Huawei’s PC tool HiSuite has just received another update, this time fixing security vulnerabilities in the backup feature.
Artículo disponible en Español | Article disponible en Français
Huawei’s PC tool HiSuite, used to backup or restore data on Huawei’s smartphones, as well as downloading updates or restoring the operating system, received a patch at the beginning of this month, fixing, according to us, the loop issue. A previous update had fixed a DLL Hijacking vulnerability.
This time, this new update fixes a security vulnerability with the backup feature, at least according to the information available on Huawei’s PSIRT, which specifies “Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup”. A brute force attack is, in a few words, using [usually] automated software to enter many different password/username combinations in the hopes that one of these will work. In the case of HiSuite, this would mean entering hundreds, if not thousands, of different passwords, until one of these matches the password set by the user.
This new update to HiSuite is applied automatically when launching the program, with users only having to confirm they want to download it. The update changes the version from 184.108.40.2065_OVE to 220.127.116.116_OVE. The patch notes read as following:
- The new version mainly fixes security vulnerabilities in the “System recovery” feature of HiSuite. If you do not update to the new version, the System recovery feature will be unavailable. Under this scenario, when your phone fails to start up properly, HiSuite will be unable to offer assistance.
- Therefore, we strongly recommend that you proceed with the update.
More on this subject: