Bloomberg alleges Huawei routers and network gear are backdoored

Details are scarce, but the “backdoor” appears to be benign.

5G Logo in the shape of a butterfly.

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone's "fixed-line network in Italy." But Vodafone disagrees, saying that while it did discover some security vulnerabilities in Huawei equipment, these were fixed by Huawei and in any case were not remotely accessible, and hence they could not be used by Huawei.

Bloomberg's claims are based on Vodafone's internal security documentation and "people involved in the situation." Several different "backdoors" are described: unsecured telnet access to home routers, along with "backdoors" in optical service nodes (which connect last-mile distribution networks to optical backbone networks) and "broadband network gateways" (BNG) (which sit between broadband users and the backbone network, providing access control, authentication, and similar services).

In response to Bloomberg, Vodafone said that the router vulnerabilities were found and fixed in 2011 and the BNG flaws were found and fixed in 2012. While it has documentation about some optical service node vulnerabilities, Vodafone continued, it has no information about when they were fixed. Further, the network operator said that it has no evidence of issues outside Italy.

Read 9 remaining paragraphs | Comments

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

Enlarge
Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.
Until recently, the flaw could have been exploi…

Enlarge

Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.

Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.

Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country.

Read 9 remaining paragraphs | Comments

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

Enlarge
Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.
Until recently, the flaw could have been exploi…

Enlarge

Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.

Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.

Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country.

Read 9 remaining paragraphs | Comments

Meet PoisonTap, the $5 tool that ransacks password-protected computers

Enlarge (credit: Samy Kamkar)
The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong passwor…

Enlarge (credit: Samy Kamkar)

The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong password.

PoisonTap, as the tool has been dubbed, runs freely available software on a $5/£4 Raspberry Pi Zero device. Once the payment card-sized computer is plugged into a computer's USB slot, it intercepts all unencrypted Web traffic, including any authentication cookies used to log in to private accounts. PoisonTap then sends that data to a server under the attacker's control. The hack also installs a backdoor that makes the owner's Web browser and local network remotely controllable by the attacker.

(credit: Samy Kamkar)

PoisonTap is the latest creation of Samy Kamkar, the engineer behind a long line of low-cost hacks, including a password-pilfering keylogger disguised as a USB charger, a key-sized dongle that jimmies open electronically locked cars and garages, and a DIY stalker app that mined Google Streetview. While inspiring for their creativity and elegance, Kamkar's inventions also underscore the security and privacy tradeoffs that arise from an increasingly computerized world. PoisonTap continues this cautionary theme by challenging the practice of password-protecting an unattended computer rather than shutting it off or, a safer bet still, toting it to the restroom or lunch room.

Read 11 remaining paragraphs | Comments