
A Huawei driver that opened systems to attack - Deinos
https://arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/
======
vardump
Two words: plausible deniability.

Those techniques used in Huawei's driver are pretty unusual. I wonder if
there's a chain of vulnerabilities from other components, including those that
see network data.

Disclaimer: My dayjob includes writing Windows kernel drivers.

------
hactually
> To perform that restart, the driver injected code into a privileged Windows
> process and then ran that code using an APC—a technique lifted straight from
> malware. > Why Huawei chose this approach is not immediately clear, as
> Windows has as a built-in feature the ability to restart crashed services.
> There's no need for an external watchdog.

Yes. How weird. An unusual and vulnerable technique was used that also gave
plausible deniability?

~~~
mises
Gee, you aren't implying that Huawei would do something bad, are you? You
aren't implying that they don't take their user's security seriously, are you?
You aren't implying that they could be dropping (very sloppy) back doors into
stuff, possibly at the behest of Beijing, are you?

/s

------
MagicPropmaker
Good for Microsoft and their toolchain for finding this. They take security
seriously.

~~~
powerapple
Yes, they made a system as a market for their security tools :)

------
ancorevard
Super surprised to hear it was Huawei that accidentally did this.

