Yet more trouble for Huawei as "deliberate flaw" found in Matebook laptops

Martyn Warwick
By Martyn Warwick

Apr 4, 2019

© Flickr/cc-licence/

© Flickr/cc-licence/

  • Microsoft finds "sophisticated" vulnerability built-in at the manufacturing stage
  • "Achilles Heel" could allow hackers to take control of Matebooks
  • Huawei denies culpability.
  • Echoes of the WannaCry ransomware attacks?

There's a school of thought that says Huawei is in such bad odour in North America not because it is an organisation ultimately controlled by the Politburo of the People's Republic of China and is deeply and systematically involved in massive espionage and is the originator of attacks on sensitive comms networks across important industries, the financial and banking sector and strategic defence (to name but a few) via malware and 'back doors' deeply embedded in Huawei hardware and software, but because President Donald Trump personally decided to stop Huawei in its tracks in the US for reasons of political expediency and popularity.

Well, today there is more evidence to favour the rationale outlined at the start of the above sentence rather than that noted in the latter part. System security scientists at Microsoft have traced and isolated a "sophisticated" and apparently deliberate "flaw" in the device management driver of in Huawei's Matebook range of Windows 10 laptops, that, it is alleged, could only have been introduced during the actual manufacturing process which takes place in Shenzhen in China. Referring to the flaw as an "Achilles’ heel" Microsoft says the inbuilt vulnerability could be exploited by hackers to permit them to take control of users' PCs.

Huawei denies allegations that the vulnerability was deliberately introduced to the Matebook range and says it acted quickly to correct the "flaw" when it was first notified about it back in January.

The vulnerability has striking similarities in common with WannaCry software that was developed by the US National Security Agency as a component of America's arsenal of cyber attack weapons and subsequently and mysteriously stolen from it.

Wannacry exploited a weakness in the code of Microsoft's Windows OS and when the flaw was leaked online a series of massive ransomware attacks soon followed, many of which are suspected of having being state-sponsored by the likes of China, Iran, North Korea and Russia.

Only last week the UK intelligence services announced that they can provide no more than "limited assurances" that security risks originated by Huawei can be managed and stopped in the long-term. The only solution, they said, is to tear out all Huawei equipment from all networks where it has been deployed and there are a lot, including the national incumbent telco, BT.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.