Wi-Fi Router discord
CHINA-BASED Huawei Technologies said a vulnerability detected in one model of its Wi-Fi routers that exposes thousands of Jamaicans to a cyberattack was fixed as far back as in 2017, and added that the routers in question were never sold in the island. However, data from the Jamaica Cyber Incident Response Team (JaCIRT) dispute the claims.
Huawei Technologies, in a statement responding to a Jamaica Observer story last Sunday, said the article about a vulnerability in its Huawei HG532 router used by thousands of Jamaicans for Wi-Fi connections in the home was “misleading in creating the impression that the vulnerability had not been addressed immediately”.
“The vulnerability was detected back in 2017 and the involved router products were produced before 2013. Huawei acted promptly together with its partners and stakeholders and released a fix shortly afterwards. Based on preliminary investigations, the affected router model has not been sold in Jamaica through our official channel partners in the country and it is unlikely that this would pose any risks,” Huawei said in a statement to Sunday Finance.
However, that claim from the technology giant seems to run counter to what JaCIRT says it has been detecting in its “routine cybersecurity sensor data collection”. While Huawei said it fixed the vulnerability in 2017 when it was detected, JaCIRT said it detected the issue in Jamaica five years after the tech giant said the fix was issued, and that the exposed routers continue to be used up to this day in Jamaica.
“As it relates to the detection of the vulnerability in question, it is seen where the device Huawei Home Gateway HG532 vulnerable to the CVE 2017-17215 was first identified in March 2022…recurring in subsequent months throughout 2022 and extending into the current year, 2023,” the Government cyber agency said in a statement to Sunday Finance.
CVE 2017-17215 is the identification number given to the vulnerability that was found in the Huawei HG532 Wi-Fi router. The vulnerability allows cyberattackers to take control of another person’s computing device or computer that accesses the Internet via the router in question. It takes place when malware is downloaded by the host.
JaCIRT has been flagging the vulnerability on its website and said it has reached out to the telecoms on whose network it has detected the problem devices, but has hit road blocks in getting a resolution. “We get their lawyers, and their vulnerabilities keep trending up,” Lieutenant Colonel Godphey Sterling, head of JaCIRT, pointed out to reporters at a recent Jamaica Observer Business Forum.
JaCIRT has had to turn to publishing advisories about the issue on its website, including to tell those who can to “install the necessary patches based on the supported version if you or your organisation uses Huawei HG532”.
Huawei said it is working with the authorities to get more information on the details of what the Jamaican authorities are seeing and will work “to address the issue if there is any that still persists”.
Still, while Huawei contests the accuracy of the information, JaCIRT is adamant that its sensor data collection is still detecting the issue, adding that it continues to see IP addresses in Jamaica being exposed to any cyberattacker who wants to exploit the fault in the Huawei device.
“Furthermore, past occurrences of this vulnerability have been documented on specific dates, namely on October 8, 2022; July 26, 2023; August 31, 2023; and most recently on October 25, 2023,” JaCIRT stated.
The information from JaCIRT that was shared with Sunday Finance went on to outline that “our feeds and sensors show this 25 October detection as an exploited vulnerability”, meaning that a person or persons using a device(s) which connects to Wi-Fi services through the Huawei HG532 router was the victim of an actual cyberattack on that day.
The Government’s cybersecurity agency shared further that up to November 1, 2023, it detected 10,965 Huawei Home Gateway HG532 routers in use in Jamaica that were exposed to an attack because of the susceptibility of the devices in question. Most of the exposed devices were located in Kingston (6,759) followed by St James (886), Trelawny (866) and St Catherine (768). St Andrew (90) had the fewest devices that were showing vulnerability on that day.
But JaCIRT is not the only cyber security agency that is pointing to the continued issues with the specific Huawei routers. Cymulate, an Israel-based cybersecurity firm founded by an elite team of former Israeli Defence Force intelligence officers and leading cyber researchers, as recently as May 18, 2023, said it, too, was detecting the problems with the Huawei HG532 routers which the Jamaican authorities are finding.
In an article by Yahav Levin, a specialist in information security defence at Cymulate, the issue was referred to as “an old vulnerability [that] is beginning to become a new problem”, something which Levin said “has become an unfortunately common occurrence”.
He pointed out that the Cymulate Threat Research Group identified a new Mirai shell variant attack being specifically targeted at the vulnerability in the Huawei HG532 device. Cymulate reported the issue on March 29, 2023 and said the malware attempts to gain access to systems using the router by guessing user passwords and then installs itself in various directories under a hidden folder which the owner of the device may be unaware of.
It added that the spike in attacks that are now being seen, six years after the vulnerability was supposedly dealt with, is due to organisations holding onto outdated hardware and software well beyond its end-of-support lifecycle, which make them prime targets for an attack. “In this example, while Huawei did offer a patch to address the problem in the past, the current advisory page only offers the potential workarounds of either putting the device behind another firewall or upgrading to a newer version of the hardware platform,” Cymulate said.
The Israeli firm detecting the same issue makes its clear that the vulnerability in the Huawei HG532 router is real and that it poses a risk to users. In the meantime, users of Huawei HG532 routers should contact their Internet service provider or Huawei for assistance in patching and updating their routers or simply, change the device to a newer model.