In the rush to come up with reasons to punish Huawei as a threat to the United State’s national security, yesterday Bloomberg reported on a backdoor that existed on Vodafone’s Huawei routers.
The backdoor, they claimed, would allow an attacker local area network access, so any of your devices on your network would have been attackable.
Unfortunately (for Bloomberg,) that backdoor was telnet, and was only lan-facing. This means an attacker would have to get into your network first, then hit your router’s telnet diagnostic from the inside, then hit your network from the router. There was no external way to reach the Telnet diagnostics according to The Register.
And it was removed in 2012.
If this doesn’t make sense – imagine that you’re inside your house (you’re the attacker) and getting in the front door is the target. You walk over to the front door and open it and then turn around and walk back in. The “vulnerability” did not exist if you were outside the house. If you were outside the house you could not open the door.
Should be noted Bloomberg is the company that claimed chips the size of rice were being planted in computers to hijack them a while back, when compromising the firmware would have been so much easier and completely undetectable.[The Register]