Finite State supply chain assessment of Huawei devices.
— Chris Wysopal (@WeldPond) July 16, 2019
76 firmware had default root user w/hardcoded password that could log in over the SSH protocol. 8 firmware had pre-computed authorized_keys hardcoded. 424 firmware contained hardcoded private SSH keyshttps://t.co/MvGBM4szy6
Some have pointed out that this may not be much different from any other device supplier with thousands of different models/versions of equipment.
— Chris Wysopal (@WeldPond) July 16, 2019
Firmware Security 