The Microsoft Defender Advanced Threat Protection (ATP) featured in Windows 10 notified researchers at Microsoft about a NSA-style vulnerability found in Huawei laptops.
Analysts at the tech giant, Microsoft recently revealed that they found a back door in specific models of Huawei laptops that allowed unprivileged users access to all laptop data.
According to a Microsoft Security Post, dated March 25th, the PCManager software featured in Huawei’s Matebook systems allows unauthorized users access to superuser privileges.
The vulnerability discovered is similar in nature to a technique used in NSA’s DoublePulsar, a malware instrument, leaked in early 2017, by the hacker group The Shadow Brokers.
DoublePulsar had affected more than 200,000 computers running on Microsoft Windows within a few weeks. DoublePulsar was again utilized in the WannaCry ransomware attack in 2017 that targeted Windows computers throughout the world and sought payment in Bitcoin to restore the computers to normal.
The NSA- inspired Backdoor
Microsoft specified in a blog post, how researchers found the backdoor vulnerability in Huawei laptops and proceeded to fix the discrepancy.
Microsoft gave no specific date for the discovery.
Researchers were made aware of the anomaly in the kernels of the Huawei Matebook models, through acute sensors, developed by Microsoft.
Microsoft devised tools that would protect users, after the DoublePulsar attacks in 2017. Devices, such as the newly developed sensors were first introduced on Nov. 13th, 2018, with the launch Windows 10, version 1809.
Further investigation into the Huawei Matebooks revealed that the source of the injected anomalous code was the PCManager software that had to be pre-installed onto the Huawei Matebooks.
The software featured a driver that enabled unprivileged users access to all the data found in all of the computers. This raised the possibility of third-party users gaining access and inserting malware in the computing system.
The blog explained how Microsoft alerted Huawei about the flaw and built a “detection mechanism that would raise an alert for any successful privilege escalation.”
However, soon after a second vulnerability was detected that allowed unauthorized users access to all data without having to upgrade to the highest levels.
When Huawei was informed of the loophole, they released a patch on January 9th to resolve the issues.
The Chinese tech company has been under massive scrutiny over its close ties with the Chinese government.
The US and other governments have alerted that the backdoor vulnerability could provide an accessible pathway to the Chinese regime to spy on people overseas.
Huawei has consistently denied such claims, reasoning that no such backdoor incident had ever been detected before.
Professor Alan Woodward, a computer security expert at Surrey University, told BBC news that the flaw was introduced at the manufacturing stage but the path by which it came to be there is unknown, and the fact that it looks like an exploit that is linked to the NSA doesn’t mean anything.”
To which he further added that “There is no evidence that the company has done anything malicious or any evidence they were under pressure from the state.”
However the question remains as to why the vulnerability was undetected and why did the software engineering processes allow this on, according to Prof Woodward.
While it is possible Huawei was not aware of the alleged data theft, the company’s obliviousness would manifest itself because for a “national security concern.”
Huawei has been banned from the United States, New Zealand, Australia, and Japan, citing security concerns. Many European markets have also announced that they would not use Huawei’s products due to the rollout of their 5G network infrastructure.