Chinese telecoms kit maker Huawei has said it is investigating claims by researchers that two of its router products contain serious vulnerabilities which could allow hackers to remotely take control of the devices. Felix Lindner and Gregor Kopf of Berlin-based Recurity Labs announced their findings at the Defcon hacking show …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 2nd August 2012 06:11 GMT Anonymous Coward

that's a new email address...

Or Huawei block the Googlebot, and the bingbot and the yahoobot and the dogpilebot (those are the only ones i checked.) The only site that showed in google results was The Register (this article.)

The email address that First.org has for them is different...imagine that.

And this is in the header of their PGP public key:

Version: PGP Desktop 9.0.4 (Build 4042) - not licensed for commercial use: www.pgp.com

This must be a fine, upstanding company.

4 0
1. Thursday 2nd August 2012 06:43 GMT Anonymous Coward
  
  A flaw?
  
  Nope, it was designed deliberately.
  
  1 0
Thursday 2nd August 2012 06:14 GMT Anonymous Coward

Flaw?

Huawei looking into critical router ~~backdoor~~ flaw claims.

Of course it's only a flaw.

2 1
Thursday 2nd August 2012 06:36 GMT PM.

PM

Bah, now this flaws will need a password to be accessed remotely ...

0 0
Thursday 2nd August 2012 07:39 GMT Anonymous Coward

Of course

Of course it's a 90s style vuln, it probably *is* 90s code written at 3Com, Ericcson or Lucent that somehow magically ended up in a Huawei product. Wouldn't likely be the first time either.

2 0
1. Thursday 2nd August 2012 12:33 GMT Anonymous Coward
  
  Re: Of course
  
  Holy shit. That means that by perusing the CVS database, you could potentially break every Huawei installation in the world, right?
  
  0 0
Thursday 2nd August 2012 13:29 GMT Anonymouslemming

I guess Cisco haven't patched it yet...

No way can Huawei release a patch until Cisco do - they've got nowhere to steal it from until then!

1 1
Thursday 2nd August 2012 14:30 GMT maniacmartin

More worryingly, the PGP public key for them on FIRST's website differs from the one linked to on the press release page!

0 0
1. Saturday 4th August 2012 19:33 GMT Anonymous Coward
  
  I didn't notice that
  
  Is their (on their press release page link) PGP key still signed with a not-for-commercial-use package?
  
  (after checking) Nope, it's signed by a 4 year old release of GnuPG running under MingW32...
  
  0 0
Friday 3rd August 2012 00:41 GMT asdf

wow just wow

Who in their right mind would buy any kit from this outfit? Oh that right they leave the purchasing decisions to the retards (mgmt & accounting).

0 1