In the year 2013, an Internet service provider warned Huawei about a security vulnerability in all of its domestic use routers. According to ethical hacking training experts from the IICS, the Chinese company updated only two of the models that used the compromised firmware.
Currently, Huawei devices are still being used
by thousands of consumers and remain vulnerable; many were even compromised by
the operators of the gigantic botnet Mirai,
who exploited the same vulnerability reported to the company years ago.
According to the ethical hacking training
experts, the vulnerability report received by Huawei in 2013 explains how a
threat actor could have exploited a firmware programming error of the HG523a
and HG533 gateways to hijack the compromised devices.
The Chinese company claimed that the vulnerability
had already been patched, and also mentioned that all vulnerable devices would
be patched. However, other entry doors used by other Internet service providers
began to present the same fault; many of the compromised developments remain
vulnerable to date.
According to case reports, this is easily
exploitable remote code execution vulnerability.
Ethical hacking training experts have analyzed
the firmware of Huawei’s domestic access point, discovering code blocks reused
in multiple devices. The situation is that the company has decided to patch
each compromised router, one by one, instead of implementing a general fix for
all affected devices.
This situation becomes even more complicated
because there are already reports of threat actors exploiting this vulnerability.
The hijacking of domestic routers to integrate them into the botnet Mirai is a
clear example of this exploitation campaign.
Even four years before Huawei received the
report of this vulnerability, a cybersecurity firm discovered the same flaw
present in another router model, thanks to an independent investigation.
The company publicly acknowledged the
vulnerability until November 2017, suggesting that users might take temporary
mitigation measures or replace previous model routers with updated versions.
A few months ago, a researcher discovered that
Huawei’s vulnerable routers were being used to house a botnet composed of more
than 18000 devices committed to a malware variant of the Mirai botnet.
According to the expert, this botnet would not have existed if Huawei had
launched a firmware correction for all its devices.