Huawei Cares About Technologies with out security concept

today lets talk about huawei mobile security , so first let go a head and talk about my experience in security researching through huawei products , specially mobile phones which is out of security protection after their mis caring for vulnerabilities in apps running as default on their mobile phones ,

in 2016 i have submitted a vulnerability to huawei psirt team regarding a their android application file manager and backup app , so first the response from them was not satisfying comparing others response when we are talking about security of mobile phones .

the first vulnerability was in safe box app , which allow hacker to replace the db file which is stored in public folder in smart phone to be edited and then replaced to bypass the lock for their protected file zone. as show in video below i was able to do it like a 1337

their response was as below

Dear Lawrence Amer,

We have confirmed that the msb.db file has been encrypted. You cannot read or access target’s encrypted files or any sensitive information by replace the target’s msb.db( by using yours), the only thing is that the target’s encrypted files cannot be decrypted. We think that, damaging the msb.db file has the same effect as damaging users’ encrypted files or SD cards. So storing the msb.db file in the SD card is only a different implementation method from storing it in the /DATA/data directory. And the Safebox app was provided as it is. Therefore, we think it is not a security vulnerability, but an alternative in design.

Thanks again for reporting the security information to us, and if you ever find any potential security issues in Huawei products in the future, we are looking forward to working with you again.

Best Regards,
Huawei PSIRT

so the issue dropped with no even design fix , then i moved into Backup application , which is also refused to be fix .

the second vulnerability was clear enough for security professionals to consider it as security risk depending on impact and steps made to bypass the protected password .

finally my last experience was in 2017 after my submission to a security vulnerability in their product huawei hi cloud , which is by their though it was made like iphone , but it was easy to find a vulnerability there which i was able to get the current location of specific user who is using this application

and ofcourse their response was it is low impact with no fix , so after that as i am hacker and security researcher i have sold out my huawei phone , replaced with other .

Related posts:

How well are you thanking and reporting? Are you setting the standard in this important work? I want to challenge you to consider how you can grow giving by focusing first on better thanking and…

By Pablo Zambrano There are many Jews around the world, right? That is why it is very common to run into one and interact with them. They are the kind of people who respect their traditions very…

When is the last time you looked at your Corporate Healthcare Compliance plan? RRCS, Inc. can guide your organization in developing and implementing your compliance and more. If you want to know more…