Huawei Ban — Politics and Paranoia or Justified? Pt. 1
Hello everyone! First off, thank you for coming here to read this article! This post is going to be quite lengthy. Feel free to grab some coffee :). This is part one. Yes, there is a conclusion, however, we wanted to continue researching the phone.
UPDATE Jun4: we made a quick update post:
TL;DR, we bought a Huawei phone, messed around with it, and learned a ton. No we didn’t root yet. We will be soon :)
UPDATE: We’re going to be continuing research on this device and hopefully ordering a second one soon. Once more work is done, we’ll be making a second post. Also, we are going to additionally be purchasing an international version :) .
Backstory
In the not-too-distant past, the United States Government banned ZTE and Huawei [from military retails stores on bases]. Some places have indicated that it isn’t an official ban. Below you will find some articles about it:
TL;DR, The devices may pose a risk to missions and/or government operations.
Disclosure
Before we go further, we deemed it necessary to have this little snippet.
We are, in no way, affiliated with Huawei nor ZTE. Secondly, this post is purely our opinions and independent research. Third, this post is not meant to criticize, devalue, defame, or in any other way offend the United States Government, the Russian Federation, Germany, the People’s Republic of China, nor Huawei.
Lastly, the opinions expressed in this article do not reflect our employers and are solely ours. Thanks!
Intro
With the official or unofficial ban on Huawei — yes, ZTE too — it was decided that we wanted to do some independent research on a Huawei device and see if the notions that Huawei devices were a potential [national security] risk were valid.
So, who is we? @CozyBearRU and myself, ProToxin 🤨. Professionally, we both work as penetration testers. Neither of us can say we are expert mobile people. Rather, we just enjoy learning things we aren’t too familiar with.
Ordering the Phones
The first order of business was to pick a device that would be a US version. There are some differences between international and US versions, such as bands accepted. Not to mention the US versions would theoretically be the ones a military base would purchase for resale. That being said, finding a US version of a Huawei phone wasn’t as easy as it sounded. Amazon and searching to the rescue! We decided to get the probably-flagship phone, the Mate 10 Pro:
Specs (if you care):
- HUAWEI Kirin 970 (Octa-core CPU (4 x Cortex A73 2.36 GHz+4 x Cortex A53 1.8 GHz)+i7 co-processor, Mali-G72 MP12 GPU)
- Android™ 8.0
- EMUI 8.0
- 6 GB RAM+128 GB ROM
- 4G LTE TDD: B39
- 4G LTE FDD: B1/B2/B3/B4/B5/B7/B8/B12/B14/B18/B20/B28/B29/B30/B66
- LAA Band: B46
- 3G WCDMA: B1/B2/B4/B5/B8
- 2G GSM: B2/B3/B5/B8 (850/900/1800/1900 MHz)
- Fingerprint Sensor, G-Sensor, Gyroscope sensor, Compass, Ambient Light Sensor, Proximity sensor, Hall sensor, Barometer, Infrared remote control
These were all taken from: https://consumer.huawei.com/us/phones/mate10-pro/specs/
This research suddenly got expensive buying two of their US flagship phones. Keep in mind Huawei does make other phones. We would like to note that the packaging and boxing of the phone was absolutely stunning. Well done Huawei!
It is important to note that we only tested this one phone model; we aren’t paid to do this.
Let the Research Begin
Our Setup
Quite honestly, our testing setup was not extremely intricate nor overly expensive. Things used for this research:
- Cheap USB-C to USB-C cables (we both used new MacBooks which are USB-C)
- WiFi Pineapple Nano
- Android SDK Tools (adb)
- Mobile Security Framework (MobSF) (additional APK analysis)
We chose the Pineapple Nano mainly because we already had it. Secondly, it allowed us to easily perform some MitM attacks and easily run tcpdump. Again, we used it primarily because we already had one lying around. You can get one for ~$100USD.
