Two words: plausible deniability.<p>Those techniques used in Huawei's driver are pretty unusual. I wonder if there's a chain of vulnerabilities from other components, including those that see network data.<p>Disclaimer: My dayjob includes writing Windows kernel drivers.
> To perform that restart, the driver injected code into a privileged Windows process and then ran that code using an APC—a technique lifted straight from malware.
> Why Huawei chose this approach is not immediately clear, as Windows has as a built-in feature the ability to restart crashed services. There's no need for an external watchdog.<p>Yes. How weird. An unusual and vulnerable technique was used that also gave plausible deniability?