Huawei’s problems keep piling up as a security firm specializing in IoT devices found numerous vulnerabilities across the company’s entire product line.
Finite State said it scanned more than 1.5 million files embedded within nearly 10,000 firmware images supporting 558 products looking for risks including hard-coded backdoor credentials, unsafe use of cryptographic keys, indicators of insecure software development practices, and the presence of known and 0-day vulnerabilities.“The results of the analysis show that Huawei devices quantitatively pose a high risk to their users. In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors,” the report said.
The primary finding being 55 percent of the devices had at least one backdoor primarily in the form of hard-coded, default user accounts and passwords along with several types of embedded cryptographic keys. However, Finite State also found on average 102 known vulnerabilities associated with each firmware, many rated critical or high, along with hundreds of potential zero day issues.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.