Security Experts:

Routers from China's Huawei Vulnerable to Trivial Levels of Attack

In a talk on router hacking during Def Con on Sunday, Recurity Labs’ Felix (FX) Lindner told those in attendance that for the 20th anniversary of Def Con, the gift was China. This is because he was about to give a presentation on the seriously security challenged status of routers manufactured by Huawei.

UpdateChina's Huawei Responds to US Hackers

The talk focused on the fact that Huawei routers were easily compromised. The AR series routers from Huawei (AR18 and AR29) that were tested are marketed for SMBs and smaller networks.

The firmware on the two models tested were found to be vulnerable to trivial exploits; including session hijacking, and stack overflows and heap overflows. One vulnerable function within the firmware of the routers, named ‘sprintf’, has more than 10,000 calls to it, meaning there are plenty of ways to target it.

Presently, the vulnerable hardware found in Asia and the Middle East, but that could change if Huawei gets their way, as they are pushing for expansion in Europe and the U.S.

Researchers FX and Gregor Kopf focused on routers from Huawei that are used in the home and office, but only because the equipment used by telecommunications firms was unavailable. Still, they share the same framework the researchers noted, so the big boxes are likely just as vulnerable.

Sam Erdheim, senior security strategist for network security firm AlgoSec, said that vulnerabilities such as the ones disclosed by Recurity Labs are at the root of security challenges. “It does no good to worry about threats when your core networking devices are providing attackers with an easy way to gain unauthorized access to systems and information.”

When asked about reports earlier this month that firms such as Huawei have pervasive access to a majority of the world’s telecoms. FX commented that nobody needs a backdoor, as the flaws exposed during his talk represent “plausible deniability.”  

FX, also blasted Huawei for not having an easily accessible security contact. He hopes that the disclosure of numerous flaws will force the company to fix its problems, while acting as a wake-up call to their customers.

UpdateChina's Huawei Responds to US Hackers

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.