Basic Security
The Huawei Mate 10 Pro model that we had came pre installed with a phone management system that includes Avast. Cool that it comes with an AV system if you need it. No odd connections were found when looking at it. Secondly, Huawei is thankfully on the Android patch game…mostly. We had a system update that put our device on the April 1st, patch…about 1 month out of date.
Sometimes vendors are slow at implementing the security patches, however, we will place Huawei — at least with the device we have — as acceptable. Since we haven’t had the device long, we are very interested to see how the patching goes.
Plugging in the device (what a great start)
Sometimes you just have to plug the thing in, right? Immediately upon plugging in the device (prior to us setting up the device), a drive was mounted to our system. The software is for Huawei’s HiSuite. What’s in that volume?
You’ll notice that there’s an Autorun.inf file which has the following settings:
[Autorun]
Open=HiSuiteDownLoader.exe
Icon=HiSuite.ico
Label=HiSuiteMD5 of the downloader: 15bf24fb9c9b2fa2a8b38009a33b4e86
VirusTotal link for .exe: https://www.virustotal.com/#/file/ce0e394983b97f542b9e87115714130cd8c5fe7c601e2ea63c9ec2ed480d888e/detection
VirusTotal link for the OS X app: https://www.virustotal.com/#/file/de64003f5cc59e3c2e2bd1870c3b012e8e9944add308b0369450f5c0dacad213/detection
In our opinion, it’s a bit questionable to have an Autorun in the volume. Not everyone wants to install management software. More specifically, not everyone wants to have it installed/offered when plugging a device in. We may upload the included volume contents later so you can all check it out.
HiSuite site: http://consumer.huawei.com/minisite/HiSuite_en/index.html
Networking
Another logical step was to monitor the phone post-setup and see what’s going on. We triggered a few things such as using the notepad app and entering fake sensitive data, using the camera, using the document scanner feature, making calls, sending texts, etc… What were some of our findings?
We recorded DNS requests of those things. Not a whole lot of weird things to report initially from tcpdump from the device. It’s important to note that we don’t have a ton of services running; only default services and settings.
It was then decided to try using Burp and see what sites might be loaded. Similar to the DNS events, there wasn’t a whole lot to report on (sorry the image is so F’d):
Most of the connections and protocols observed when we opened full .pcap in Wireshark were as expected. We saw the typical application connections and, for the most part, mostly TLS connections. We encourage people to check out using a WiFi Pineapple for evaluating devices. It may be cheating, but it’s quick and easy.
ADB and Package Analysis
It is first important to note that we are not rooted. Gaining root access may be a future thing as it will allow us to see ALL aspects of the device rather than just permitted things. Rooting would also allow us to load additional software for greater level of interaction.
For a list of useful ADB commands:
Services
Services list:
0 sip: [android.net.sip.ISipService]
1 nfc: [android.nfc.INfcAdapter]
2 IAwareSdkService: [com.huawei.iaware.sdk.ISDKManager]
3 hwthermal: [com.huawei.thermal.adapter.IThermalService]
4 IAwareCMSService: [android.rms.iaware.ICMSManager]
5 powergenius: [com.huawei.pgmng.plug.IPGSdk]
6 ims_ut: [com.android.ims.internal.IImsUt]
7 ims_config: [com.android.ims.internal.IImsConfig]
8 carrier_config: [com.android.internal.telephony.ICarrierConfigLoader]
9 phone_apdu: [com.android.telephonyapdu.ITelephonyAPDU]
10 phone: [com.android.internal.telephony.ITelephony]
11 com.huawei.harassmentinterception.service.HarassmentInterceptionService: [com.huawei.harassmentinterception.service.IHarassmentInterceptionService]
