Connect with us

Cars

Huawei security: Half its kit has ‘at least one potential backdoor’

Published

on

Huawei ban: Winners, losers, and what’s at stake (a whole lot)
ZDNet’s Jason Cipriani and Jason Perlow talk with Karen Roby about how the security and trade brouhaha impacts everything from the future of regional carriers and the bottom lines of tech giants to 5G’s prospects and consumer’s pocketbooks. Read more: https://zd.net/2WzVRbq

On the heel of news that suspected Chinese state-sponsored hackers broke into telecom giants through IBM and HPE, researchers have revealed that over half the equipment from China’s telecoms giant, Huawei, has “at least one potential backdoor”. 

Researchers from IoT security firm Finite State have given a scathing assessment of the state of security in Huawei’s networking device firmware, arguing “there is substantial evidence that zero-day vulnerabilities based on memory corruptions are abundant in Huawei firmware”.

“In summary, if you include known, remote-access vulnerabilities along with possible backdoors, Huawei devices appear to be at high risk of potential compromise,” the firm wrote in a new report. 

The conclusions echo recent comments by the Ian Levy, technical director of the UK’s National Cyber Security Centre (NCSC), a unit of spy agency GCHQ.

After assessing Huawei equipment over concerns its 5G gear could be used by China to spy on the country, Levy said Huawei security was “objectively worse” and “shoddy” compared with that of rivals, which include Ericsson, Nokia, and Cisco. 

The report on Huawei firmware security also follows one from Reuters on Wednesday revealing that hackers known as Cloud Hopper, who were allegedly working for China’s Ministry of State Security, hacked Ericsson, Fujitsu, Tata, NTT Data, Dimension Data, CSC, and HPE spin-off DXC Technology. The hackers broke into the companies via managed IT service providers HPE and IBM. 

Finite State said in its report that, despite Huawei’s public commitments to improve security, the analysis revealed Huawei’s “security posture” is actually “decreasing over time”.

“From a technical supply-chain security standpoint, Huawei devices are some of the worst we’ve ever analyzed,” the company wrote. 

It says it has analyzed 1.5 million files within about 10,000 firmware images that are used across 558 Huawei enterprise networking products. 

More than 55 percent of firmware images have at least one potential backdoor, according to Finite State. The flaws include hard-coded credentials that could be used as a backdoor, unsafe use of cryptographic keys, and indications of poor software development practices.

However, it should be remembered that even US tech firms, such as Cisco, regularly fix backdoor accounts in their equipment.    

Finite State nonetheless found that on average there are 102 known vulnerabilities in each Huawei firmware image, along with evidence of numerous zero-day vulnerabilities. 

One of the key problems Finite State found lies in Huawei’s use of and failure to update open-source software components, in particular OpenSSL, a widely-used cryptographic library for shielding communications on the web that’s used to enable HTTPS on websites. As with smartphones, customers using networking equipment rely on vendors to deliver security updates to those components. 

It found that the average age of third-party open-source software components in Huawei firmware is 5.36 years and says there are “thousands of instances of components that are more than 10 years old”. 

The oldest version of OpenSSL contained in Huawei firmware was released by the open-source project in 1999. The company said it found 389 binaries on Huawei firmware that were vulnerable to Heartbleed, the critical bug disclosed in 2014 that allows an attacker to steal email and other communications that would normally be protected by the Transport Layer Security protocol.     

Huawei was not available to respond to the report or dispute the security firm’s conclusions at the time of publishing. The story will be updated if Huawei responds.

More on Huawei and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Today’s Wordle Answer #472 – October 4, 2022 Solution And Hints

Published

on

The answer to today’s Wordle puzzle (#472 – October 4, 2022) is bough, which is what you call a branch, especially the main branch, of a tree. The word bough has roots (no pun intended) in the Old English word “bōg,” which means shoulder, similar to Old High German’s “buog,” which means the same thing (via Etymonline). There’s a popular Roman myth about the Golden Bough, which is a tree branch with golden leaves that enabled the trojan hero Aeneas to travel safely through the land of the dead. 

We solved the puzzle in three tries today, kicking things off with an expert-endorsed starter word, slate. We tried the word brush next, which turned out to be a really lucky guess with three green tiles. The answer was apparent by the third guess, and since we also solved the puzzle in three guesses yesterday, that begins a three-try streak that we hope we can continue tomorrow!

Continue Reading

Cars

How To Display iPhone 14 Pro’s Dynamic Island On Any Android Device

Published

on

You can also choose whether to display the cutout at the center of the display (for hole-punch cameras on the center of the display) or on the left for cameras placed in the corner. Remember that as you increase or decrease the cutout size, the icons shown in it will also scale to match. Thankfully, the app gives you a preview of the cutout when you are changing the settings.

You can also modify gestures such as single tap or long press. Dynamic Spot also allows you to change the default time, after which the pop-up automatically disappears. Additionally, you can fiddle with a lot of appearance-related settings, such as the animation when the Dynamic Island clone pops up or unfolds.

Just as on the iPhone 14 Pro, the Dynamic Spot on your Android app will show the app icon when a new notification arrives. You may selectively choose which apps display the notifications or allow all apps of them. You can also tap on the app’s icon to open the notification or long-press the icon to preview the notification.

Continue Reading

Cars

The 10 Wildest Features Of The Mercedes Maybach Off-Roader

Published

on

Sustainability is a word on every car manufacturer’s radar right now, with more focus being given to the idea of eco-friendly vehicles than ever before. The Off-Roader plays into that theme by featuring a prominent set of solar panels mounted on its hood, which could be used to generate power to extend the range of the car. It’s worth pointing out that this is all hypothetical, as the show car is non-functional, and has no drivetrain. Mercedes is keen to stress, though, that if the car did have a drivetrain, it would be all-electric, although no detail is given on the power or range that would be available to drivers.

The solar panels are interwoven with yet more Maybach logos, and their tinted finish makes them blend in almost seamlessly with the rest of the hood. It’s been pointed out by industry analysts that adding solar panels to cars is not always as environmentally friendly as it might seem, as the panels are only able to generate a very small amount of power. That power can easily be consumed by the added A/C strain caused by parking a car out in the sun all day to charge it. Car-mounted solar panels might be a flawed idea in practice, but even so, it’s interesting to see how Abloh was able to inconspicuously add them in without compromising the overall look of the car.

Continue Reading

Trending