back to article Huawei looking into critical router flaw claims

Chinese telecoms kit maker Huawei has said it is investigating claims by researchers that two of its router products contain serious vulnerabilities which could allow hackers to remotely take control of the devices. Felix Lindner and Gregor Kopf of Berlin-based Recurity Labs announced their findings at the Defcon hacking show …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    that's a new email address...

    Or Huawei block the Googlebot, and the bingbot and the yahoobot and the dogpilebot (those are the only ones i checked.) The only site that showed in google results was The Register (this article.)

    The email address that First.org has for them is different...imagine that.

    And this is in the header of their PGP public key:

    Version: PGP Desktop 9.0.4 (Build 4042) - not licensed for commercial use: www.pgp.com

    This must be a fine, upstanding company.

    1. Anonymous Coward
      Anonymous Coward

      A flaw?

      Nope, it was designed deliberately.

  2. Anonymous Coward
    Anonymous Coward

    Flaw?

    Huawei looking into critical router backdoor flaw claims.

    Of course it's only a flaw.

  3. PM.
    Joke

    PM

    Bah, now this flaws will need a password to be accessed remotely ...

  4. Anonymous Coward
    Anonymous Coward

    Of course

    Of course it's a 90s style vuln, it probably *is* 90s code written at 3Com, Ericcson or Lucent that somehow magically ended up in a Huawei product. Wouldn't likely be the first time either.

    1. Anonymous Coward
      Mushroom

      Re: Of course

      Holy shit. That means that by perusing the CVS database, you could potentially break every Huawei installation in the world, right?

  5. Anonymouslemming
    Joke

    I guess Cisco haven't patched it yet...

    No way can Huawei release a patch until Cisco do - they've got nowhere to steal it from until then!

  6. maniacmartin
    FAIL

    More worryingly, the PGP public key for them on FIRST's website differs from the one linked to on the press release page!

    1. Anonymous Coward
      Anonymous Coward

      I didn't notice that

      Is their (on their press release page link) PGP key still signed with a not-for-commercial-use package?

      (after checking) Nope, it's signed by a 4 year old release of GnuPG running under MingW32...

  7. asdf
    FAIL

    wow just wow

    Who in their right mind would buy any kit from this outfit? Oh that right they leave the purchasing decisions to the retards (mgmt & accounting).

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021