
NSA-style backdoor in Huawei laptops found by Microsoft - DyslexicAtheist
https://www.scmagazineuk.com/nsa-style-backdoor-huawei-laptops-found-microsoft/article/1580647?_hsenc=p2ANqtz-_qxEmmizNitJJhfiZVUhUFzBcCpckx0qp3FVFgtxqvB-oI6VMakcjZyItsxSy4F3pbJkQWc2KzjwrTLAEzbxo3DIXFrA&_hsmi=71312471
======
mikejb
For the record, this is the article from Microsoft Security:

[https://www.microsoft.com/security/blog/2019/03/25/from-
aler...](https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-
driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-
escalation-flaw/)

~~~
Someone1234
Where they don't describe it as a "backdoor." Simply what it is: A local
privilege escalation in a driver.

Privilege escalations aren't that rare unfortunately. Kind of cool that ATP
might be able to detect some of them going forward, particularly in drivers
that are often black-boxes.

~~~
wallace_f
I have no expertise in security. Why could nation states not just build their
backdoors this way? What's the difference?

~~~
Someone1234
This isn't a backdoor, nation state or otherwise. LPEs are super boring and
common, there's often several a month discovered on Windows (inc. third party
services/software/drivers/etc).

For it to be a backdoor it would typically need to facilitate the ability to
access the system itself (e.g. Remote code execution, hidden credentials,
etc), but even then intent is implied with the word which we simply don't have
here.

Plus it LPEs aren't as powerful as they once were. Most of the good stuff is
now running in userspace, the only thing a LPE grants you is persistence.

To give you an idea of how overblown this is: HP used to run a local webserver
as SYSTEM (highest priv) which any webpage could call via iFrame to execute
local commands. I don't consider that a backdoor either, even though that
issue is ten times more serious than this one.

------
ssnistfajen
>Upon investigation, researchers found a driver containing components that run
with ring-0 privileges in the kernel.

>"We traced the anomalous behaviour to a device management driver developed by
Huawei," researchers said in the post. "Digging deeper, we found a lapse in
the design that led to a vulnerability that could allow local privilege
escalation."

>Researchers who reported the vulnerability to Huawei said the company
responded and cooperated quickly and professionally. A patch was released
earlier this year on 19 January.

A rather clickbait-y title for what actually happened. Of course though,
rehashed old news is great for harvesting karma when it's the right bogeyman.

~~~
djsumdog
I wonder what the lapse in design was. It'd be nice of Huawei disclosed what
type of security vulnerability it was and how they fixed it.

~~~
criddell
Maybe they named the key _NSAKEY which created a namespace collision with a
totally non-NSA key that Microsoft added years ago.

Just in case you hadn't already seen this:

[https://en.wikipedia.org/wiki/NSAKEY](https://en.wikipedia.org/wiki/NSAKEY)

~~~
zigzaggy
Thanks for this new information.

It’s especially hilarious that Mr. Campbell was accused of being a conspiracy
theorist for thinking _NSAKEY would be exactly what it sounds like.

Even better, it turns out the key WAS for the NSA (!) “because the NSA is the
technical review authority for U.S. export controls.” How convenient.

Sorry I’m not buying it. I worked in .gov contracting long enough to smell a
cover story.

~~~
ryanlol
Well then, get your disassembler out and find the evidence of this backdoor
nobody else has managed to find in the past two decades.

The whole NSAKEY story is a laughable fabrication, nobody has ever described
the mechanism by which the backdoor is supposed to work. This should be a
trivial exercise.

------
KerrickStaley
The title of this article is misleading. "Backdoor" implies a deliberate
mechanism built into the software, but here there's no evidence that the
vulnerability wasn't simply a mistake.

~~~
jtr_47
I believe any piece of hardware that is sold local or internationally has a
backdoor of some kind for government access. There are no mistakes. No company
will say this, due to "laws" or "NDA" from a government that prevents the
company from discussing these "mistakes."

~~~
ma2rten
Do you have any evidence for this claim?

~~~
kekebo
It's generally hard to come by, leaving lots of room for assumptions. There
was evidence of NSA tampering with ordered hardware in transit in the Snowden
files, next to indications / speculations around certain cisco routers and
even more about Intels Management Engine. But despite the last two being
probable candidates I can't recall hard evidence for them.

~~~
lawnchair_larry
Targeted interdiction is a far cry from what the parent comment alleges.
Targeting shipments to backdoor or bug an item quite obviously happens
everywhere in the world and has since the dawn of time.

The Snowden files said nothing about Intel’s ME. That isn’t a backdoor either.
It’s a great place to put one, but there are lots of great places to put
backdoors, and that doesn’t mean that’s what the manufacturer is doing.

------
AJRF
The past few articles i've read about Huawei - (The British Code review
article from the Register and this) make it sound like the US is dressing what
is actually incompetence as malicious intent because

a) Trade war

b) Chinese boogeyman makes US companies look better?

The double-think of the rhetoric against Huawei is staggering considering US
programs like Prism were state-mandated data collection at a massive scale
against private citizens and a secret courts program to access private sector
companies data on those same citizens.