12 com.huawei.permissionmanager.service.holdservice: [com.huawei.permission.IHoldService]
13 phone_huawei: [com.android.internal.telephony.IHwTelephony]
14 HsmStat: [com.huawei.systemmanager.hsmstat.IHsmStatService]
15 com.huawei.systemmanager.rainbow.service: [com.huawei.systemmanager.rainbow.service.IPackageInstallService]
16 com.huawei.netassistant.service.netassistantservice: [com.huawei.netassistant.service.INetAssistantService]
17 isms: [com.android.internal.telephony.ISms]
18 iphonesubinfo: [com.android.internal.telephony.IPhoneSubInfo]
19 simphonebook: [com.android.internal.telephony.IIccPhoneBook]
20 com.huawei.systemmanager.netassistant.netnotify.policy.NatTrafficNotifyService: [com.huawei.systemmanager.netassistant.traffic.netnotify.policy.INatTrafficNotifyBinder]
21 com.huawei.systemmanager.netassistant.netpolicy.NatNetworkPolicyService: [com.huawei.systemmanager.netassistant.traffic.netnotify.INatNetworkPolicyBinder]
22 isms_interception: [com.android.internal.telephony.ISmsInterception]
23 isub: [com.android.internal.telephony.ISub]
24 hwaftpolicy: [android.aft.IHwAftPolicyService]
25 SelfbuildIRService: [android.irself.IIrSelfLearningManager]
26 hwBootanimExService: [huawei.android.os.IHwBootanimManager]
27 system.hsmcore: [com.huawei.hsm.IHsmCoreService]
28 telecom: [com.android.internal.telecom.ITelecomService]
29 authentication_service: [com.huawei.securitymgr.IAuthenticationService]
30 jankshield: [android.os.IJankShield]
31 hwSaveDataService: [com.huawei.systemserver.savedata.IHwSaveData]
32 hwUsbExService: [huawei.android.hardware.usb.IHwUsbManagerEx]
33 cover: [android.cover.ICoverManager]
34 hwfeaturemanager: [android.app.hwfeature.IHwFeatureManagerService]
35 hwAntiTheftService: [huawei.android.os.IHwAntiTheftManager]
36 nonhardaccelpkgs: [android.app.INonHardwareAcceleratedPackagesManager]
37 hwfm_service: [com.huawei.android.hardware.fmradio.IHwFmService]
38 hwPcManager: [android.pc.IHwPCManager]
39 multi_task: [android.app.mtm.IMultiTaskManagerService]
40 contexthub: [android.hardware.location.IContextHubService]
41 netd_listener: [android.net.metrics.INetdEventListener]
42 connmetrics: [android.net.IIpConnectivityMetrics]
43 bluetooth_manager: [android.bluetooth.IBluetoothManager]
44 EmcomManager: [android.emcom.IEmcomManager]
45 autofill: [android.view.autofill.IAutoFillManager]
46 imms: [com.android.internal.telephony.IMms]
47 media_projection: [android.media.projection.IMediaProjectionManager]
48 launcherapps: [android.content.pm.ILauncherApps]
49 shortcut: [android.content.pm.IShortcutService]
50 media_router: [android.media.IMediaRouterService]
51 media_resource_monitor: [android.media.IMediaResourceMonitor]
52 media_session: [android.media.session.ISessionManager]
53 restrictions: [android.content.IRestrictionsManager]
54 companiondevice: [android.companion.ICompanionDeviceManager]
55 print: [android.print.IPrintManager]
56 graphicsstats: [android.view.IGraphicsStats]
57 dreams: [android.service.dreams.IDreamManager]
58 commontime_management: []
59 network_time_update_service: []
60 attestation_service: [com.huawei.attestation.IHwAttestationService]
61 samplingprofiler: []
62 diskstats: []
63 DisplayEngineExService: [com.huawei.displayengine.IDisplayEngineServiceEx]
64 aps_service: [android.aps.IHwApsManager]
65 hwGeneralService: [huawei.android.os.IHwGeneralManager]
66 hwConnectivityExService: [huawei.android.net.IConnectivityExManager]
67 smartcardservice: [org.simalliance.openmobileapi.service.ISmartcardSystemService]
68 voiceinteraction: [com.android.internal.app.IVoiceInteractionManagerService]
69 appwidget: [com.android.internal.appwidget.IAppWidgetService]
70 backup: [android.app.backup.IBackupManager]
71 trust: [android.app.trust.ITrustManager]
