Hackers at an infamous Def Con gathering on Sunday were shown how to easily slip into computer networks through some routers made by Chinese electronics colossus Huawei Technologies (華為).
“For the 20th anniversary of Def Con the gift is China,” Recurity Labs chief Felix “FX” Lindner said as he opened his presentation.
“Nobody needs a back door; this is plausible deniability,” he quipped as he detailed weaknesses in three small Huawei routers that could be exploited using basic hacking techniques. “You get what you pay for. Sorry.”
Huawei routers, equipment that connects networks to the Internet, are widely used in Asia, Africa and the Middle East and the company has been striving to gain ground in US and European markets, according to Germany-based Recurity.
Lindner and his teammate Gregor Kopf were particularly troubled that Huawei has not issued any security advisories about its routers to warn users to take precautions.
“These machines have serious security issues,” Kopf said. “In my eyes, the greatest danger is that you don’t know how vulnerable it is; you’re left in the dark.”
Kopf referred to the routers studied by Recurity as having technology reminiscent of the 1990s and said that once attackers slipped in they could potentially run amok in networks.
“It looks pretty bad,” Kopf said. “To be fair, we only looked at three routers. But based on this sample, chances are other equipment they offer is very vulnerable.”
Recurity did not examine “big boxes,” large routers Huawei makes for businesses and telecom networks.
Huawei, founded by a former People’s Liberation Army engineer, has established itself as a major force in the global telecoms industry where its technology is widely used to build mobile phone networks.
Huawei is battling an image problem in the broader technology market due to its perceived close ties with the Chinese military and government.
It was recently blocked from bidding for contracts on Australia’s ambitious national broadband project, reportedly due to concerns about cybersecurity.
“It doesn’t really matter how much intention is behind the quality that we see,” Lindner said. “If you can take over people’s routers you can get into their stuff. People need to verify what they are dealing with before they buy.”