Security Notice - Statement About the Bootloader Vulnerabilities in Huawei Mobile Phones Disclosed at the USENIX Conference
- SA No:huawei-sn-20170905-01-bootloader
- Initial Release Date: Sep 05, 2017
- Last Release Date: Sep 05, 2017
At the USENIX conference in Canada in August 2017, Aravind Machiry, a security researcher from the University of California, Santa Barbara, released information on security vulnerabilities in the bootloaders of products from multiple vendors, including Huawei. Aravind Machiry had reported the vulnerabilities to Huawei PSIRT before the meeting. Huawei has started an investigation immediately after learning about the vulnerabilities and confirmed that the bootloaders in some Huawei mobile phones are affected.
Huawei has released Security Advisories (SAs) on these security vulnerabilities. The SAs are available at the following links:
http://www.huawei.com/ca/psirt/security-advisories/huawei-sa-20170302-01-smartphone-en
http://www.huawei.com/ca/psirt/security-advisories/huawei-sa-20170816-03-smartphone-en
http://www.huawei.com/ca/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en
Please upgrade your mobile phone firmware after receiving system upgrade push messages.
Huawei appreciates Aravind Machiry for his attention to Huawei product security.
2017-09-05 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
