Huawei has patched a bug in some of its MateBook laptops that could have allowed an attacker to take control of the system. The bug was discovered by Microsoft and patched by Huawei back in January. Ars Technica notes that the issue was related to the company’s PCManager software, which appeared to be using a technique devised by the National Security Agency that was subsequently leaked and used in malware attacks.
A cybersecurity expert quoted by the BBC said that “the fact that it looks like an exploit that is linked to the NSA doesn’t mean anything,” and “there is no evidence that the company has done anything malicious.” It’s strange that Huawei would design its software to use a technique popularized by malware. It didn’t even need to do this; Ars notes that Windows 10 has a built-in feature that would have accomplished the same task without exposing the system to malicious attacks.
The discovery of the bug comes as Huawei’s security practices are under intense scrutiny worldwide. Last week, a UK government report said it had found “serious vulnerabilities in the Huawei products” it had examined. A report published in The Register on the same day exposed problems with how the company had patched its router software after being informed of a separate vulnerability.
This time, Microsoft’s Windows 10 Defender Advanced Threat Protection software was able to spot the issue, and there are no reports that the vulnerability has been exploited. But the incident raises yet more questions about how Huawei designs its software and the vulnerabilities that may exist as a result.