VietNamNet Bridge - Experts have every reason to be worried about information security risks from telecom devices provided by Chinese manufacturers.

 

Last year, problems were found with 1,000 modems HG8045A imported by the Vietnam Post and Telecom Corporation (VNPT) from Huawei, a large Chinese large telecom device manufacturer.

VNPT customers complained they could not change passwords and had to use a default password provided by the supplier.

Dang Anh Son, deputy director of VNPT Hanoi, explained at a press conference held to clarify the problem that VNPT’s technicians made mistakes when providing the wrong password to clients.

The password provided to clients should have been reserved for VNPT Hanoi only.

In principle, VNPT uses the password for administrative work. If customers complain about service quality, VNPT workers will, through the password, check the quality of the transmission line and modem’s usability. Only the service provider has the right to change the password.

Meanwhile, security experts said that customers could possibly have their activities controlled by other users of the same LANs.

Ngo Tuan Anh, vice president of BKAV, a well-known internet security service provider, said that it would be very dangerous if manufacturers  are allowed to interfere with the devices from a distance and change the modem’s configuration.

For example, in the ‘best-case’ scenario, infiltrators could cause changes to the modem configuration, thus making it unable for users to connect to the internet.

In the ‘worst-case’ scenario, hackers could penetrate the systems intentionally, hijack DNS server, and drive the users’ access to hackers’ servers so as to install malware and create  a back door for their tentative attacks. 

A source said that thousands of Huawei HG8045A have been allocated by VNPT to its local branches. 

All the customers registering to use VNPT’s FTTH services have been provided the user name/password telecom admin/admintelecom. However, it is a surprise that only the customers in Hanoi could not change the password.

Dr. Le Duy Thac, member of the Science Council of the Vietnam Science & Technology Academy, said in Dat Viet that experts have every reason to worry about security risks, while it would be even more serious if unsecured devices are installed at state agencies.

The anticipated high risk with information security is the reason why the US and South Korea refused Huawei’s devices. Meanwhile, Vietnamese telephone and computer manufacturers have been importing components and finished products mostly from China to assemble and distribute domestically.

He said “better safe than sorry” is the principle useful for everyone.

However, an analyst commented that sometimes Vietnam needs to make a compromise between two measures – either saying ‘no’ to the imports from China, or continue to use Chinese products until Vietnam can make the products.

CV