第一部分
Microsoft Finds Backdoor in Huawei Laptops That Could Give Hackers Access
Researchers at U.S. tech giant Microsoft recently revealed that they discovered a backdoor in certain Huawei laptop models that allowed unprivileged users to gain access to all laptop data.This vulnerability is similar to the technique DoublePulsar, a malware tool leaked by the hacker group The Shadow Brokers in early 2017.
It had infected more than 200,000 computers running on Microsoft Windows software within a few weeks. DoublePulsar was again used for the WannaCry ransomware attack in May 2017 that targeted Windows computers throughout the world, seeking payment in Bitcoin in exchange for restoring the computers.The BackdoorMicrosoft published a blog post on March 25 that detailed how researchers found the backdoor on Huawei’s laptops and then proceeded to fix the loophole.
Microsoft said that after it informed Huawei of the backdoor, the Chinese tech manufacturer released a patch on Jan. 9 to fix the vulnerabilities.Microsoft did not specify when it discovered the backdoor.All computers have a kernel, which is the core of the computer’s operating system and can completely control everything on the device.After the DoublePulsar attacks in 2017, Microsoft tried to develop tools that can protect users.
Starting from Windows 10, version 1809, released on Nov. 13, 2018, Microsoft installed newly-developed sensors to better detect kernel threats like DoublePulsar.But then Microsoft detected an “anomalous” injected code in the kernels of the Huawei laptop model, Matebook.Upon further investigation, Microsoft engineers traced the code to a device management software called PCManager that is pre-installed onto Huawei Matebooks.
The software had included a driver that would allow unprivileged users to upgrade their access level to senior privilege. If these unprivileged users escalate to the highest Ring-0 privilege, they can visit all data on the computer and its connected computing system. If a third party gains access and inserts malware, it could ruin the computer’s operating system.A computer’s user privilege has four levels.
Ring-0 privilege in the kernel is the highest and allows users to control every hardware and software.Microsoft reported the vulnerability to Huawei, and built a “detection mechanism that would raise an alert for any successful privilege escalation” in Matebooks, the blog explained.
Soon after, Microsoft engineers found another backdoor in the Matebook: the same unsafe driver provided a capability for unprivileged users to directly access all data without having to upgrade privilege levels.On Jan. 9, Huawei released a fix for these two vulnerabilities.U.S. tech media Lightreading commented on March 29: “News of the backdoor is a bad look for Huawei.”
Microsoft Finds Backdoor in Huawei Laptops That Could Give Hackers Access
Researchers at U.S. tech giant Microsoft recently revealed that they discovered a backdoor in certain Huawei laptop models that allowed unprivileged users to gain access to all laptop data.This vulnerability is similar to the technique DoublePulsar, a malware tool leaked by the hacker group The Shadow Brokers in early 2017.
It had infected more than 200,000 computers running on Microsoft Windows software within a few weeks. DoublePulsar was again used for the WannaCry ransomware attack in May 2017 that targeted Windows computers throughout the world, seeking payment in Bitcoin in exchange for restoring the computers.The BackdoorMicrosoft published a blog post on March 25 that detailed how researchers found the backdoor on Huawei’s laptops and then proceeded to fix the loophole.
Microsoft said that after it informed Huawei of the backdoor, the Chinese tech manufacturer released a patch on Jan. 9 to fix the vulnerabilities.Microsoft did not specify when it discovered the backdoor.All computers have a kernel, which is the core of the computer’s operating system and can completely control everything on the device.After the DoublePulsar attacks in 2017, Microsoft tried to develop tools that can protect users.
Starting from Windows 10, version 1809, released on Nov. 13, 2018, Microsoft installed newly-developed sensors to better detect kernel threats like DoublePulsar.But then Microsoft detected an “anomalous” injected code in the kernels of the Huawei laptop model, Matebook.Upon further investigation, Microsoft engineers traced the code to a device management software called PCManager that is pre-installed onto Huawei Matebooks.
The software had included a driver that would allow unprivileged users to upgrade their access level to senior privilege. If these unprivileged users escalate to the highest Ring-0 privilege, they can visit all data on the computer and its connected computing system. If a third party gains access and inserts malware, it could ruin the computer’s operating system.A computer’s user privilege has four levels.
Ring-0 privilege in the kernel is the highest and allows users to control every hardware and software.Microsoft reported the vulnerability to Huawei, and built a “detection mechanism that would raise an alert for any successful privilege escalation” in Matebooks, the blog explained.
Soon after, Microsoft engineers found another backdoor in the Matebook: the same unsafe driver provided a capability for unprivileged users to directly access all data without having to upgrade privilege levels.On Jan. 9, Huawei released a fix for these two vulnerabilities.U.S. tech media Lightreading commented on March 29: “News of the backdoor is a bad look for Huawei.”
。
