Deutsche Telekom: MagentaTV allows Huawei access to customer computers

0
40
economy Popular video player

Vulnerability in Magenta TV – Telekom builds backdoor for Huawei

| Reading time: 4 minutes

23.10.2019, Bavaria, Munich: Michael Schuld, head of the streaming company Magenta TV, is standing at the Deutsche Telekom press conference in the action house Ketterer Kunst. The European Football Championship 2024 will be broadcast in Germany by Telekom. The company secured the rights to the home tournament in just under five years, as announced on Wednesday in Munich. Photo: Felix Hörhager / dpa +++ dpa broadcasting +++ 23.10.2019, Bavaria, Munich: Michael Schuld, head of the streaming company Magenta TV, is standing at the Deutsche Telekom press conference in the action house Ketterer Kunst. The European Football Championship 2024 will be broadcast in Germany by Telekom. The company secured the rights to the home tournament in just under five years, as announced on Wednesday in Munich. Photo: Felix Hörhager / dpa +++ dpa broadcasting +++

In the review: Magenta TV boss Michael Schuld. The streaming provider uses a controversial software

Source: dpa

Users of the Telekom offer MagentaTV should be careful: Who looks the service on his Mac, may install a veritable security vulnerability. If the danger should be excluded, those affected have only one choice.

MAC owners who want to use Magenta TV from Deutsche Telekom on their device should think twice about it. To play their video player in the network via Apple's Safari browser, the Bonn use a hastily written interim solution.

This is based on software of the Chinese tech group Huawei, as the Telekom had to admit on request of WELT. How problematic that is, has analyzed the Dusseldorf Web developer Cedric Kastner in a true news storm on Twitter.

Kastner had noticed that the Telekom can be granted by the users of their IP TV service Magenta TV a whole set of special rights. Anyone who wants to watch telecom television via the Mac should first install a small piece of software in his browser, a so-called plug-in – and that's what it has in this case, as Kastner describes it.

Who installs the plugin "Magenta TV 6.30.0.54", potentially loads various problems on his Mac. The software first changes some system features, turns off Apple's power saving feature "App Nap" and blocks Apple's screenshot tool completely.

also read

Nowhere is the change on the TV more apparent than on the latest remotes

Fight for the remote

Furthermore, the telecom programmers install their own so-called certificates – and thus clear unauthorized special rights on the computer. The certificates could be used to install additional software without a security warning alerting the customer.

This approach is especially problematic because the playback software behind Magenta TV comes from the Chinese technology group Huawei. Its products are currently being warned by governments and security agencies around the world as they are suspected of being potential entry points for IT espionage. If the danger is to be ruled out, Mac users have only one choice: they have to do without Magenta TV until further notice.

Extensive accessibility for Huawei

At the request of WELT, Deutsche Telekom confirmed that the Magenta TV web application was designed as a temporary solution: "The Magenta TV Web Client is in the transition to a completely new version with improved user-friendliness. Unfortunately, this transition takes longer than planned. Since in the meantime the Apple developer certificate for a still necessary plug-in has expired, had a Plan B ago, "says Telekom spokesman Christian Fischer. The current solution "circumvent only internally on the computer of the user this problem".

also read

xuzhijun-2018

In other words, Telekom has missed that a long-used certificate from Apple expired last month. Since the old version of the magenta TV program no longer worked, a certificate from Huawei was quickly added – with which the Bonn but also Huawei far-reaching access to the computers of their users.

But this is not a security gap, says Fischer. "Granted – of course, this is not programmed nicely." However, this only applies if you trust Huawei so much that you want to set up a root certificate for the Magenta TV customer without hesitation.

Close cooperation with the Chinese

The Berlin security expert Karsten Nohl sees the plug-in more critically: "The installation of the magenta application is unclean in terms of craftsmanship and safety," he told WELT. "The installation of the certificate prompts Huawei against security certificates used to validate web pages and applications."

also read

Inside Huawei, China's Tech Giant

The carefree use of the Huawei certificates shows how closely the Bonn partners with the Chinese giant: In many places in the Group, its technology is routinely used, as software directly on the computers of customers as well as hardware in the mobile network or as a complete solution for cloud computing. Server for corporate customers.

At the end of October, Telekom continued to advertise its partnership with the Chinese with the slogan "Strong Together" on the website of its technology subsidiary T-Systems and was pleased to cooperate with "Partner Huawei for more than 10 years".

One pursues "in the partnership the strategic goal, with virtual technologies the world virtually better to connect". Meanwhile, this slogan has disappeared from the telecom site, Huawei no longer emerges as a partner. Huawei is currently under pressure worldwide as the UK and US security agencies have named the Group's products as a potential spy.

Telecommunications Location (t) Fuest-Benedikt (t) Huawei Technologies (t) Munich (t) Munich (t) Felix Hörhager (t) Telecom (t) Art (t) Magenta TV (t) t) Huawei (t) Apple (t) Video Player (t) Michael Schuld (t) Twitter (t) Bayern (t) Chinese Critical (t) MagentaTV (t) Smartphone

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.