Huawei MateBook Laptops Flaw Worked Like NSA-Style Backdoor Access
Publish | 04 Apr 2019, 19:11
Huawei has patched a security flaw on some of its MateBook laptop models that could have been used to take user control.
The vulnerability that was fixed by the Chinese company back in January and was detailed by Microsoft late last month was related to a preloaded software called PCManager. It appeared to act as a watchdog following a technique originally used by the National Security Agency (NSA) in the US.
Microsoft's Windows 10 Defender Advanced Threat Protection (ATP) was able to spot the problem on Huawei machines. The latest discovery comes just days after a UK government report highlighted "serious vulnerabilities" in various Huawei devices.
As noted by Ars Technica, the vulnerability wasn't a typical malware or a bug, instead, it was a Huawei-written driver that was acting as a watchdog to monitor the system through a regular user mode service. If the service is crashed or stopped running, the driver had the capability to restart it.
The security team at Microsoft was able to detect the issue thanks to an alert raised by the Windows 10 ATP. "We traced the anomalous behaviour to a device management driver developed by Huawei," Microsoft Defender Research Team wrote in a blog post last month.
"Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation."
Huawei in January released a fix that was primarily updating the PCManager software to patch the security loophole.
However, concerns have been raised around how Huawei is designing its software to obtain backdoor access.
A BBC report citing a computer security expert based at Surrey University underlines that the newly discovered flaw had the "hallmarks of a 'backdoor'" built by US's NSA to keep an eye on targets.
This is notably not the first time when Huawei has raised eyebrows for a serious security issue. Last week, a report published by a UK government-led board claimed "significant technical issues" and "underlying defects" in Huawei products it examined.
The Shenzhen-based company is also facing US pressure over espionage fears.