Huawei has patched a security flaw on some of its MateBook laptop models that could have been used to take user control. The vulnerability that was fixed by the Chinese company back in January and was detailed by Microsoft late last month was related to a preloaded software called PCManager. It appeared to act as a watchdog -- following a technique originally used by the National Security Agency (NSA) in the US. Microsoft's Windows 10 Defender Advanced Threat Protection (ATP) was able to spot the problem on Huawei machines. The latest discovery comes just days after a UK government report highlighted "serious vulnerabilities" in various Huawei devices.
As noted by Ars Technica, the vulnerability wasn't a typical malware or a bug, instead, it was a Huawei-written driver that was acting as a watchdog to monitor the system through a regular user mode service. If the service is crashed or stopped running, the driver had the capability to restart it.
The security team at Microsoft was able to detect the issue -- thanks to an alert raised by the Windows 10 ATP. "We traced the anomalous behaviour to a device management driver developed by Huawei," Microsoft Defender Research Team wrote in a blog post last month. "Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation."
However, concerns have been raised around how Huawei is designing its software to obtain backdoor access. A BBC report citing a computer security expert based at Surrey University underlines that the newly discovered flaw had the "hallmarks of a 'backdoor'" built by US's NSA to keep an eye on targets.
This is notably not the first time when Huawei has raised eyebrows for a serious security issue. Last week, a report published by a UK government-led board claimed "significant technical issues" and "underlying defects" in Huawei products it examined. The Shenzhen-based company is also facing US pressure over espionage fears.