Warning: Huawei's 4G USB contains a serious security flaw

According to Martin Rakhmanov, Trustwave's security research manager, the 4G USB flash drive contains model E3372. When plugged into the computer, the following file will always run automatically. It has multiple openings of the web browser to display Huawei's device management interface.

/Library/StartupItems/MobileBrServ/mbbserviceopen.app/Contents/MacOS/mbbserviceopen

However, the problem is that the file "mbbserviceopen" is fully set up. An attacker can replace this file with malicious code and wait until the user plugs a 4G USB into the machine to perform the exploit.

An attacker can take control of a computer, steal information, data, or execute arbitrary code if exploited successfully.

One thing to note is that in order to successfully exploit this vulnerability, the attacker must have access to the victim's Huawei 4G USB device. Or they can trick victims into plugging in their malicious Huawei 4G USB device pre-installed.

Huawei has confirmed to BleepingComputer that this is a vulnerability and has provided a fix for users. Huawei advises users who are using USB 4G model E3372 to obtain the "Hi Link" driver file from their homepage to fix the vulnerability.

Download the latest driver for USB 4G E3372 here

Huawei is committed that the security of its customers is its top priority. Huawei encourages people to report to them if vulnerabilities or security issues are discovered.

Jessica Tanner

Update 03 June 2021