Huawei routers are so full of security bugs that attackers needn't even bother looking for backdoors, a security researcher demonstrated yesterday (Oct. 11).
The network routers, used by millions around the world, come with static bootloader passwords that cannot be changed and a host of other passwords that aren't new, but are so old and easily exploitable that they warrant renewed attention.
Security researcher Felix Lindner's talk at the Hack In The Box security conference in Kuala Lumpur, Malaysia, was so damning that Huawei representatives, who had happened to be in the audience, rushed out as soon as Lindner had finished, ZDNet reported.
In addition to embarrassing security flaws, Lindner pointed out that the technology running Huawei's routers code is "pretty much from the '90s," implying that it would be more comfortable listening to Destiny's Child than Beyoncé as a solo artist.
Yesterday, Cisco Systems said Huawei misstated facts surrounding a 2003 copyright suit that claimed Huawei had access to and copied Cisco's technology.
A case document stated that "the exactness of the comments and spacing not only indicate that Huawei has access to the Cisco code but that the Cisco code was electronically copied and inserted into (Huawei's code)," Reuters reported.
Huawei, the second-largest networking-technology company in the world, asserts that the software that currently runs its routers is its own.
Recently, the U.S. House Intelligence Committee urged U.S. businesses that control vital infrastructure to find other vendors for their communications solutions.
The government cited concerns over the company's tight relationship with Beijing and the possibility that their products could be secretly modified in conjunction with the Chinese government.
Follow Ben on Twitter.