Confirmed: Massive Cybersecurity Vulnerabilities Embedded Within Huawei Devices

• Numerous instances of backdoor access vulnerabilities
• Huawei devices were shown to have a very high number of known security vulnerabilities
• Despite claims of investing in security, Huawei engineers were found to have routinely made poor security decisions
• Huawei devices have substantially worse security than similar devices from other vendors.

An Internet of Things (IoT) device intelligence company issued results from a large-scale study it conducted of the cybersecurity-related risks embedded within Chinese technology company Huawei’s enterprise devices by analyzing Huawei firmware at an unprecedented scale. Utilizing its automated system to look at more than 1.5 million files embedded within nearly 10,000 firmware images supporting 558 products within Huawei’s enterprise networking product lines, Finite State found several classes of security issues, concluding that Huawei devices pose a quantifiable high risk to their users. Of all the firmware images analyzed, 55% had at least one potential backdoor.

China’s Huawei is the dominant provider of equipment used in the coming 5G networks that will usher in the next generation of consumer, enterprise and industrial technology. Concerns that using Huawei equipment could offer the Chinese government access to 5G networks, which could be used to execute espionage or military missions, has led countries to take measures to limit their risks, including the Trump administration’s outright ban of Huawei products. Today’s report demonstrates the extent of cybersecurity the vulnerabilities in Huawei devices that drove the White House to enact that ban.

“Fundamentally, policymakers should be making data-driven decisions about which risks they are, and are not, willing to take,” said Matt Wyckhouse, founder and CEO of Finite State. “Our analysis revealed that Huawei devices quantitatively pose a high risk to their users, which is particularly concerning given Huawei’s dominance on the eve of 5G implementation,”

The analysis found:

• Numerous instances of backdoor access vulnerabilities. These vulnerabilities enable an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log in to the device.
• Universally, Huawei devices were shown to have a very high number of known security vulnerabilities. On average, each device tested had 102 known vulnerabilities in its firmware — increasing the likelihood of being compromised by attackers.
• Despite claims of investing in security, Huawei engineers were found to have routinely made poor security decisions in building the devices, significantly increasing the potential for serious vulnerabilities.
• Huawei devices have substantially worse security than similar devices from other vendors.
• Prior Huawei claims that devices and their firmware’s security properties could not be tested at scale were disproven: Finite State’s firmware analysis platform, Iotasphere, was able to process and analyze 9,936 firmware images comprised of more than 1.5 million files in 36 hours.

“Despite Huawei’s claims about investing in security, they appear to be behind the rest of the industry in almost every respect. This overall weak security posture is concerning and obviously increases the security risks associated with use of Huawei devices,” Wyckhouse said. “Whether those risks were introduced intentionally or accidentally is out of the scope of a technical assessment, and thus we cannot and do not draw any conclusions relating to intent.”

Content created by Conservative Daily News and some content syndicated through CDN is available for re-publication without charge under the Creative Commons license. Visit our syndication page for details and requirements.