~~~
saas_sam
Slight difference in that the Chinese government routinely disappears
political dissidents while in the U.S. we give them talk shows.

~~~
wallace_f
Ok granted China is light years behind the US, but we also have some crazy
stories.

A Dakota Pipeline Protests journalist was stopped at the US border, "raising
press freedom alarms."(1) Laura Poitras, Greenwald, Ladar Levison have been
obviously victims of ill will from US authorities. Of course, don't forget the
"get Gary Webb team" of industry experts the CIA watched over, which set out
to "we're going to take away his Pulitzer."(2) Non-radical political parties
are swat raided, intimidated, and silenced by secret courts in the US(3).

Of course this is just the start to a very long list. But comments which
suggest everything is fine in this regard really worry me, as someone who
loves America and its values.

1-[https://www.nytimes.com/2016/12/02/business/media/canadian-j...](https://www.nytimes.com/2016/12/02/business/media/canadian-
journalists-detention-at-us-border-raises-press-freedom-alarms.html)

2-[https://theintercept.com/2014/09/25/managing-nightmare-
cia-m...](https://theintercept.com/2014/09/25/managing-nightmare-cia-media-
destruction-gary-webb/)

3-[https://youtu.be/M31ZCh1VeX8](https://youtu.be/M31ZCh1VeX8)

~~~
saas_sam
Yes and I am glad to live in a country that publishes about such infractions
wherever they are found to occur.

~~~
wallace_f
Me too. Point is, if you look at those examples, that line is in danger.

------
shawnz
Fearmongering. They clearly state in the article that there is no evidence
that this is a backdoor. There is no new information here compared to the
detailed writeup which was already posted here last week.

~~~
sjroot
Can you link to the article you are referring to?

Edit:
[https://news.ycombinator.com/item?id=19567399](https://news.ycombinator.com/item?id=19567399)

------
AYBABTME
The real problem here isn't that this company is Western or from China, it's
that all this stuff relies on trusting humans to have done due diligence on
our behalf, without having means to verify. It's closed source junkware on a
closed source OS.

------
cjbprime
Flagged for title: there's no evidence it was a backdoor rather than some
subtly insecure driver programming.

------
haberman
Is this any different than any other jailbreak bug that has ever been
discovered?
[https://en.wikipedia.org/wiki/IOS_jailbreaking#History_of_ex...](https://en.wikipedia.org/wiki/IOS_jailbreaking#History_of_exploit-
disabling_patch_releases)

------
alexeiz
I'm shocked, shock to find all the hacking going on here!

Seriously, I'm not even surprised. Whether it's intentional or not doesn't
matter. Huawei pays a lot for advertising to all popular laptop reviewers on
Youtube. But I'm not even considering buying Huawei laptops because I'm pretty
sure it's full of crap like this.

------
everdrive
What exactly is an "NSA-style" backdoor?

~~~
auiya
A click-bait phrase you insert in a headline when you want to be needlessly
hyperbolic and have no idea what you're talking about.

------
rrggrr
Amend US law so there is CIVIL LIABILITY for backdoors with substantial
statutory damages. The Tort bar in the US will make quick work of this and the
problem will diminish, possibly cease.

Also, while I'm at it, it would be nice if Unbox Therapy and other like it
would make mention of the Botnet threat in their product reviews.

~~~
ipsum2
> it would be nice if Unbox Therapy and other like it would make mention of
> the Botnet threat in their product reviews

Do you expect Youtubers to have a top-class security team to reverse engineer
firmware? This was discovered weeks/months later after the product was
released.

------
jchw
Is there any irony in describing it as an "NSA-style backdoor"? I mean, from a
context of fearing Chinese espionage. Not sure what my opinion is, but that
stuck out to me.

------
chapium
This is why government should use open source.

------
tedunangst
How many backdoor styles are there?

------
chris_mc
I guess this is "Red Scare 2.0"? Is it? I'm not sure whether to worry about
China or not, I feel like all my worry is driven by the political forces in
the USA and Europe rather than facts. It seems so one-sided that "China is
Evil" that I feel like I'm being duped. I love my Huawei watch, but I've
stopped using it because of the fear of spying, even if I don't have facts to
support the fear. I don't trust nearly any source to properly vet this
information, how can I? Is this all a ploy to take down China as a growing
world power to save the America-Europe hegemony? I feel like at this point, I
don't see a ton of difference between the two, both torture people (America's
war on "terror"), both are committing genocide (America's ICE separating
families), both are spying like crazy on the other, etc.

~~~
dlivingston
Despite the fervor, I haven't seen anything that indicates that Huawei is
necessarily malicious.

I have seen, though, many things that indicate that their dev practices just
plain _suck_ \- and that alone is enough for me not to buy their products.

EDIT: Also, that's a major false equivalence.

~~~
chris_mc
Yes their watch was okay but their software sucked. I think it's more likely
China has spies within Huawei rather than Huawei being a literal intelligence
operation. American engineers generally balk at inserting backdoors, why
wouldn't Chinese engineers?

------
seppin
What's the difference between a vulnerability shared with China's intelligence
agencies and a bug?

Deniability I guess. I guess US intel yelling at the top of their lungs this
has and will happen isn't enough for some.

------
ryanlol
NSA-style backdoor for LPE? Bullshit.

------
ProAm
I mean if the US government spies on us and we don't care, why would we care
if China does? Same same?

~~~
kansface
The US government spies on you to prevent the next 9/11 so it goes. China
spies on you to steal your IP to give to its native businesses. You should
probably care about the later far more than the former.

~~~
Jerry2
> _The US government spies on you to prevent the next 9 /11 so it goes. China
> spies on you to steal your IP to give to its native businesses._

NSA has also been caught spying for economic purposes. They were spying on
Brazilian oil giant Petrobras:

[http://g1.globo.com/fantastico/noticia/2013/09/nsa-
documents...](http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-
show-united-states-spied-brazilian-oil-giant.html)

