Huawei Routers Are Easily Hacked, Say Security Pros

At the Defcon hacking convention, router-security experts claimed vulnerabilities are plentiful in networking products from Huawei, a Chinese technology firm.

By: Robert Lemos

Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention.

The two researchers-Felix "FX" Lindner and Gregor Kopf, both of Recurity Labs-analyzed two small-office routers made by Huawei and found a number of vulnerabilities. The ease with which the flaws were exploited shows that the company appears to have a security process reminiscent of the 1990s, complete with a lack of response to bug reports, Lindner stated in an email interview.

"It's 1990s code and operating system design," said Lindner, who heads up Recurity Labs. "The OS has absolutely no mitigations in place; to the contrary, it even has functionality to help you exploit it."

Huawei, an information and communications technology company with $32 billion in sales, has grown quickly since its founding in 1988, threatening established makers of network equipment, such as Cisco Systems. In April, Cisco's CEO called Huawei a more significant rival than its other domestic competitors, such as Hewlett-Packard. In somewhat prescient comments, CEO John Chambers accused Huawei of not playing by the rules and said customers should be worried about the security of the Chinese firm's products.

"When you look at companies, one of the things you don't want to do ... you don't want to have people doubting, will you copy their intellectual property," Chambers told The Wall Street Journal. "You don't want to have them doubting about is there security issues, etc."

Huawei has opened up more about details on the company's finances but has downplayed its ambitions against other networking vendors.

Still, the networking vendor needs to do better about the actual security of its products, said Lindner. The company's routers lack modern security measures, such as the ability to limit the execution of certain portions of memory and randomizing the addresses where programs are loaded, a feature known as address space layout randomization (ASLR), he said.

"The low cost of these devices comes at a price: security," said Lindner.

The key vulnerability, a heap overflow in the router software, combined with the lack of security defenses, makes the routers easy to exploit.

The vulnerabilities "were pretty easy to find and we suspect more of them in the code base," said Lindner.

The researchers were not able to determine the contact point for the company. Following the Defcon talk on July 29, the networking vendor issued a statement indicating that vulnerability reports can be sent to their Network Security Incident Response Team (NSIRT), a fact that is not clear from the information online, said Lindner.

In a statement released to the Agence France-Presse, Huawei countered that its system for responding to vulnerabilities and security issues is active and ready.

"Huawei adopts rigorous security strategies and policies to protect the network security of our customers, and abides by industry standards and best practices in security risk and incident management," the company told AFP.