(Image Credit: iStockPhoto/alexxx1981)
With sensitive NSA documents falling into the hands of hacking group Shadow Brokers, it was only a matter of time before the world gained some further insights on the security agency’s latest work.
The first revelations from the leaked files indicate the NSA developed tools which took advantage of vulnerabilities in the equipment of high-profile equipment vendors such as Cisco, Huawei, and Juniper to spy on traffic which passes through a network.
Cisco and Juniper have since claimed the vulnerabilities have been investigated and patched. Huawei, meanwhile, hasn’t spoken about the vulnerabilities and their current status but only noted the company is making large investments to improve the security of its products.
In an official statement, Huawei said: “Huawei is aware of allegations of past government attempts to exploit commercial networking gear. We know that networks and related ICT product are under regular and widespread attack and we make significant investments in innovative technologies, processes and security assurance procedures to better secure them, as well as the networks and data of our customers.”
“Huawei believes it’s very important for industry and governments to work together to encourage better network and data security and to build trust in the digital world, by collaborating in the development of agreed standards and best practices for the industry.”
After the files were released, Cisco says it took prompt action in examining them to identify the vulnerabilities and found it affected Cisco ASA devices. On August 17th, the vendor issued two security advisories which delivered free software updates and workarounds where possible.
Juniper says it’s examining the release of files and remarked it’s the first time possible examples of the tools have been available for inspection. The company identified a vulnerability in NetScreen devices which run ScreenOS as part of their initial analysis but would “say more” when it has further information – either via its blog or in a security advisory.
The reported hack of Huawei equipment by a government agency can be seen with some irony considering the firm remains banned from involvement in US telecoms infrastructure over concerns of its founder’s links to the Chinese army. Citing a risk to national security, the U.S. government in 2012 claimed Huawei and its competitor ZTE could implement backdoors in their equipment to leak sensitive information from America to China – a claim both companies deny.
Guo Ping, Huawei’s chief executive, said that businesses and customers in the U.S are getting a bad deal because the company is not in the market but added the company would consider re-entering America if welcomed. In the UK, foreign telecoms equipment such as Huawei’s is checked by GCHQ before it’s authorised for use.
What are your thoughts on the NSA’s exploitation of telecoms equipment? Let us know in the comments.