Security implications on using a USB LTE Dongle from Huawei/Other Companies

What kind of rights or permissions does a USB dongle have when plugged into the router?

For example, say you plug in a LTE dongle from Huawei, you just never know what backdoors there might be hidden. Is it possible for them to have code executed with root privileges as soon as its plugged in?

Assuming using v19.07.7

you do realize most electronics are made in China, right ?

1 Like

yeah.. but what do you mean?
If you're implying that the routers are also made in China and that they might have backdoors too.. how would the routers have backdoors if you flash them with OpenWRT?
Otherwise please clarify what you mean from the questions i have asked in the original post.

Point is, why only worry about Huawei (you did however say others too)?

All brands make their electronics in china, what makes Huawei any special ?

And why does it have to be a router ? Anything with internet access (and a lot of things without) could be snooping and/or have a back door.


I mentioned the brand Huawei, because most of the USB 3G/LTE dongles out there come from them.
But was wondering about what kind of rights or permissions does a USB dongle have when plugged into the router? and if its possible for code execution as root user as soon as plugged in?

possible - sure
doable - probably
probable - doubt it, to much $$$ at stake, if you get caught


@include1, welcome to the community!

You asked about USB dongles that you don't flash, not regarding a device that you changed its firmware (and could see its source code if you chose).

  • It has the rights you give it...most require to be at least enumerated as a serial port
  • Anything is possible
  • Lastly, can you explain "code execution as root user" from the perspective of your concern

:warning: If you're honestly concerned that a USB dongle that provides your Internet is malicious, it won't really matter if it executes anything on the device itself. :wink:

1 Like

Let me rephrase. Say you bought a Huawei 3G/LTE dongle, and you plug it in your openwrt router for internet. By default, what permissions/rights does that USB device have? Does it have root:root ?

If you do:

ls -la /dev/bus/usb/

you get something like:

drwxr-xr-x 2 root root 80 Jan 1 1970 001
drwxr-xr-x 2 root root 60 Jan 1 1970 002

Does this mean that the USB device or ANY USB device has root rights to run a malicious code??

Hmm, it is not about the internet provider. Its about trusting the USB device. As the internet provider has nothing to do with the device itself, obviously.

I think I understood the first time; but thanks for more clarification. No USB drivers whatsoever are installed by default in most OpenWrt devices. It should do some devices, it won't even get power at that point of insertion.

  • "It" is not a user, "it" is a device
  • It is not a running program (which is ran as a user)
  • Even as USB, it should be the serial equipment you send commands to (I cannot remember Serial terminology at this point) - the router is the "terminal"
  • All devices are enumerated on the Linux filesystem
    • So root would be the user that could access the device
    • After installing the correct software, of course

I'm also referring to the device, not the provider.

Really (then how does it connect to their towers :thinking: )...well if you believe that, then you should have no worries! :smiley:

Hope this helps.

1 Like

Dongles do not execute code on your router. The kernel drivers (provided by OpenWrt) communicate with the dongle by a binary protocol.

A dongle can of course intercept your Internet usage and "call home" to the manufacturer or any other site. The overall concept of OpenWrt or any router is to consider everything on the wan side of the firewall to be un-trustworthy.



So in this paradigm with a device on WAN, the dongle is always untrusted.

1 Like

I understand your sarcasm here...but tell me what you mean by this then:

I dont know how Huawei/other companies use our ISP to give us internet, so can you explain what you mean here? because i clearly dont understand.
If you are saying that i should worry about my connections being spied upon by companies like Huawei, why does that matter if you use a VPN/TOR from a PC? Why is being worried about the USB dongle having a backdoor used to do other potential type of LAN or internal network spying and other potential LAN device break-ins less important than WAN spying?

sorry for the noob-like questions

Here's a thought about this - all brands MAKE their electronics in China, Huawei DESIGNS them in China (possibly with design input from CCP). See what makes them special now?


OpenWrt considers the dongle (or whatever other modem you use) to be part of the Internet. It is blocked from seeing your LAN.


I see it the opposite way.

Since they design and manufacture their devices themselves, they should have better control of the whole process, compared to other companies, who outsource to the lowest bidder.

That's a plus, IMHO.

Semi-sarcasm, I was noting that you oblivious to more possible and more likely problems from WAN.

If Huawei/other companies/CCP has code on the dongle it can do "anything" with your traffic. Even encrypted traffic (as it could be the Man-in-the-Middle).

  • If I'm the mail man or the post system :email: :mailbox: :mailbox_with_no_mail:
  • and I'm malicious :man_supervillain: ...can you trust I didn't alter the package.

It's all good!


You keep adding conditions. It wouldn't in a VPN on the client long as you use certificate-based or pre-shared key like connections.

China, the CCP runs things; and gets what it wants.

I never said that it was/wasn't...can you explain this.

Indeed, but that applies to all companies over there, not only Huawei.

Which leads back to my initial reply, it's all made in China.

1 Like

It certainly doesn't apply to companies that don't design their products there... But if that's all you can afford, by all means - go buy Huawei... They're good products otherwise

So you're saying that CCP can't make Foxconn in China "modify" the code they load onto whatever device, just as much as they can with huawei?

Tell this to Apple... But to play along, I will just say it's much easier to have that code preloaded in the design instead of "forcing" Foxconn to inject it at the right place so it's undetectable. Also this is not only about code, much easier to do it in silicon instead...

1 Like