A flaw in Huawei Matebook laptops, found by Microsoft researchers, could have been used to take control of machines, reported by Ars Technica.
First things first: Huawei fixed the driver and published the safe version in early January, so if you’re using a Huawei system and have either updated everything or removed the built-in applications entirely, you should be good to go.
The interesting part of the story is how Microsoft found the bad driver in the first place.
The “sophisticated flaw” had probably been introduced at the manufacturing stage, one expert told BBC News.
Prof Alan Woodward, a computer security expert based at Surrey University, told BBC News the flaw had the hallmarks of a “backdoor” created by the US’s National Security Agency to spy on the computers of targets.
That tool was leaked online and has been used by a wide variety of hackers, including those who are state-sponsored and criminal gangs.
“It was introduced at the manufacture stage but the path by which it came to be there is unknown and the fact that it looks like an exploit that is linked to the NSA doesn’t mean anything,” Prof Woodward said.
“It could be organised crime gangs, which are increasingly interfering with the supply chain, or it could be someone playing geo-politics to discredit Huawei.
“There is no evidence that the company has done anything malicious or any evidence they were under pressure from the state.”
The question remains, however, according to Prof Woodward: “How did the software engineering processes allow this on?
“This is not going to help their case or reduce people’s concerns,” he said.
The British intelligence community last week said that it could offer only “limited assurances” that long-term security risks from Huawei could be managed.
Prof Woodward said: “Huawei is critical to 5G, which in turn will be critical to a whole range of things, including future cities and autonomous cars.
“Disrupting this network could cause huge disruptions to society and I can see why people are worried about Huawei supplying this technology.
“They are headquartered in a country that has coercive laws and has made it clear that companies have to co-operate with the government and keep that secret.”