Researchers at the American technology giant Microsoft recently discovered a backdoor * in Huawei MateBook laptops, which allows hackers to access all data.
This vulnerability in the protection system is similar to DoublePulsar, a malware spread by the hacker group The Shadow Brokers in early 2017. In just a few weeks, she infected more than 200,000 computers running Microsoft Windows software.
DoublePulsar was again used to attack WannaCry extortionists in May 2017 on computers running Windows all over the world with the goal of getting payment for restoring computers in bitcoins.
Microsoft published a message on its blog on March 25, detailing how researchers found a backdoor in MateBook Huawei laptops, and then proceeded to eliminate the loophole. Microsoft reported that after it informed Huawei about the backdoor, on January 9, the Chinese manufacturer released an update to fix vulnerabilities.
Microsoft did not specify when they discovered the flaw.
All computers have a core – a fundamental element of the operating system, which provides coordinated access to all computer resources and can fully control everything on the device.
After the DoublePulsar attacks in 2017, Microsoft tried to develop programs that protect users. Starting with Windows 10, version 1809, released on November 13, 2018, Microsoft has installed the newly developed Defender ATP sensors to better detect threats to the kernel, such as DoublePulsar.
But then Microsoft discovered the "abnormal" embedded code in the Huawei MateBook cores.
After further investigation, Microsoft engineers tracked the code to PCManager device management software, which is preinstalled on Huawei Matebooks. A driver was included in the software, which allowed attackers to increase the access level to Ring-0 and view all data on the computer and the computer system connected to it. If a third party accesses and inserts malware, it may damage the computer's operating system.
Computer user rights has four levels. The rights of Ring-0 in the kernel are the most extensive and allow users to control every hardware and software.
Microsoft reported a vulnerability in the Huawei laptop and created a “discovery mechanism that will warn of any successful elevation of rights” in Matebooks, explained in a blog.
Soon after, Microsoft engineers found another backdoor in Matebook: the same insecure driver gave attackers the ability to directly access all the data without having to update the permission levels.
On January 9, Huawei released a fix for these two vulnerabilities.
On March 29, the American media Lightreading commented: "The news about the backdoor cast a shadow over Huawei."
This Chinese company, one of the world's largest manufacturers of telecommunications equipment, smartphones and other electronic devices, has been sharply criticized for its close ties with the Chinese regime. And this, as the governments of the United States and other countries have warned, may mean that its products have loopholes that allow the Chinese regime to spy on people abroad.
Huawei has consistently denied these allegations, including due to the fact that no backstage incident was found.
Although this latest incident may not be related to the Chinese regime, cases have been reported earlier that show Huawei’s responsibility.
In January 2018, the French newspaper Le Monde reported that data from the African Union headquarters building was transmitted every night to a server in Shanghai.
The headquarters of the African Union is in Addis Ababa, Ethiopia. The $ 200 million building was built and funded by the Chinese regime as a gift. Huawei is one of the suppliers of engineering and telecommunications systems for the building, according to an analysis by the Canberra-based Australian Institute for Strategic Policy, with a link to Huawei’s own website and documents received from the African Union, including contracts for its IT infrastructure.
The analytic center pointed out that although Huawei may not have known about the alleged theft of data, this in itself would be the cause of “concerns about national security.”
Meanwhile, a report from the Australian publication Weekend, published in November 2018, states that, according to an intelligence source, Australia has evidence that Chinese authorities have approached Huawei officials and put pressure on the purpose of disclosing access codes for hacking foreign networks.
The United States, Australia, New Zealand and Japan closed their markets to Huawei, citing security concerns. Several European mobile operators have also recently announced that they will not use Huawei products to deploy 5G network infrastructure.
* Backdoor – a defect in an algorithm that is intentionally embedded into it by the developer and allows unauthorized access to data or remote control of the operating system and the computer as a whole.
Source: Epoch Times