back to article Spy back doors? That would be suicide, says Huawei

Chinese hardware manufacturer Huawei says allegations it provides backdoors for espionage in its kit remain unproven and would be “commercial suicide”. “The hypothetical - that our equipment could be used for espionage by the Chinese government - has never been proven,” spokesman Scott Sykes told press at the company’s annual …

COMMENTS

This topic is closed for new posts.

Page:

  1. brooxta

    A good point

    and well made. But if they're serious about establishing this as fact then even better would be a third party audit of their source code and hardware schematics, rather like the Truecrypt audit but on a rather larger scale. Otherwise it's just a case of Huawei saying "we haven't been found out ... yet."

    1. Tom 35

      Re: A good point

      They can do the same for Cisco then. At least equal if not better odds of NSA backdoors I would think...

    2. James Micallef Silver badge

      Re: A good point

      No other network company are held to that standard, so why should Huawei?

      And as pointed out in the article, it's as likely that there are NSA backdoors as Chinese backdoors in Huawei kit. But more to the point, if NSA could have put backdoors in Huawei kit, they just as equally could have put backdoors in kit from any other manufacturer. So should all network maufacterers have their kit fully audited by external consultants?

      And who's to say that the external audit isn't itself compromised?

      1. DropBear

        Re: A good point

        And as pointed out in the article, it's as likely that there are NSA backdoors as Chinese backdoors in Huawei kit.

        Agreed, but on the other hand there's nothing stopping Huawei themselves to audit their own code should they wish to - now that they have a reason to be suspicious too - and weed out potential foreign backdoors. As long as they can find them, of course.

      2. brooxta

        Re: A good point

        > No other network company are held to that standard, so why should Huawei?

        Exactly. That's what's so fascinating about this whole saga.

        Huawei are being targeted because people think they may be predisposed to allow Chinese backdoors, and rather than just give up they are going out there to try to show that they are clean. Which means they are already going beyond what Cisco et al do.

        And in this post-Snowden world we now become aware that Cisco et al are unlikely to be snow-white in this regard either and so we want to hold them to a higher standard than "Come on guys, we're American, we would never do that sort of thing."

        And at that point the prospect of holding our network and security hardware vendors a little bit more accountable becomes more realistic. And governmental blanket surveillance becomes a tougher job because everyone is now more open about what's in the code and the silicon.

        This is a fascinating process to watch at many levels. It's a multi-step thing. I like the stand that Huawei have taken.

  2. boba1l0s2k9
    Angel

    Uh huh, yeah

    That's what I'd say if I were lying too... We've already seen data showing spooks can hack their stuff. If one spook can do it, so can several. The CEO could even be telling the truth that they have no knowledge of these backdoors. Doesn't change a thing. China would be dumb to not have backdoors ready for key Haweui equipment, though maybe not installed by default.

    1. BillG
      Angel

      Re: Uh huh, yeah

      'Impeccable track record' clearly means we're not a spy conduit

      ...yet.

      Huawei will follow the Google business model. Do everything right until there is widespread adoption, then - Oops, a security bug! How did THAT get there? (snicker!)

    2. AltesSchlachtross

      Re: Uh huh, yeah

      So, why should Huawei lie while Cisco is always saying the truth ?

      I think you are one of these persons who can be easily manipulated by their respective country's propaganda. In other words, AN IDIOT.

  3. Anonymous Coward
    Big Brother

    If the UK is really that worried about backdoors...

    Then they should ban national telco's from using any and all Cisco equipment...

    1. Hit Snooze

      Re: If the UK is really that worried about backdoors...

      Don't be silly, the GCHQ helped install those backdoors so why wouldn't they want you to use them?

    2. Martin-73 Silver badge

      Re: If the UK is really that worried about backdoors...

      If they didn't want them to use whatever kit they feel like, and think they're "critical", they should never have privatized them

    3. Anonymous Coward
      Anonymous Coward

      Re: If the UK is really that worried about backdoors...

      UK isn't worried, hence much of the UK back-haul runs over Huwawei.

  4. Christoph

    "The slides also disclose the NSA intended to plant its own backdoors in Huawei firmware."

    Don't use kit from our competitors, it has backdoors in it!

    How do you know?

    Because we put them there!

    1. AltesSchlachtross

      Or

      Huawei was not as obedient as Cisco in allowing NSA operatives to weaken code and hardware.

