NSA installing backdoors in Huawei firewalls: report

13 Jan 2014

Regarding my earlier post on US paranoia over Huawei switches in South Korea –

Around the end of last year, German newspaper Der Spiegel published a story about the NSA’s Tailored Access Operations (TAO) Unit, which is allegedly a team of over 1,000 hackers tasked with figuring out how to get into computers and networks.

Among the other revelations in the story was the existence of a “product catalog” from an NSA division known as ANT, which lists the various tools that the NSA uses to pick its way into network equipment – to include, as it happens, routers and firewalls from Huawei Technologies.

Last week, security expert Bruce Schneier – who has been publishing entries from the ANT product catalog on a daily basis – posted one of the Huawei exploits, codenamed HALLUXWATER:

The HALLUXWATER Persistence Back Door implant is installed on a target Huawei Eudemon firewall as a boot ROM upgrade. When the target reboots, the PBD installer software will find the needed patch points and install the back door in the inbound packet processing routine.

Once installed, HALLUXWATER communicates with an NSA operator via the TURBOPANDA Insertion Tool (PIT), giving the operator covert access to read and write memory, execute an address, or execute a packet.

According to the catalog page, HALLUXWATER was entered into the ANT catalog in June 2008.

It’s worth noting that the NSA reportedly has exploit tools for equipment from Cisco Systems and Juniper Networks. Both companies have said they’ll launch investigations into the allegations of the Der Spiegel report.

But assuming Der Spiegel’s info is accurate, what it amounts to is this:

Huawei is banned from selling network gear in the US (and, if some US senators get their way, South Korea) because of concerns that it would enable the Chinese government to spy on Americans – even though the NSA has developed tools to not only hack Huawei’s gear for the same purpose, but also gear from Cisco and Juniper that have been installed in networks not only in China, but worldwide.

As Schneier commented:

For years we have been telling the Chinese not to install hardware back doors into Huawei switches. Meanwhile, we have been doing exactly that. I wouldn't want to have been the State Department employee to receive that phone call.

Related content

No Comments Yet! Be the first to share what you think!