Huawei gear open to attackers, claims security researcher

Huawei equipment that is used by many ISPs has security holes, according to a German researcher. The problem, according to security researcher Felix Lindner, is due to the use of antiquated firmware code installed in some Huawei VRP routers that can be used by an attacker to log in as administrator, change the administrator passwords and then reconfigure the systems. This would allow for interception of all the traffic running through the routers, said Lindner, who heads Berlin-based Recurity Labs. In response, Huawei issued a statement to the AFP saying it was aware of "media reports on security vulnerabilities in some small Huawei routers" and was trying to verify the claims. "Huawei adopts rigorous security strategies and policies to protect the network security of our customers, and abides by industry standards and best practices in security risk and incident management," it said. Article