Vulnerability in Magenta TV – Telekom builds backdoor for Huawei
| Reading time: 4 minutes
Users of the Telekom offer MagentaTV should be careful: Who looks the service on his Mac, may install a veritable security vulnerability. If the danger should be excluded, those affected have only one choice.
MAC owners who want to use Magenta TV from Deutsche Telekom on their device should think twice about it. To play their video player in the network via Apple's Safari browser, the Bonn use a hastily written interim solution.
This is based on software of the Chinese tech group Huawei, as the Telekom had to admit on request of WELT. How problematic that is, has analyzed the Dusseldorf Web developer Cedric Kastner in a true news storm on Twitter.
Kastner had noticed that the Telekom can be granted by the users of their IP TV service Magenta TV a whole set of special rights. Anyone who wants to watch telecom television via the Mac should first install a small piece of software in his browser, a so-called plug-in – and that's what it has in this case, as Kastner describes it.
Who installs the plugin "Magenta TV 184.108.40.206", potentially loads various problems on his Mac. The software first changes some system features, turns off Apple's power saving feature "App Nap" and blocks Apple's screenshot tool completely.
Furthermore, the telecom programmers install their own so-called certificates – and thus clear unauthorized special rights on the computer. The certificates could be used to install additional software without a security warning alerting the customer.
This approach is especially problematic because the playback software behind Magenta TV comes from the Chinese technology group Huawei. Its products are currently being warned by governments and security agencies around the world as they are suspected of being potential entry points for IT espionage. If the danger is to be ruled out, Mac users have only one choice: they have to do without Magenta TV until further notice.
Extensive accessibility for Huawei
At the request of WELT, Deutsche Telekom confirmed that the Magenta TV web application was designed as a temporary solution: "The Magenta TV Web Client is in the transition to a completely new version with improved user-friendliness. Unfortunately, this transition takes longer than planned. Since in the meantime the Apple developer certificate for a still necessary plug-in has expired, had a Plan B ago, "says Telekom spokesman Christian Fischer. The current solution "circumvent only internally on the computer of the user this problem".
In other words, Telekom has missed that a long-used certificate from Apple expired last month. Since the old version of the magenta TV program no longer worked, a certificate from Huawei was quickly added – with which the Bonn but also Huawei far-reaching access to the computers of their users.
But this is not a security gap, says Fischer. "Granted – of course, this is not programmed nicely." However, this only applies if you trust Huawei so much that you want to set up a root certificate for the Magenta TV customer without hesitation.
Close cooperation with the Chinese
The Berlin security expert Karsten Nohl sees the plug-in more critically: "The installation of the magenta application is unclean in terms of craftsmanship and safety," he told WELT. "The installation of the certificate prompts Huawei against security certificates used to validate web pages and applications."
The carefree use of the Huawei certificates shows how closely the Bonn partners with the Chinese giant: In many places in the Group, its technology is routinely used, as software directly on the computers of customers as well as hardware in the mobile network or as a complete solution for cloud computing. Server for corporate customers.
At the end of October, Telekom continued to advertise its partnership with the Chinese with the slogan "Strong Together" on the website of its technology subsidiary T-Systems and was pleased to cooperate with "Partner Huawei for more than 10 years".
One pursues "in the partnership the strategic goal, with virtual technologies the world virtually better to connect". Meanwhile, this slogan has disappeared from the telecom site, Huawei no longer emerges as a partner. Huawei is currently under pressure worldwide as the UK and US security agencies have named the Group's products as a potential spy.
Telecommunications Location (t) Fuest-Benedikt (t) Huawei Technologies (t) Munich (t) Munich (t) Felix Hörhager (t) Telecom (t) Art (t) Magenta TV (t) t) Huawei (t) Apple (t) Video Player (t) Michael Schuld (t) Twitter (t) Bayern (t) Chinese Critical (t) MagentaTV (t) Smartphone