A security researcher for German security firm Recurity Labs has disclosed several critical vulnerabilities in router products made by Huawei at the annual Defon hackers conference on Sunday.
The vulnerabilities -- a session hijack, a heap overflow and a stack overflow -- affect the Chinese networking and telecommunications firm's Huawei AR18 and AR28 series routers, which are widely used in Asia, Africa and the Middle East, although their relative cheapness is resulting in widespread use worldwide.
Felix Lindner, also known as “FX”, says all three flaws can be exploited to gain control of the devices via the internet as well as snoop on other people's traffic. He believes the problem is the use of “1990's-style code” in the firmware of certain VRP routers. Using one of these exploits it would be possible for a hacker to gain access to the routers, change the admin passwords and then reconfigure them to intercept all traffic running through the network.
Dan Kaminsky, chief scientist and security expert at DKH believes this presents a scary situation for ISP's extensively using these router products, and even more crucially their customers who will be completely unaware of the possibility that their activity could potentially be spied on.
“It's a big deal for routers to get broken into,” especially those made by the fastest growing router manufacturer, he said in a statement. “If you can get into a router you can take it over, monitor and alter peoples' traffic. You become a man-in-the-middle attacker who can spoof legitimate Web sites.”
Some earlier reports have speculated that the company builds back-doors into its products for the Chinese government to spy on. CNet asked Lindner about this during an interview, to which he replied: “They don't need to. You (just) need to have Huawei people running your network or help run your network. If you have so many vulnerabilities, they are the best form of (attack) vector.”
Huawei did not respond to requests for further comment at the time of writing.
The Cisco Linksys E4200 is a simultaneous Dual-Band N (2.4 & 5 GHz) wireless router, it packs 4 Gigabit Ethernet ports with a maximum speed up to 450 Mbps, it also has shared storage capabilities thru its USB port. Last but not least, there is a built-in UPnP AV media server.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Receive a weekly update of our best features and tech news you don't want to miss: