Microsoft researchers have discovered a serious security flaw in Huawei’s Matebook laptop that could have allowed strangers to spy on their users.

The researchers described the flaw as an Achilles’ heel, that could easily be exploited by hackers to hi-jack the system.

The vulnerability, which could enable attackers to view users’ actions remotely and to manipulate or steal data, affects the software sold in Matebooks sold in the UK.

Microsoft’s Defender anti-malware software was responsible for identifying the flaw, which has since been corrected after the company notified Huawei in January.

Microsoft believed that the flaw was due to a design weakness rather than an intentional move on the part of Huawei. The Chinese ICT solutions provider’s apparent fast and professional response to the situation has stood the company in good light, however, the discovery of this flaw has further heightened global scrutiny around the company’s security practices and close ties to the Chinese government.

Recommended: Huawei Concern: Geopolitical Posturing or National Security Risk?

Huawei emphatically denied carrying out espionage on behalf of Beijing, but critics have asserted that it could be compelled to insert back doors in its equipment. Critics also say it is possible the company’s Chinese supply chain could be compromised without its knowledge.

Last week, a report by the UK Government said it had found “serious vulnerabilities in the Huawei products” it examined. The Cyber Security Evaluation Centre said that Huawei’s software components was “defective, leading to higher vulnerability rates,” but didn’t attribute this to state interference”.

On the same day, The Register, reported problems with how the software giant patched its router software after being informed of a separate vulnerability.

Oleg Kolesnikov, of Securonix, a cybersecurity firm, said: “While there is no direct evidence that the software security issues were intentionally added to be leveraged for a malicious back door, these vulnerabilities appear to align with the earlier [HCSEC] report regarding Huawei products and the lack of proper software security practices in Huawei’s approach to software engineering, likely significantly increasing the risk to the operators.”

Computer cyber security expert, Professor Alan Woodward, who is based at Surrey University told BBC News the flaw was similar to a “backdoor” developed by the US’s National Security Agency for espionage.

The tool, which was leaked online, has been used by a variety of hackers, including state-sponsored actors and criminal gangs.

Like this: Like Loading...