Hack In The Box: researcher reveals ease of Huawei router access

Researcher Felix "FX" Lindner has just revealed to attendees of his talk at security conference Hack In The Box how easy it is to gain access to Huawei routers and telco equipment, spelling out how backdoor access is not necessary if an attacker wants to get in and access traffic that runs through them.

He told the packed room in Kuala Lumpur, "I don't know if there are backdoors - but it doesn't matter since there are so many vulnerabilities."

More from Hack In The Box:

• iOS 6 jailbreak near - watch jailbreak panel livestream
• Pirate Bay MIA, Chrome vulnerability found

Lindner showed that code running the routers - used by billions worldwide - is shockingly dated and riddled with security holes. While he says he has not found any new vulnerabilities per se, he says he has discovered some revelatory "special features."

These "special features" include the telco's bootloader protection - where one would set a password to protect against loading new software. 

Huawei's bootloader protection apparently has a static password across the board in its routers that can't be disabled - though physical access is key to the attack.

Lindner had a slide with examples of actual current Huawei router passwords, with amusing words such as "supperman."

See also: More transparency needed from Chinese tech vendors | US report catalyst for complaints against Huawei, ZTE | The Huawei dilemma: Should the UK be worried? | Huawei fires back at Congress: 'Customers know and trust us' | Can Huawei crack the U.S. data center market?

There were more revelations in Lindner's talk, including the fact that if you have a home Huawei router that your ISP doesn't want you to have access to, all you need is a serial cable.

Unbeknownst to nearly everyone, three representatives from Huawei were in the audience. They were not amused and left the talk quickly the minute Lindner concluded.

Lindner made headlines after Defcon in July when he presented a talk showing Chinese Huawei routers to be so riddled with security holes that they were fairly trivial - potentially ideal - for attackers to reconfigure, intercept, monitor and alter all traffic that runs through them.

Chinese Huawei routers are used by billions of people worldwide, Huawei is the second-largest telecommunications firm in the world and it is considered the fastest-growing router manufacturer in the world.

This Monday Congress issued a report raising concerns about national security in relation to Huawei's suspected role in using technology to help the Chinese government expand its overseas spying operations. 

The House Intelligence Committee released the findings Monday and has urged U.S. companies doing business with Huawei to use another vendor.

The Atlantic reports,

An October 8 House report held that Huawei and ZTE "failed to provide evidence that would satisfy any fair and full investigation" into their ties to Chinese intelligence-gathering operations, and recommended that both U.S. government entities and private enterprises avoid doing business with the two given "long-term security risks."

Ancilliary national security threat documentation for Congress' statements is currently held in a classified report - the results of a yearlong congressional probe.

Huawei's reaction to the report's conclusions has been a warning of reprisal according to statements made by its Vice President of external affairs, William Plummer.

The Chinese government has lashed out at the U.S. government report with a Chinese minister calling it "groundless accusations."

When Computerworld spoke with Lindner before his talk today they went on to report:

The accusations contained in the report are broad and unspecific.

Lindner said the report is "lacking truth in data," which is exactly why he tears apart millions of lines of router code looking for security problems.

With Huawei, he's found plenty.

In July just before Felix Lindner announced his findings on the Huawei routers, a former Pentagon analyst reported that the Chinese government has "pervasive access" to around 80 percent of the world's communications (and wants more), saying Huawei was complicit in this telecom backdooring.

After Defcon, Lindner told c|net that the Chinese government didn't need backdoors with Huawei's routers acting essentially as a network's man-in-the-middle.

When news of Lindner's discoveries went public after this July's Defcon hacker conference, Huawei went on the defensive and issued a statement saying the claims had yet to be verified.

Lindner runs Berlin-based security consultancy Recurity Labs.

I spoke to Lindner just after his talk and asked about Huawei's huge router problem and its surveillance-friendly, dated code - and how the issue might be solved.

Lindner told me,

"I don't think this was something that was done with intent. I believe the static passwords were to simplify customer service and easier for mass support calls."

On a wider level, Lindner believes that what's needed at Huawei is a consciousness shift in regard to approaching security and adopting security best practices.

He said,

"They need to understand security best practices as a global player, they need to have have secure coding developer practices. The consciousness shift to upgrade security practice is huge but necessary - Microsoft did it.

The question is how far are they willing to go to convince the public they care? It's also an image problem.

They will need to approach it as a long term issue that needs to be solved."

However he explained,

"They should be able to patch it - update the bootloader - because the images for larger machines carry bootloader updates with them. I haven't tried this but I assume this is how it would work."

Whimsically he added, "Tell your mom to do a bootloader update."

Meanwhile, today the Washington Post reported that Cisco has sent a document to telecom companies stating:

Fear of Huawei spreads globally. Despite denials, Huawei has struggled to de-link itself from China’s People’s Liberation Army and the Chinese government.

Huawei is Cisco's biggest competitor.

Needless to say, what Lindner has revealed at Hack In The Box today is a serious issue for all users of Huawei products.