An US-based firmware and IoT security solutions provider, Finite State, published a report stating that they’ve identified several vulnerabilities in Huawei’s equipment and that it consists of many potential backdoor. The company’s devices are said to be less secure as compared to the products of other vendors.
The thought that the Huawei equipment including the devices that would support the future 5G networks may contain backdoors that would help Chinese government in spying, concerns the United States and some European countries.
Huawei has repeatedly denied such accusations, while other companies and organizations such as Facebook, Google and research universities ended their ties with them Chinese telecom giants.
The evidences provided by the authority to support the claim of Huawei facilitating Chinese government in spying were little so Finite State conducted a detailed analysis of Huawei’s range of products to know what kind of risk their usage could result in. An automated system was used by the company which analyzed over 10,000 firmware images for a total of its 558 products.
It was stated that half of all firmware images had at least one backdoor. Not only this, 29% of the tested devices had default username and password set in the firmware at least once, and many were shipped with their default root user passwords which could lead to malicious access. Hardcoded SSH keys were also found in 424 firmware images, which could be used for Man-in-the-middle(MITM) attacks.
Over 9000 critical flaws were discovered during this research in the tested firmware. Finite State analyzed Huawei’s network switches along with other vendor’s products, although rival products also had few vulnerabilities but Huawei’s product seemed more problematic.
The firm also compared the firmware images with different version hoping that the company would have released a newer version with fewer flaws but it was notice that the newer versions consisted of more vulnerabilities and exposed crypto keys hence worsening the security.
“Despite Huawei’s claims about investing in security, they appear to be behind the rest of the industry in almost every respect. This overall weak security posture is concerning and obviously increases the security risks associated with use of Huawei devices,” said founder and CEO of Finite State.