Sign In Register
5G
The Edge
Open RAN
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Next-Gen Broadband APAC: 5G, 10G & Beyond5G Next Wave Digital SymposiumCloud Native World Digital SymposiumOpen RAN World Digital ConferenceAsia Tech 2021 Digital Symposium
Events Archives
Digital Event Archives Edge Computing Digital Symposium Optical Networking Digital Symposium Service Provider Security Strategies for the Enterprise
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Security Platforms/Tools

Def Con Hacks Huawei

AsiaBlog Ray Le Maistre, Editor-in-Chief 7/30/2012
Comment (6)
9:45 AM -- This is just the sort of ammunition that the House of Representatives' Intelligence Committee was looking to load into its east-facing guns. (See More Chinese Whispers.)

Staff from Recurity Labs exposed a number of security flaws in routers made by Huawei Technologies Co. Ltd. during the annual Def Con event for hackers in Las Vegas (July 26-29), reports AFP.

The assessment of the routers' security flaws was pretty damning, not least because there are reportedly no security advisories from Huawei about the alleged flaws. And while the equipment tested by the hackers didn't include any of the carrier-grade equipment deployed in operator networks, this case will no doubt be referenced in reports about the security threats posed by network equipment developed by Chinese vendors.

— Ray Le Maistre, International Managing Editor, Light Reading

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Soupafly 12/5/2012 | 5:25:14 PM
re: Def Con Hacks Huawei

Just to clarify my earlier posts.


This is more significant than I first though. These routers are the key parts of Huawei's new enterprise strategy, from a Campus & WAN networking perspective.


Given that they are brand new & have only just been released, if the reports are true, it seems they have a weak security bubble.


The further reading that's required is important & a must if your thinking of using or deploying any Huawei enterprise kit. The computerworld link is a good start.


Are they the only one's impacted. No. However, given the lack of information on the platforms it would be wise to proceed with caution. Caveat emptor!
Reply | Post Message | MESSAGES LIST | START A BOARD
melao2 12/5/2012 | 5:25:23 PM
re: Def Con Hacks Huawei

I wonder who in the industry would take this seriously.


Those problems, as was pointed out here, maybe were already solved in newer software releases. Anyway, it should exist in most of the routers, specially in the lower end such as the AR18 and AR29.
Reply | Post Message | MESSAGES LIST | START A BOARD
Soupafly 12/5/2012 | 5:25:28 PM
re: Def Con Hacks Huawei Just to update my post below. Here is a more credible link that provides additional detail & definition on the report;

http://www.computerworld.com/s...

Intriguing piece of FUD or important feedback from security experts. You decide.
Reply | Post Message | MESSAGES LIST | START A BOARD
Soupafly 12/5/2012 | 5:25:30 PM
re: Def Con Hacks Huawei

@ Brooke7; Agreed.


Frankly, this is a storm in a teacup. Even if they found security issues, its hardly surprising or news. Every single vendor has multiples of said - in past, present & future Software builds.


Does anyone really think that what I call CAPT (cumulative advance persistent threats) exist in a vacuum? Nope. Some are linked to 0 day exploits and assorted un-patched vulnerabilities. This is an inevitable consequence of a digital world.


This is in no way a Huawei only problem.


Having said that, Huawei may have some process tweaks to do.


Its also fair to say that the AFP article is written in a sensationalist style which doesnt help anyone;


E.g: "Kopf referred to the routers studied by Recurity as having technology reminiscent of the 1990s and said that once attackers slipped in they could potentially run amok in networks."


a) What does technology reminiscent of the 1990's mean? (This is like reading a Dan Brown Novel. Nice frothy headlines, no substance or detail.)


b) "Attackers slipped in + run amok" Again emotive language thats better suited to a fiction novel than piece of substantive journalism. Any attack once it bypasses the security & authentication process can be harmful. Thats why its called an attack!


Because I like detail & specifics in life, lets be very clear; Is the Recurity team referring to a specific technical process, proceedure or command that allows the user to bypass the authentication and administration process on the router firmware & once deployed it's use allows/facilitates a privilege elevation exploit to be used to increase the attack surface and/or vulnerability window?


 If the above statement is true, then I would also expect to see a write up that would include Model, Firmware rel no. and additional technical detail with limited (selected) Proof-of-Concept/Exploit code.


The above is how a credible report would read and be presented. Not this sugar coated puff piece from AFP.


 
Reply | Post Message | MESSAGES LIST | START A BOARD
paolo.franzoi 12/5/2012 | 5:25:30 PM
re: Def Con Hacks Huawei

To mollify a particular poster, I changed the title.


But the reality is that security is a tradeoff.  I had a friend put it this way....


They still rob banks right?  If physical security is a completely solvable problem, nobody would be able to after the 1000s of years of trying to protect it.  So, things go in scale from the cost and safety of a key lock like a dead bolt up to the extreme of Fort Knox.  


You have to think of electronic security in the same way.  It is a tradeoff of security versus cost and usability.  All products and networks are vulnerable.  It is a matter of degree and cost to penetrate them.


I would agree that there is a PR problem more than a real problem.  I would think to help on that front adopting what people perceive as standard practice of publishing security issues would be prudent.  Of course, the unpublished ones are the worst.  But in the end, one still needs to think of any single product or series of products as simply building a higher wall.


seven
Reply | Post Message | MESSAGES LIST | START A BOARD
Pete Baldwin 12/5/2012 | 5:25:30 PM
re: Def Con Hacks Huawei

Well, from an engineering standpoint, this isn't surprising; every router probably has lots of flaws. It could be harmful from a PR standpoint, though.


