Researcher claims Huawei gear full of exploits

A German security researchers has warned that telecom company Huawei’s routers are full of vulnerabilities.

In an interview with CNET, security researcher Felix Lindner said that the routers are relatively cheap compared to others on the market, and as such they are becoming increasingly popular around the world. According to Lindner, Huawei VRP routers use “1990s style” code, meaning hackers could use known exploits to open up systems and effectively act as an administrator. 

When asked about the allegation that Huawei intentionally includes backdoors in its equipment, Lindner dismissed the idea: “They don’t need to,” he said, “you just need to have Huawei people running your network or help run your network – if you have so many vulnerabilities, they are the best form of attack vector”.

Despite Huawei’s attempts to ease US paranoia about its equipment being part of a China-sponsored coup, it seems the company will always arouse suspicion in some quarters. Whatever their intentions are, for now, ZTE and Huawei have to put up with a stigma that has been nailed to them by the west. 

Although the allegations are not about national security, China’s commerce ministry has recently felt compelled to stick up for Huawei and the other Chinese networking giant, ZTE, against the EU. Meanwhile, US House of Representatives’ Intelligence Committee panel chairman, Mike Rogers, recently publicly worried that Huawei and ZTE equipment could be designed to steal information or “establish the ability to do cyber attacks”.  He also believes the Chinese government provides subsidies, so the equipment can be sold at a cheaper rate.

A spokesperson for Huawei in the US, when asked about the vulnerabilities, told CNET in a statement: “We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protect the network security of our customers and abides by industry standards and best practices in security risk and incident management”.