Huawei dev team sends a buggy HKSP patch with backdoor to Linux Foundation
Huawei development team mails an HKSP (Huawei Kernel Self Protection) Linux patch with a backdoor to Linux Foundation, Huawei denies involvement
A perfect recipe for introducing backdoors in gadgets. Last week Huawei development team submitted a patch to the Linux Foundation with a ‘trivial vulnerability.’ When the vulnerability was discovered, Huawei, as always, denied its involvement in the patch and said that its employees may be responsible.
Huawei is infamous for security relates issues. It has already been banned by the U.S. government from supplying 5G technology to US telecom providers citing security and data leak issues. Now, Huawei is trying to secretly implement a backdoor in HKSP (Huawei Kernel Self Protection) which could have been included in the next update of Linux.
What is HKSP?
HKSP or Huawei Kernel Self Protection, as the name suggests, is a tool for kernel protection. It was submitted to the Linux Foundation for inclusion in the official Linux Kernel project through its mailing list on Sunday. The kernel protection tool was supposed to introduce a series of security-hardening options to the Linux kernel. However, on inspection, the patch was found to introduce a backdoor to the Linux kernel project. Interestingly, Huawei calls the backdoor a “trivially exploitable” vulnerability.
Most tech companies contribute patches to the Linux Foundation for the Linux kernel in an effort to make it unexploitable. Companies like Google, Microsoft, Amazon, and others have been known to have contributed code.
Vulnerability in HKSP
While other tech companies are known to contribute, this is the first time Huawei contributed to the Linux kernel project. Naturally, it sparked interest among the Linux dev team, Linux fanboys, and security researchers. It was immediately scrutinized by different people including the developers of Grsecurity, a project that provides its own set of security-hardening patches for the Linux kernel.
The Grsecurity security found an exploitable vulnerability in the HKSP patch. In a blog post published on Sunday, the Grsecurity team detailed the “trivially exploitable” vulnerability in the kernel code. From the report, we can deduce that Huawei or its so-called employee was sneakily introducing a backdoor into the Linux kernel which could have implemented in the next Linux update if the patch was to be approved.
Huawei denies involvement
When the Grsecurity blog post went live, Huawei immediately swung into action. It vehemently denied the accusations that it was involved. In a statement published on Monday, Huawei said it had no official involvement in the HKSP project. It further argued that the project was the work of one of its employees.
Huawei said that the project was created and submitted to the Linux kernel project by the Huawei engineer without its formal backing. It further added that it had not officially included the HKSP code in its products. “It is only the demo code used by an individual for technical discussion with the open-source community Openwall,” Huawei said.
The HKSP GitHub repository publisher backtracks
The GitHub owner of the HKSP repository published a similar disclaimer to the readme in the project. The readme now reads :
Grsecurity stands by its report
Grsecurity is standing by its report that Huawei surreptitiously implemented the vulnerability in the Linux kernel patch with a hope that it is approved and implemented in the next Linux update. They stated that they were contacted by the Huawei PSIRT who forwarded a mail stating “The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices.”
Grsecurity stated that it found that HKSP repository owner was a Level 20 Principal Security employee in Huawei. Level 20 is the highest technical level within Huawei and it is not possible for such a high ranking official to publish a code without the knowledge of the parent organization. Further, Grsecurity found that the GitHub commit was backdated examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was actually written to the repo on Monday after all the hell broke loose.
What really happened according to us
HSKP contains a backdoor that can’t be denied. The vulnerability was to supposedly work after the HKSP was approved by the Linux Foundation for its Linux kernel project. Huawei is known for such similar transgressions. As said earlier, US has already imposed several curbs on dealing with Huawei. The U.K. authorities also found last year that the Huawei networking equipment had so many security flaws that could be exploited.
Huawei’s statements don’t mean a thing after all the accusations of spying for the Chinese government, security issues in the Huawei products, intellectual property theft lawsuits, hiding secret backdoors in its firmware, lying about the capabilities of its product.
What do you think? Do write in the comments.
Tags: Backdoor HKSP Huawei Linux Foundation Linux Kernel Linux Kernel Project patch