Expert: Huawei routers are riddled with vulnerabilities

German security researcher says the Chinese government doesn't need to demand back doors on Huawei routers because there are already major holes in their firmware.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
Felix Lindner says security holes in Huawei routers could let attackers snoop on peoples' communications. Elinor Mills/CNET

LAS VEGAS -- A German security researcher says he has uncovered several security holes in routers made by China-based Huawei that are used by many Internet service providers -- vulnerabilities that could allow attackers to take control of the devices and snoop on peoples' traffic.

Huawei routers are mostly used in Asia, Africa and the Middle East. Because they're cheap, though, they're increasingly turning up in other parts of the world, the German researcher -- Felix Lindner, also known as "FX" -- said in an interview with CNET after his Defcon talk on Sunday.

The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series, IDG News Service reports). With a known exploit, an attacker could get access to the systems, log in as administrator, change the admin passwords and reconfigure the systems, which would allow for interception of all the traffic running through the routers, said Lindner, who heads Berlin-based Recurity Labs.

Asked about reports that Huawei routers have back doors per the Chinese government's request, Lindner said: "They don't need to. You (just) need to have Huawei people running your network or help run your network... If you have so many vulnerabilities, they are the best form of (attack) vector."

Reached for comment earlier today, a U.S.-based Huawei spokeswoman said she would e-mail a statement to CNET. This post will be updated when we receive the statement.

The research is scary for not only the ISPs using the vulnerable routers, but also for millions of their customers who don't realize that their communications could be spied on, said Dan Kaminsky, security expert and chief scientist at DKH.

"It's a big deal for routers to get broken into," especially those made by the fastest growing router manufacturer, he told CNET. "If you can get into a router you can take it over, monitor and alter peoples' traffic. You become a man-in-the-middle" attacker who can spoof legitimate Web sites.

Even systems that rely on encryption aren't safe because many of them have inadequate authentication, which allows attackers to pretend to be any site they want, Kaminsky said.

Update, July 31 at 10:16 a.m. PT: A U.S.-based Huawei representative provided CNET with the following statement:

We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protect the network security of our customers and abides by industry standards and best practices in security risk and incident management. Huawei has established a robust response system to address product security gaps and vulnerabilities, working with our customers to immediately develop contingency plans for all identified security risks, and to resolve any incidents in the shortest possible time. In the interests of customer security, Huawei also calls on the industry to promptly report all product security risks to the solutions provider so that the vendor's CERT team can work with the relevant parties to develop a solution and roll-out schedule.