I’ll start off with the good news: Huawei has patched their software. If you own a Huawei Windows machine, apply the latest security update and this security flaw won’t affect you.
Now the bad news. Huawei Matebook machines running Windows had a driver that made Huawei computers vulnerable to incredibly deep level attacks. An attacker could gain access to just about anything in storage or memory, run injected code at the highest levels, and gain access to anything in a system. This is because Huawei used techniques only seen in malware for one of their “features.” Could the company have intentionally opened up a backdoor into their systems? The U.S. government believes they could have.
Here’s how Microsoft caught Huawei’s highly unorthodox software, and what it could mean for Huawei.
How Microsoft Caught Huawei
Microsoft saw something suspicious. What appeared to be malware was copying information from low level registries, protected areas of the machine, into the user space, less protected areas. It was also injecting code from that less secure user space into the lower level kernel space. This means that something that should not have high level security access was gaining that access. It was copying information as well as writing it. This is a primary tactic of malware. Microsoft had caught a huge security vulnerability using their heuristics program.
That vulnerability was Huawei’s drivers.
Huawei’s Drivers
Huawei claimed it was only for their (completely unnecessary) process restarting program, but it left the system vulnerable. Someone, such as anyone at Huawei, could have taken advantage of this security vulnerability. It’s as though Huawei made a feature that seemed useful, to anyone who doesn’t know that Windows already restarts crashed processes, as an excuse to leave a back door into their computers. A backdoor that only they knew about. Huawei could have intentionally created a way to access any of their computers.
What other reason could they possibly have for using malware tactics to duplicate an existing Windows feature? The programming effort to create this would take significant time and was unnecessary for Huawei’s claimed purposes. Why bother unless you had ulterior motives?
What this Means for Huawei
The Five Eyes security groups have warned against using Huawei technology due to security and privacy concerns. The U.S. has banned use of Huawei technology based on national security concerns, a decision that Huawei has sued over, but will likely lose, especially considering Huawei’s security vulnerabilities as well as violations of U.S. sanctions.
Huawei is trying to convince the world that their technology is secure and that they don’t give data to the Chinese government. With each passing scandal, that claim becomes less believable.
Source: Peter Bright, ArsTechnica