, Mr. Lindner's analysis of the Huawei router code is certainly and embarrassment to Huawei, but unless you had the lab and experience to review the Huawei router code, you are pretty much at their mercy. This speaks to the wider investigation of Huawei as a vendor whose 4G telecommunications equipment is entering the US market. Unless a third party or the NSA/CIA actually examines the code embedded in these devices who really knows what the risk is in using them? We heard not too long ago how the US and Israeli governments were able to sabotage Iran's atomic fuel centrifuges by embedding code in the controllers used by these devices. If Huawei's router code is full of security holes, you can just use your imagination to think about what might happen to you or your intellectual property or your business data. Maybe this "investigation" of Huawei in the Congress should actually put all of these critical pieces of consumer, business and government infrastructure through independent analysis to give the buyers some reasonable assurance that they are not buying something that could easily leave them open to espionage or attack.
  • How to be sure you are secure

    Build your own router security device. A computer gateway between you and the internet (I suggest a Linux box but you may use Windows if you trust it) with all traffic going through it via a proxy. Put a good firewall on it and there you go not relying on someones backdoored router for your security. Then put a good dumb switch on the inside and secure. Patch that computer religiously.
    I recommend Linux because you can strip it down to the barest of bones and if you are paranoid you have the code. For stuff that needs to be really secure put it behind another firewalled system. And for the really really must be secure at all costs, air gap or one way glass. (If you don't know either of those terms and your security people don't know both of those terms then hire better security people.)
    I use one-way-glass.
    • great for you

      Most people could have the code and not have a clue what to do with it. It must be good to be you.
      • Most people could have the code and not have a clue what to do with it?

        This topic is not for most people though, so, if you don't get it, then move on.
        • What about everyone else?

          I think that is the point of the article. Who do you trust? I can build my own the same way I can build my own house, but we are supposed to get efficiency through specialization, so we don't.
    • Build your own...?

      Might help you at the local level, but what about the traffic (your traffic) that passes through your ISP's and all other ISPs' networks and backbone providers.
      On the other hand, are we so paranoid, should we just roll along, or should we actually go so far so we encrypt all traffic end-to-end?
  • Curious!

    Odd that Hawei is being picked on this week. Especially as I doubt if there is any networking kit out there with security faults - I doubt if any network connected equipment is truly secure.

    I wonder who pays for Felix Lindner's services. And I wonder is Cisco's kit has back doors accessible by a certain government - especially routers in nuclear processing facilities in Iran.

    I think we should be told.
    • just wait

      A certain government committee will be issuing the full report on you next week.
      • But immediately...

        ...they'll be collecting information on you vis a certain government agency know quaintly as the IRS (America's Gestapo).
    • Yeah, they're just being picked on.

      "Odd that Hawei is being picked on this week."

      Yeah, nothing to see here. Why should this concern anyone? This article is just *unfair*.

      Unless you read the article, that is. Truly an appalling level of non-security.

      A paranoid China not only snooping in on all that traffic, not to mention active cyberattacks originating from China, should get them picked on. Big time. And more often.
      • Maybe they would not care so much

        if the Hawei was not linked to the Chinese military. Then again, it's China. If the government wants to build in backdoor code, they're going to do it. I wonder if anything has been slipped into Apple products?