72 soundtrigger: [com.android.internal.app.ISoundTriggerService]
73 jobscheduler: [android.app.job.IJobScheduler]
74 hardware_properties: [android.os.IHardwarePropertiesManager]
75 serial: [android.hardware.ISerialManager]
76 usb: [android.hardware.usb.IUsbManager]
77 midi: [android.media.midi.IMidiManager]
78 DockObserver: []
79 audio: [android.media.IAudioService]
80 wallpaper: [android.app.IWallpaperManager]
81 search: [android.app.ISearchManager]
82 country_detector: [android.location.ICountryDetector]
83 location: [android.location.ILocationManager]
84 tui: [android.os.ITrustedUIService]
85 devicestoragemonitor: []
86 notification: [android.app.INotificationManager]
87 updatelock: [android.os.IUpdateLock]
88 servicediscovery: [android.net.nsd.INsdManager]
89 connectivity: [android.net.IConnectivityManager]
90 ethernet: [android.net.IEthernetManager]
91 wifip2p: [android.net.wifi.p2p.IWifiP2pManager]
92 rttmanager: [android.net.wifi.IRttManager]
93 wifiscanner: [android.net.wifi.IWifiScanner]
94 wifi: [android.net.wifi.IWifiManager]
95 netpolicy: [android.net.INetworkPolicyManager]
96 netstats: [android.net.INetworkStatsService]
97 network_score: [android.net.INetworkScoreService]
98 textservices: [com.android.internal.textservice.ITextServicesManager]
99 network_management: [android.os.INetworkManagementService]
100 clipboard: [android.content.IClipboard]
101 statusbar: [com.android.internal.statusbar.IStatusBarService]
102 device_policy: [android.app.admin.IDevicePolicyManager]
103 deviceidle: [android.os.IDeviceIdleController]
104 persistent_data_block: [android.service.persistentdata.IPersistentDataBlockService]
105 oem_lock: [android.service.oemlock.IOemLockService]
106 lock_settings: [com.android.internal.widget.ILockSettings]
107 uimode: [android.app.IUiModeManager]
108 storagestats: [android.app.usage.IStorageStatsManager]
109 mount: [android.os.storage.IStorageManager]
110 accessibility: [android.view.accessibility.IAccessibilityManager]
111 input_method: [com.android.internal.view.IInputMethodManager]
112 pinner: []
113 vrmanager: [android.service.vr.IVrManager]
114 input: [android.hardware.input.IInputManager]
115 window: [android.view.IWindowManager]
116 overlay: [android.content.om.IOverlayManager]
117 hwsysresmanager: [android.rms.IHwSysResManager]
118 hwAlarmService: [huawei.android.app.IHwAlarmManagerEx]
119 alarm: [android.app.IAlarmManager]
120 consumer_ir: [android.hardware.IConsumerIrService]
121 vibrator: [android.os.IVibratorService]
122 settings: []
123 content: [android.content.IContentService]
124 account: [android.accounts.IAccountManager]
125 fido_authenticator: [com.huawei.fingerprint.IAuthenticator]
126 fingerprint: [android.hardware.fingerprint.IFingerprintService]
127 media.camera.proxy: [android.hardware.ICameraServiceProxy]
128 telephony.registry: [com.android.internal.telephony.ITelephonyRegistry]
129 scheduling_policy: [android.os.ISchedulingPolicyService]
130 sec_key_att_app_id_provider: [android.security.keymaster.IKeyAttestationApplicationIdProvider]
131 webviewupdate: [android.webkit.IWebViewUpdateService]
132 usagestats: [android.app.usage.IUsageStatsManager]
133 battery: []
134 hwext_device_service: [hwext_device_service]
135 sensorservice: [android.gui.SensorServer]
136 dropbox: [com.android.internal.os.IDropBoxManagerService]
137 processinfo: [android.os.IProcessInfoService]
138 permission: [android.os.IPermissionController]
139 cpuinfo: []
140 dbinfo: []
141 gfxinfo: []
142 meminfo: []
143 procstats: [com.android.internal.app.procstats.IProcessStats]
144 activity: [android.app.IActivityManager]
145 user: [android.os.IUserManager]
146 otadexopt: [android.content.pm.IOtaDexopt]
147 package: [android.content.pm.IPackageManager]
148 media.sound_trigger_hw: [android.hardware.ISoundTriggerHwService]