Reading the AFP story... what's interesting are the lack of disclosure (vs. other vendors that have all kinds of security alerts out there), and more so, the comment that Huawei's technology (the security technology, presumably) seems way behind the times.
Reply | Post Message | MESSAGES LIST | START A BOARD
EDUCATIONAL RESOURCES
sponsor supplied content
Cybersecurity: Priorities & Proposals for Small ISPs
Arbor & Cisco: Stopping DDoS Attacks
Threat-Centric Security Solutions for Service Providers
Cisco ASR 9000 vDDoS Protection Solution
Cisco ASR 9000 Integrated DDoS Mitigation with Arbor Networks Peakflow TMS
Cisco ASR 9000 vDDoS Protection Solution
Frost & Sullivan: The Expanding Role of Service Providers in DDoS Mitigation
Cisco ASR 9000 vDDoS Protection Solution Overview
Educational Resources Archive
More Blogs from AsiaBlog
Unicom's Inglorious Award

Staff humiliation strategy goes viral in China

SK Telecom, 4G Trailblazer

Are you watching, Europe?

China Mobile Terminates Taiwan M&A

Security concerns scupper China Mobile investment in Taiwanese operator

China Mobile's Capex Blowout

Major carrier plans a near 50% hike in annual spending, with LTE TDD getting a healthy chunk

ZTE & Huawei in IPR Charm Offensive

The Chinese vendors hike their intellectual property investments and ask everyone to play nice with patents

More
FEATURED VIDEO
UPCOMING LIVE EVENTS
Next-Gen Broadband APAC: 5G, 10G & Beyond
March 2-4, 2021, Digital Symposium
5G Next Wave Digital Symposium
March 9-11, 2021, Digital Symposium
Cloud Native World Digital Symposium
March 23-25, 2021, Digital Conference
Open RAN World Digital Conference
April 6-8, 2021, Digital Conference
Asia Tech 2021 Digital Symposium
April 13, 2021, Digital Symposium
Service Provider Security Strategies for the Hybrid Era Digital Symposium
April 15, 2021, Digital Symposium
Cable Next-Gen Technologies & Strategies Digital Conference
April 28-29, 2021, Digital Conference
All Upcoming Live Events
UPCOMING WEBINARS
March 2, 2021 Next Steps of Digital Transformation: How MSPs are Meeting the Challenge to Secure Distributed Assets
March 2, 2021 Next-Gen Broadband APAC: 5G, 10G & Beyond - Day One
March 3, 2021 5G Core Operator Survey: Charting Deployment of Cloud Native 5G Core at Mass Market Scale
March 4, 2021 5G: A view from the front seats
March 4, 2021 Next-Gen Broadband APAC: 5G, 10G & Beyond - Day Two
March 9, 2021 5G Video: Designing the future of boundless experiences
March 10, 2021 How Open RAN Technologies Will Change Mobile Networks in the Future
March 16, 2021 5 Steps to Make IPTV Easy
March 17, 2021 vRAN, Open RAN and the Path Towards Mobile Networks Modernization
March 17, 2021 Wi-Fi 6 – Separating the magic from the myth
March 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: What's New with DAA & Flexible MAC
March 24, 2021 5G: Unlocking Value, Beyond Connectivity
April 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: Winning with Wireless: Embracing 5G & Wi-Fi 6/6E
May 20, 2021 SCTE•ISBE Live Learning Webinar™ Series: Fighting Fiber with More Fiber
June 17, 2021 SCTE•ISBE Live Learning Webinar™ Series: Putting Next-Gen PON to Work
July 15, 2021 SCTE•ISBE Live Learning Webinar™ Series: 10G or Bust: HFC & the Future Access Network
August 19, 2021 SCTE•ISBE Live Learning Webinar™ Series: Tapping Into the Cloud
September 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Engineering the DOCSIS 4.0 Network (FDX and ESD)
October 21, 2021 SCTE•ISBE Live Learning Webinar™ Series: Lowering the Latency
November 18, 2021 SCTE•ISBE Live Learning Webinar™ Series: How to Test the Next-Gen Cable Network
December 16, 2021 SCTE•ISBE Live Learning Webinar™ Series: Virtualizing the Cable Access Network
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
ZTE Is Committed to Empowering Different Industries With Digital Technology By Ling Zhi, Vice President, ZTE
Continuous 5G Evolution for Building an Engine of All-Industry Digitalization – Dr. Tong Wen, Huawei Fellow and CTO of Huawei Wireless By Huawei
Huawei's 'Ultra-Simplified' 5G RAN Solutions Could Help MNOs Address the Needs of Consumers and Businesses By Huawei
ZTE Is Striving to Help Operators in Various Countries to Achieve Digital Technology Development in 5G SA Deployment By Zhang Jianpeng, SVP and Head of Global Marketing, ZTE
Ritchie Peng: Building Optimal 5G Networks by Sustained Innovation By Huawei
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
From 5G to 6G: What could it look like? By Nermin Mohamed, Wind River
Why performance management is at the heart of successful managed SD-WAN By Jay Stewart, Accedian
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE