A Russian security researcher Nikita Tarakanov has found Huawei’s 3G and 4G devices vulnerable to the hackers. He has reported this matter to Black hat Europe. According to the researcher, Huawei’s sever update is one of the tools for hackers to lay down an attack on the systems.
The server update was made in Netherland and it isn’t the most preferred server by Huawei. The researcher saw the server was working on hoary codes of Windows IIS 6.0 – a relic version of Windows server 2003. He believed that if the attacked got a way to break into this server, they could manipulate a large number of Huawei’s users.
Furthermore, the researcher hinted towards easy plain text configuration as one of the drawbacks of the updated server. He said if hackers found a way to configure the server then they could easily be able to do it. It’s really easy to change the DNS of the server through the modem and if they are able to do that they can enforce all the users to be directed to malicious websites.
The attacked could also modify the automated the anti-virus installer to a malicious software if they got a way to compromise the modem. While covering all the aspects of the vulnerabilities found in Huawei’s updated server, another researcher who was researching on Windows and OS X updates found vulnerabilities it too. He tweeted:
“The Huawei OS X update app (ouc.app) has unrestricted access to /usr/local”.
Though, all these researches were made from Russia but researcher s denied a probability of vulnerabilities found from specific country.
