
Automated scanners looking for vulnerabilities in Huawei firmware - octosphere
https://breakingdefense.com/2019/07/hunting-huaweis-hidden-back-doors/
======
rossdavidh
So, I can totally believe that the Chinese government instructed their tech
companies to put back doors in their equipment (not least because the U.S.
government almost certainly ordered U.S. tech companies to put back doors in
software sold into China). But, it is a little odd that the article headline
is about Huawei, but the re-appearing backdoor that "just screams
malicious"...was not in a Huawei device. Maybe both "Huawei is really bad at
security" and "Security camera company you've never heard of installed
backdoor in their device's software" are not very clickable headlines?

Again, I totally could believe that Huawei, or any other Chinese tech company,
would do this if told to by the Chinese government (again, because U.S.
companies almost certainly do it when told to by the U.S. government). But,
that's not even what the article (as opposed to the headline) is alleging.

------
Neil44
Running some kind of automated analysis on the firmware and reporting
vulnerabilities is a long way away from ”Huawei’s hidden back doors found”.

~~~
darawk
While that's true, the correct way of creating deniable backdoors is to simply
write insecure code. The best way to detect something like that is essentially
what this article tries to do: a comparative analysis of vulnerability
frequency. It doesn't do a great analysis, but it is the correct approach to
thinking about the problem.

~~~
eli
That’s conspiracy theory logic. The fact that it doesn’t look like a backdoor
is evidence that it’s a backdoor? It is impossible to disprove something like
that.

~~~
inferiorhuman
What of this:

 _Dahua at first ignored ReFirm’s inquiries, then claimed the vulnerability
was a simple error that had been fixed in the latest update. But when ReFirm
looked through the updated firmware, they still found the same backdoor — just
relocated in a different place in the code. (Huawei had done the same thing)._

------
robocat
"found the average device had 102 vulnerabilities, at least a quarter of them
severe enough to let a hacker get full access easily. That’s much more than
comparable Western products"

Why not compare against comparable Eastern products? Were the Western products
more expensive?

The article reeks of hatchet job to me.

I did a quick search to try and find the referenced Huawei backdoor they
discovered had been "moved", but I couldn't find anything... Can anyone else
find something about it?

Edit: I think it is obvious the Chinese government would have backdoors, but I
also think they won't be obvious (the Chinese NSA are not stupid). These
security issue are just bad code, not strategic.

------
rexarex
This article quickly turned into a puff piece for ReFirm

------
ary
> Dahua at first ignored ReFirm’s inquiries, then claimed the vulnerability
> was a simple error that had been fixed in the latest update. But when ReFirm
> looked through the updated firmware, they still found the same backdoor —
> just relocated in a different place in the code. (Huawei had done the same
> thing).

Regardless of which vendor we're talking about I fear that this simple
admission of human error is going to repel any improvement justified by
technological means. It is extremely easy, and entirely believable, to
continuously blame human error, "junior devs", management, etc in the face of
any discovered vulnerabilities.

The value of automated detection is to hopefully fuel a real boycott and/or
government ban. I'm not specifically calling out Huawei here because I think
it's entirely reasonable for other countries to do the same thing to U.S.
companies. Hitting offenders in the only place it hurts, the bank account, is
probably the only way inhibit this behavior.

------
gjsman-1000
Well, not intentional (except for that camera company), but should we be using
Huawei when that expert described it as "some of the worst [most exploitable]
equipment I have ever worked with."?

We might as well make sure that it's relatively secure regardless of politics.

------
curiousgal
Ah yes, a network device vendor with serious vulnerabilities, that's new...

------
mooneater
This is how they describe their security system:
[https://finitestate.io/product/](https://finitestate.io/product/)

Would love more details on how it works

------
choeger
So the theory is that chinese vendors put existing exploits into their
firmware deliberately? That seems rather hard to believe. Would it not be much
simpler to create a few new holes?

~~~
darawk
What do you mean by 'existing exploits'? It seems like they are accusing them
of writing insecure code on purpose, which is exactly how i'd go about
inserting a backdoor if I were going to do it.

~~~
droithomme
That is correct because plausible deniability is very important.

However writing insecure code is also the defacto standard across industry,
definitely including in the US.

If we accept this as proof, then Microsoft, Google, Facebook, etc, (all the
way down like the turtles, until we hit every one man company) are all
government controlled corporations deliberately installing sneaky back doors
through security vulnerabilities in code, which cleverly simply look like
incompetent programming.

~~~
darawk
That's right, but I think the article is asserting that:

a) The vulnerability density is much higher in Huawei's code.

b) When vulns were reported to them, they simply moved them to another
location, rather than actually patch them.

Those are the things that I consider to be (weak) evidence that they are
backdoors.

------
DiogenesKynikos
Notably _not_ in this article: any Huawei backdoors.

"Backdoor" implies malice. What this article is about is "vulnerabilities,"
also known as "bugs." The moral panic continues unabated.

~~~
robocat
"But when ReFirm looked through the updated firmware, they still found the
same backdoor — just relocated in a different place in the code. (Huawei had
done the same thing)."

I'm not sure what event they are referring to for Huawei.

Edit: I followed the first reference I found, and ended up at:
[https://www.pcworld.idg.com.au/article/543641/netgear_patch_...](https://www.pcworld.idg.com.au/article/543641/netgear_patch_said_leave_backdoor_problem_router/)
perhaps because owned by Huawei or person referenced Huawei when they meant
Netgear?