149 media.radio: [android.hardware.IRadioService]
150 media.audio_policy: [android.media.IAudioPolicyService]
151 securityserver: [huawei.android.security.IHwSecurityService]
152 display: [android.hardware.display.IDisplayManager]
153 recovery: [android.os.IRecoverySystem]
154 pgservice: [com.huawei.pgmng.api.IPGManager]
155 power: [android.os.IPowerManager]
156 appops: [com.android.internal.app.IAppOpsService]
157 batterystats: [com.android.internal.app.IBatteryStats]
158 media.camera: [android.hardware.ICameraService]
159 device_identifiers: [android.os.IDeviceIdentifiersPolicyService]
160 gpuassistant: []
161 DisplayEngineService: []
162 netd: []
163 gpu: [android.ui.IGpuService]
164 SurfaceFlinger: [android.ui.ISurfaceComposer]
165 media.audio_flinger: [android.media.IAudioFlinger]
166 media.resource_manager: [android.media.IResourceManagerService]
167 media.player: [android.media.IMediaPlayerService]
168 media.extractor: [android.media.IMediaExtractorService]
169 Hwmedia.monitor: [android.media.IHwMediaMonitorService]
170 drm.drmManager: [drm.IDrmManagerService]
171 media.metrics: [android.media.IMediaAnalyticsService]
172 android.service.gatekeeper.IGateKeeperService: []
173 storaged: [Storaged]
174 hisi.vrar: []
175 media.cas: [android.media.IMediaCasService]
176 media.drm: [android.media.IMediaDrmService]
177 wificond: []
178 Binder.Pged: []
179 installd: []
180 batteryproperties: [android.os.IBatteryPropertiesRegistrar]
181 BastetService: [com.huawei.android.bastet.IBastetManager]
182 android.security.keystore: [android.security.IKeystoreService]Packages
Huawei Packages installed:
package:com.example.android.notepad
package:com.huawei.support
package:com.huawei.mirrorlink
package:com.huawei.camera
package:com.huawei.android.tips
package:com.huawei.android.launcher
package:com.huawei.hidisk
package:com.huawei.iaware
package:com.huawei.bluetooth
package:com.huawei.android.thememanager
package:com.huawei.nearby
package:com.huawei.android.FloatTasks
package:com.huawei.desktop.systemui
package:com.huawei.motionservice
package:com.huawei.recsys
package:com.huawei.android.totemweather
package:com.huawei.phoneservice
package:com.huawei.desktop.explorer
package:com.huawei.screenrecorder
package:com.huawei.livewallpaper.ripplestone
package:com.huawei.videoeditor
package:com.huawei.securitymgr
package:com.huawei.iconnect
package:com.huawei.livewallpaper.artflower
package:com.huawei.consumer
package:huawei.android.widget
package:com.huawei.imedia.sws
package:com.huawei.systemserver
package:com.huawei.android.instantshare
package:com.huawei.indexsearch.observer
package:com.huawei.trustagent
package:com.huawei.indexsearch
package:com.huawei.android.internal.app
package:com.huawei.hwasm
package:com.huawei.omacp
package:com.huawei.wifiprobqeservice
package:com.huawei.systemmanager
package:com.huawei.HwMultiScreenShot
package:com.huawei.vassistant
package:com.huawei.watch.sync
package:com.huawei.hwstartupguide
package:com.huawei.fido.uafclient
package:com.huawei.android.mirrorshare
package:com.huawei.android.totemweatherwidget
package:com.huawei.himovie
package:com.huawei.compass
package:com.huawei.livewallpaper.flowersbloom
package:com.huawei.android.hwaps
package:com.huawei.android.hwouc
package:com.huawei.android.wfdft
package:com.huawei.mmitest
package:com.huawei.powergenie
package:com.huawei.android.instantonline
package:com.huawei.android.projectmenu
package:com.huawei.android.totemweatherapp
package:com.huawei.android.remotecontroller
package:com.huawei.sarcontrolservice
package:com.huawei.livewallpaper.mountaincloud
package:com.huawei.livewallpaper.naturalgarden
package:com.huawei.scanner
package:com.huawei.aod
package:com.huawei.ims
package:com.huawei.lbs
package:com.huawei.rcsserviceapplicationOne package caught out eye.
