It is found that there are more than a dozen Huawei 3G router models distributed by ISPs in 21 countries have serious security vulnerabilities that would leave its users open for attackers.
Though these 3G devices that are sold by multiple ISPs worldwide are currently not supported by Huawei, they do have many serious security vulnerabilities. This issue is highlighted by Pierre Kim, a security research who also posted the list of 3G router models in his blog.
He said,”The Huawei B260A device is a 3g modem / access point overall badly designed with a lot of vulnerabilities. The device is provided by Orange Tunisia as a “Flybox”. It’s available in a lot of countries to provide Internet with a 3G network.”
The last update that Huawei released for this 3G router was on Feb 20th, 2013. It is also found that the same firmware version is used in 14 Huawei devices which are likely to have the same issue. The countries that were found to have these 3G routers are Argentina, Austria, Brazil, Jamaica, Chile, Croatia, Ecuador, Estonia, Germany, Guatemala, Mali, Kenya, Mexico, Portugal, Romania, Sweden, Tunisia, etc.
India or any of its ISPs are not in that list.
3G routers are a boon to a lot of people, especially in places with a lack of broadband connection. A user simply uses a 3G enabled SIM on the 3G router which then is connected wirelessly by many devices to get internet access. This is also used by people or a group of people who travel around and need a good internet access.
At the time, Kim did contact Huawei and notify about the issue in August. But it seemed that the company does not have any plans to patch the security vulnerabilities as of yet. Huawei probably does not want to make an effort as there is no economic benefit for updating older routers that are still being used, and even if they did it would be up to the ISPs to distribute the patched firmware update to its users.
Kim told PCWorld,”I really thought Huawei would release security patches, and I think they should patch these routers. Now, I’m aware we are living in a capitalist world. They will not gain money by patching ‘old’ devices.”