Following the news that Microsoft researchers have found an NSA-style backdoor in Huawei laptops, Oleg Kolesnikov VP of Threat Research and Head of Research Labs at Securonix commented below.
Oleg Kolesnikov, VP of Threat Research and Head of Research Labs at Securonix:
“While there currently is no direct evidence that the software security issues were intentionally added for Huawei’s driver code to be leveraged for a malicious backdoor, these vulnerabilities appear to align with the earlier National Cyber Security Centre, GCHQ etc (HCSEC) report regarding Huawei products and the lack of proper software security practices in the Huawei’s approach to software engineering likely significantly increasing the risk to the operators.
Given the ongoing debate about Huawei and fear around backdoors, one of the key takeaways from this is that it can be very challenging to determine whether a software security issue present is a result of an intentional/backdoor vs. unintentional error, so it is critical not only to have the ability to perform an in-depth software and hardware security analysis related to the vulnerabilities, but also to ensure that the proper software development process and best practices are in place since software vulnerabilities often do not occur in isolation–where there is one, there is often much more to find.
Specifically, process hollowing is a relatively well-known software security attack technique, so had Huawei developers followed the proper software security design, development, and testing processes when implementing the MateBookService and the corresponding driver software components IRP/IOCTL functionality, chances are that the software security issues reported could have been mitigate and/or addressed proactively.”