TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Report on the technical vulnerabilities found in Huawei 5G [pdf]

154 pointsby UkiahSmithalmost 6 years ago

12 comments

Noxmilesalmost 6 years ago
&quot;On dozens of occasions, Huawei engineers disguised known unsafe functions (such as memcpy) as the “safe” version (memcpy_s) by creating wrapper functions with the “safe” name but none of the safety checks. This leads to thousands of vulnerable conditions in their code.&quot;<p>Things like this everywhere. Just stupid programmers or method?
评论 #20422153 未加载
评论 #20426785 未加载
评论 #20425826 未加载
评论 #20423589 未加载
评论 #20421813 未加载
评论 #20425347 未加载
评论 #20423154 未加载
评论 #20426205 未加载
评论 #20421807 未加载
heisenbitalmost 6 years ago
It seems odd to have a report with a 5G label and then find information in it about core routers. Yes they play a part but it strikes me as odd that there is no focus on mobile switching, gateways, HLRs, signaling vulnerabilites etc..<p>When looking at the boxes they compare:<p>Huawei: CloudEngine 12800 scales up to 2000 * 25GBit or 500 * 40GBit Juniper: EX4650 Ethernet Switch scales up 48*25GBit<p>With all due respect but this is comparing apples with orange seeds. A carrier class switch is more complex than an enterprise switch and has a much larger attack surface.
评论 #20423326 未加载
评论 #20425214 未加载
joshgelalmost 6 years ago
&gt; While we cannot prove malicious intent through a technical analysis, we can concretely state that 55% of tested devices had at least one potential backdoor
评论 #20421390 未加载
dade_almost 6 years ago
Not since the days of Microsoft astro-turfing have I seen such a campaign against a tech company. Some of these metrics are very subjective and I&#x27;ve seen so many bone-headed security bugs in equipment over the years (Cisco, Nortel, TP link, Dlink...) that I really have difficulty believing the narrative of state sponsored malice.<p>Regardless, Huawei needs to clean up their practices. Ineptitude isn&#x27;t a defense and this level of sloppiness is unacceptable; We have too much at stake with these essential networks, and I think legislation of security practices and standards in these products should be considered.
评论 #20426671 未加载
Shankalmost 6 years ago
Some of these items seem like they need more analysis, and that the report was rushed. We agree as a community that hard coded default passwords are bad when unchanged, but that implies that the device doesn&#x27;t require them to be changed on first boot. Basic setup processes often require these credentials to change after the first provision.<p>I would expect a report which produces claims about such comprehensive backdooring and negligence to at least demonstrate how that behavior would play out in the real world. It seems much more like they did static analysis of the binaries, identified any strings with default passwords, and then reported on them. That&#x27;s okay to do, but you can&#x27;t conclude that&#x27;s a problem until you confirm shoddy behavior after provisioning and deployment in practice.
TedTschoppalmost 6 years ago
The process and practice findings are the most damning in my opinion. This isn&#x27;t a opps we were rushing to market, this is a problem with values and in my mind damns the whole organization.
评论 #20422399 未加载
ru999golalmost 6 years ago
The huawei user account hardcoded in the firmware that has sudoers permissions for insmod&#x2F;modprobe is really blatant. I would have guessed the Chinese would at least attempt to hide their way in?<p>So they sell enterprise infrastructure equipment with such an obvious backdoor? It seems the US boycott of Huawei was fully justified after all, I didn&#x27;t really believe them.
评论 #20422366 未加载
评论 #20423353 未加载
majiaalmost 6 years ago
The report says that Huawei devices have unsafe functions like “memcpy” and &quot;strcpy&quot;. Is this a coding preference or dangerous practice? To what extent can these examples reflect on code quality?
评论 #20421946 未加载
评论 #20421796 未加载
评论 #20421729 未加载
评论 #20421762 未加载
bifrostalmost 6 years ago
I&#x27;m so glad this isn&#x27;t about how &quot;5G is dangerous zomg&quot;.<p>We&#x27;re lucky to get this sort of report!<p>(In case you were looking for an article about the safety of 5G -&gt; <a href="https:&#x2F;&#x2F;medium.com&#x2F;@tomsparks&#x2F;is-5g-dangerous-405a19e9ea88" rel="nofollow">https:&#x2F;&#x2F;medium.com&#x2F;@tomsparks&#x2F;is-5g-dangerous-405a19e9ea88</a>)
elmo2youalmost 6 years ago
It&#x27;s hard to say to which extend this &quot;assessment&quot; is honestly backed by solid evidence, or if it was written first and foremost for political reasons. The broad claims, apparent lack of factual evidence (only statements about what has been discovered), and rather overarching nature of the whole report, sure do suggest it could be the latter. Pure speculation on my own part, of course.<p>I have not gone through the full report (yet), but while reading just a few sections my sales-pitch-bullshit-meter went on full tilt, at least a few times.<p>The timing of this report is also peculiar, to say the least. Who is Finite State? What is their track record, to date? Who owns the company? What business relationships&#x2F;interests do the company and its owners have?<p>Yes, I realize&#x2F;know these are suggestive questions. Questions that should nonetheless have satisfying&#x2F;assuring answers, in order take this report seriously.<p>There&#x27;s a lot at stake here, so at least examining the validity of this report&#x2F;summary isn&#x27;t just a luxury.<p>Are the factual findings behind this report publicly available?
评论 #20422092 未加载
Kenjialmost 6 years ago
<i>• 29% of all devices tested had at least one default username and password stored in the firmware, enabling access to the device if administrators don’t change these credentials.<p>• We identified 76 instances of firmware where the device was, by default, configured such that a root user with a hard-coded password could log in over the SSH protocol, providing for default backdoor access.<p>• 8 different firmware images were found to have pre-computed authorized_keys hard coded into the firmware, enabling backdoor access to the holder of the private key.<p>• 424 different firmware images contained hardcoded private SSH keys, which can enable a man-in-the-middle to manipulate and&#x2F;or decrypt traffic going to the device.</i><p>What a witch hunt... This is state of the art in the industry. Everybody does it like that. No intelligence agency has to be involved at all, it&#x27;s basic negligence. If you&#x27;re behind a NAT, your device is unlikely to be attacked via these vectors.
评论 #20421641 未加载
评论 #20423119 未加载
评论 #20421507 未加载
评论 #20421575 未加载
ngcc_hkalmost 6 years ago
It is not the bug now but bug in the future. It is whether you can trust a country that respect nothing human.<p>Can you even a campaign against anything once they take over your information infrastructure.<p>Yes NSA may do it but cf NSA with PLA ... what is your leverage. Hear of the word totalitarian...