26.06.2019 13:01

On Eve of 5G Rollout, FINITE STATE Report Finds Cybersecurity Vulnerabilities Embedded Within Huawei Devices


COLUMBUS, Ohio, June 26, 2019 /PRNewswire/ -- Finite State, the pioneer in Internet of Things (IoT) device intelligence, today issued results from a large-scale study it conducted of the cybersecurity-related risks embedded within Huawei enterprise devices by analyzing Huawei firmware at an unprecedented scale. Utilizing its automated system to look at more than 1.5 million files embedded within nearly 10,000 firmware images supporting 558 products within Huawei's enterprise networking product lines, Finite State found several classes of security issues, concluding that Huawei devices pose a quantifiable high risk to their users. Of all the firmware images analyzed, 55% had at least one potential backdoor.

Finite State Logo

China's Huawei is the dominant provider of equipment used in the coming 5G networks that will usher in the next generation of consumer, enterprise and industrial technology. Concerns that using Huawei equipment could offer the Chinese government access to 5G networks, which could be used to execute espionage or military missions, has led countries to take measures to limit their risks, including outright bans of Huawei products. Until today's report by Finite State, assumptions about the extent of cybersecurity vulnerabilities in Huawei devices has never been proven.

"At Finite State, we believe that increased transparency leads to better security for everyone. Fundamentally, policymakers should be making data-driven decisions about which risks they are, and are not, willing to take. Our analysis looked for risks including hard-coded backdoor credentials, unsafe use of cryptographic keys, indicators of insecure software development practices, and the presence of known and so-called 0-days, where a vulnerability exists but has never been publicly reported. Our analysis revealed that Huawei devices quantitatively pose a high risk to their users, which is particularly concerning given Huawei's dominance on the eve of 5G implementation," said Matt Wyckhouse, founder and CEO of Finite State.

Finite State analyzes firmware inside IoT devices, proactively identifying risks, detecting attacks and enabling robust response. Built by a team with backgrounds in the U.S. Intelligence Community, Finite State provides deep insight into hidden vulnerabilities on the network to help users understand and mitigate risks, detect advanced threats and respond to attacks.

The analysis found:

  • Numerous instances of backdoor access vulnerabilities. These vulnerabilities enable an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log in to the device.
  • Universally, Huawei devices were shown to have a very high number of known security vulnerabilities. On average, each device tested had 102 known vulnerabilities in its firmware -- increasing the likelihood of being compromised by attackers.
  • Despite claims of investing in security, Huawei engineers were found to have routinely made poor security decisions in building the devices, significantly increasing the potential for serious vulnerabilities.
  • Huawei devices have substantially worse security than similar devices from other vendors.
  • Prior Huawei claims that devices and their firmware's security properties could not be tested at scale were disproven: Finite State's firmware analysis platform, Iotasphere, was able to process and analyze 9,936 firmware images comprised of more than 1.5 million files in 36 hours.

"Despite Huawei's claims about investing in security, they appear to be behind the rest of the industry in almost every respect. This overall weak security posture is concerning and obviously increases the security risks associated with use of Huawei devices," Wyckhouse said. "Whether those risks were introduced intentionally or accidentally is out of the scope of a technical assessment, and thus we cannot and do not draw any conclusions relating to intent."

The report is available via

About Finite State
Finite State provides comprehensive IoT cybersecurity for enterprise networks. With backgrounds in the US Intelligence Community, our team understands the intricacies of IoT risk better than anyone. IoT has become the entry point of choice for cyber attacks, and attackers have the edge in their ability to target and exploit trivial vulnerabilities in IoT firmware. Finite State gives defenders a tactical advantage by providing deep visibility and proactive protection of every device on their network, deterring even the most sophisticated actors. Learn more about Finite State at


Cision View original content to download multimedia:

SOURCE Finite State

Börse Stuttgart Anlegerclub

Die richtige Strategie für die Börsenkrise

Stecken Sie nicht den Sand in den Kopf, sondern kaufen Sie die richtigen Aktien. Erfahren Sie im aktuellen Anlegermagazin mehr über attraktive Qualitätsaktien und zyklische Aktien
Kostenfrei registrieren und lesen!

Heute im Fokus

DAX beendet Tag im Plus -- Dow trotz Rekord kaum bewegt -- Brenntag meldet Gewinnwarnung -- GERRY WEBER-Aktie im Sinkflug -- Bayer-Strafe deutlich gesenkt -- JPMorgan, Goldman Sachs, CRH im Fokus

Bitcoin im Sog von Libra-Diskussion. Europaparlament wählt von der Leyen zur EU-Kommissionspräsidentin. Wells Fargo steigert Gewinn. J&J kann Gewinn kräftig steigern und hebt Umsatzausblick an. US-Notenbankchef stellt erneut Leitzinssenkung in Aussicht. ams gibt OSRAM-Übernahmepläne auf. Villeroy & Boch mit Gewinnwarnung.

Die 5 beliebtesten Top-Rankings

Diese Sternchen haben ihren eigenen Aktien-Index
Diese Aktien hat Warren Buffett im Depot
Die Änderungen unter den Top-Positionen
Die erfolgreichsten Kinofilme der letzten 25 Jahre
Welche Titel knackten die Milliardenmarke an den Kinokassen?
Das verdienen Aufsichtsratschefs in DAX-Konzernen
Deutlich unter Vorstandsgehältern
Apps & Social Media: Die wertvollsten Marken der Welt
Welche Marke macht das Rennen?
mehr Top Rankings


Wo sehen Sie den DAX Ende 2019?

Online Brokerage über Brokerage
Handeln Sie für nur 5 Euro Orderprovision* pro Trade aus der Informationswelt von!


Oskar ist der einfache und intelligente ETF-Sparplan. Er übernimmt die ETF-Auswahl, ist steuersmart, transparent und kostengünstig.
Zur klassischen Ansicht wechseln
Kontakt - Impressum - Werben - Pressemehr anzeigen
Top News
Beliebte Suchen
DAX 30
Euro US-Dollar
Wirecard AG747206
Deutsche Bank AG514000
Daimler AG710000
Microsoft Corp.870747
Infineon AG623100
Apple Inc.865985
Airbus SE (ex EADS)938914
Deutsche Telekom AG555750