Security News > 2021 > June > Ahem, Huawei, your USB LTE stick has a vuln. I SAID AHEM, Huawei, are you listening?

Huawei has belatedly fixed an embarrassing vulnerability in a USB connectivity dongle, spotted by Trustwave, after The Register intervened.

When infosec firm Trustwave's Spiderlabs division took a closer look at the stick last year, its researchers found a security blunder that affects macOS users: the USB stick acts as a storage drive that includes software to install to manage the dongle.

Ziv Mador, Trustwave's research veep, told The Register: "What we found is that when the user logs into the device, there is a file that they install, during setup time on that laptop on that computer. And the file has the information, what executable to run when the USB dongle is plugged in."

While the odds of a successful attack on a multi-user Mac requiring authenticated local access, and an external USB dongle being plugged in, are low, the issue uncovered by Trustwave was nonetheless a genuine vuln.

After The Register asked Huawei about the vuln this past Friday, the Chinese mega-corp managed to sort out a security advisory and related patch, which went live this morning.

The Huawei Cyber Security Evaluation Centre, the British body charged with scrutinising its mobile network infrastructure firmware, has repeatedly found pisspoor coding practices and outdated libraries being used in its products.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/