com.example.android.notepad (what.)We loaded a few Android phones and this package wasn’t on them, so maybe it isn’t some example app. It is worth noting that the actual apk name is HwNotePad, presumably Huawei NotePad. Interesting, what are it’s requested permissions?
com.huawei.indexsearch.permission.INDEX_SEARCH_SERVICE: granted=true
android.permission.USE_CREDENTIALS: granted=true
com.huawei.notepad.provider.readPermission: granted=true
android.permission.MANAGE_ACCOUNTS: granted=true
com.huawei.hicloud.permission.hicloudLogin: granted=true
android.permission.RECEIVE_BOOT_COMPLETED: granted=true
android.permission.WRITE_MEDIA_STORAGE: granted=true
android.permission.INTERNET: granted=true
com.huawei.indexsearch.observer.permission.INDEX_SEARCH_OBSERVER_SERVICE: granted=true
android.permission.MANAGE_USERS: granted=true
android.permission.ACCESS_NETWORK_STATE: granted=true
android.permission.CHANGE_CONFIGURATION: granted=true
android.permission.INTERACT_ACROSS_USERS: granted=true
android.permission.ACCESS_WIFI_STATE: granted=true
android.permission.LOCATION_HARDWARE: granted=true
android.permission.WAKE_LOCK: granted=true
com.huawei.hicloud.permission.hicloudSync: granted=trueFor the most part it’s just a standard notepad. Huawei, you may want to change the package name so it doesn’t look odd? What happens when we load the APK into MobSF? Well, apparently it fails. We decided to move on. Additionally, we saw a lot of strange things when viewing the phone app — some were expected. After some thoughts, however, it looks like most of the odd things are just there for integration to third-party services like Sina Weibo, Baidu, and VMall.
MobSF Report for HwPhoneService.apk:
Honestly, in it’s default state, there doesn’t appear to be a whole lot loaded onto this phone that was considered suspicious. We did see a lot of things able to communicate with the HiCloud service.
What are you running HiCloud?
During analysis of several APKs we found that a lot of them had the HiCloud service in common. This seems like Huawei’s proprietary answer to iCloud drive or Google Backup for backup purposes. When going through the phone service APK, we found a HTTP connection specific to the HiCloud service within com/huawei/hwid/vermanager/VersionManager.java.
Specifically:
setting{0}.hicloud.com:8080/AccountServer (curly bracket stuff described below)
setting{0}.hicloud.com:443But what happens when we go to just setting.hicloud.com?
Oh hey! Apache Tomcat 7.0.54 — which is from 2014. We both hope that Huawei is using backported software on this host. After some OSINT, it looks like the root setting.hicloud.com systems are on Amazon; hopefully it’s backported software. Oh, and why does it allow connections over HTTP?
The number between the curly brackets indicates what server it’s going to use. In our OSINT, we found that there are:
setting.hicloud.com - Amazon AP Southeast
setting1.hicloud.com - China
setting3.hicloud.com - China
setting5.hicloud.com - Amazon AP Southeast
setting6.hicloud.com - Amazon AP Southeast
setting7.hicloud.com - Germany
setting8.hicloud.com - Russian FederationThere is a registered data.hicloud.com domain that’s in the USA, however, it wasn’t mentioned in most of the code we went through :/.
Again, there wasn’t a whole lot there, we even had to look up how to use the HiCloud. After going through our phone over and over again, we weren’t able to even find the ability to use HiCloud for backing up. We did see the option for Google’s backup, however, that’s not what we are after.
After looking through most the articles, it looks like this may be a difference between the international and US versions of this phone. There were plenty of guides to setup the service from European sources, however, next to nothing addressing the US version.
Perhaps this gets enabled if you install the HiSuite tools/part of HiSuite? Either way, we see the necessary permissions but not the services.
There wasn’t a whole lot in the sdcard area for the CloudDrive either:
Conclusion
This became a very interesting project and a wonderful learning opportunity. We learned that the Huawei Mate 10 Pro (US version) didn’t do a whole lot. There seemed to be some overstepping of permissions, however, nothing that seemed to the point of intrusive. It was a bit interesting that it seemed like their US version is just a clone of the international version with a few packages quite literally uninstalled. For the most part, it’s just an Android phone with a custom SoC and custom UI, nothing crazy.
Between the two of us, we became more interested in the HiSuite tools. Perhaps this is what the US Government was concerned about? Of course, the versions of the phones that back up to HiCloud could potentially be sending data outside of the US to either Germany, Singapore, Russia, or China. One can argue that these countries may be questionable in respects to sending data to— specifically the last two ;). That being said, our US version didn’t even have the HiCloud service.
So, is the ban riddled with Politics and Paranoia? Or is the ban justified? Given what we saw:
- Overstepping permissions
- Permissions for services that aren’t even there
- Autoruns to run a downloader for phone management on a pc
- Little network traffic, other than the expected
- HiCloud ability to connect to and back up to potentially “hostile” countries
- HiCloud settings endpoints accept non-ssl connections
- The mac app has an AV detection :/
- Huawei service endpoints are mostly in China or Germany
Since we only had the US version, the question is harder to answer than we initially thought. We came to the conclusion that there is some justification to be cautious with phones that are international versions as well as using the HiCloud service and HiSuite software. If you don’t care where your data is stored, then go for using it. Trust but verify ;).
OPINION: With our own paranoia, we would never use the HiCloud service (even if offered) nor would we use the HiSuite application. With those things not in use, the phone seems quite sufficient.
As for the US version of the Huawei Mate 10 Pro so far? Well, it appears to just be an, albeit very nice, Android phone with some pre loaded software and custom components. Keep in mind our work was done without root permissions and we are still working on this.
What did we learn?
What good is research if you don’t share what you learned?
- We probably combed through more Android documentation than we ever wanted to. RTFM, people.
- ADB is pretty awesome and makes it easy to pull APKs off the device
- ADB shell is…well…a shell.
- MobSF is pretty slick for doing quick analysis on APKs
- @CozyBearRU voids warranties. He destroyed his Mate 10 Pro and blew up the battery.
- We want to order an international version and see the differences. This was a big oversight in the end and will probably lead to a another post.
We really want to root this device to install additional software and get a higher level of interaction. Hopefully once we get another device, we’ll root one and post another research post.
Thanks
Huge thanks to the ThugCrowd Live Podcast. Listening to your podcast really got me (ProToxin 🤨) back into working on security projects and really motivated me.
Thanks to the MobSF team: Ajin Abraham, Dominik Schlecht, Matan Dobrushin, Vincent Nadal.
Thanks to you, the reader, for reading Part One. We look forward to having a part 2 :).
Cheers,