      In the light of Snowden THAT is the most plausible explanation for all the Murican noise.

  5. Aqua Marina

    would be “commercial suicide”.

    Microsoft said something similar when asked if they broke Windows on DR Dos.

  6. Graham Marsden
    Black Helicopters

    "If it were ever proven, we would lose 65 per cent of our business overnight."

    I wonder how they came up with that figure...?

    1. Anonymous Coward
      Anonymous Coward

      Re: "If it were ever proven, we would lose 65 per cent of our business overnight."

      Because 65% of their business comes from outside of China, I think that's the point they are making.

  7. Anonymous Coward
    Anonymous Coward

    “Broadly, we have an impeccable track record with 500 telcos in 150 countries. There's never been a security issue of any kind,"

    WHHHAAAAA??????

    I must have been imagining all the psirt advisories for issues and patches in their kit over the years.

    "Broadly", is that the getout clause in that statement that lets him spout complete bollocks and yet still not get sued for bare faced lies?

    1. Paul Crawford Silver badge
      Joke

      Yes.

      Broadly - when talking bollocks about one's self.

      Allegedly - when talking bollocks about others.

    2. Lockwood

      ... Allegedly

    3. AltesSchlachtross

      Different to U.K. and U.S. Products

      ..HOW ?

  8. Don Jefe

    Catastrophe Management

    The allegations are probably true, it's what everyone else does. So who gives a shit. All the boo hooing in the world is going to get governments to decide they don't have the right to demand access to products made in the countries they manage. You lot can go start a revolution if you want (cause those always result in less intrusive governments right?). Report back and let us know how it works out.

    Everybody laughs, but there's a really good reason that ancient defense mechanisms were completely automated and their successful use results in the destruction of whatever was being secured. If something is so valuable that you have to hide it away from everyone then it's worth destroying to prevent others from getting it.

    If that's not the case you aren't dealing with a security problem, you're dealing with a valuation problem. It's poor valuation abilities that lead to far more problems than theft of 'treasure'. If you go putting your highly valuable treasure outside your sphere of protection and it's stolen that's your problem, not anyone else's. If you go protecting things of little value through the application of great resources you won't have anything of value much longer.

    The legions of finger pointers and blamers out there hate to hear it, but the solution to all this is the same as it was when burning camel shit to cave paint by was high tech. You either remove the value of the treasure or you keep the treasure secure your own way. You don't huck your treasure at everybody with free shipping then run around crying when your treasure is gone.

    The less allegorical solution is to prohibit anybody from storing potentially threatening information on your behalf or for your convenience. How will that work? No fucking idea. Not my problem either. I've already made my money and like most others who have done so I did it by figuring out clever ways to work within whatever boundaries and restrictions were out there. Changing boundaries and restrictions is for politicians and useless people. Working within the reality created by those boundaries is where clever, inventive and innovative people thrive. It's the atrociously thick witted and simple minded who not only can't function within the reality, they have to ask permission to change the boundaries. So they're stupid and weak and that's the sort we elect to run our countries. So yay democracy, I guess, bunch of pantywaists. If you want to change boundaries you do it and if you're strong enough to hold them you've just redefined reality for everybody.

    Will fortunes be lost? Yes. That's how systems of trade work. If you didn't know that then you're way out of your league so just shut it and get back to work, those shackles won't make themselves you know. Fortunes are made and lost and thanks to the whole globalization thing, lost fortunes may be rediscovered far away from your country, but thems the breaks. You can't have the good without the bullshit you know. Those you're screwing today may very well turn it around and be screwing you tomorrow. In fact it's almost certain that's what will occur. They've got no choice but to become stronger than you so they can change the boundaries without having to ask your permission.

    So instead of endless bickering just work out your valuation issues, solve your own problems and let the stupid and weak turn a geeky hardware willy waving contest into an international stupid convention. Stop giving in to useless people who can't succeed on their own merits and you've eliminated the problem altogether. If they can't figure our how to process your fuckable flashlight payment or sell you a mobile phone or property insurance or make a simple loan or subscribe you to a magazine, catalog or mailing list without needing a DNA sample, your government issued ID number then fuck 'em. We don't need 'em anyway.

    If they're all suddenly unemployed they can go back to the servant jobs historically reserved for the stupid and weak, and that's classier anyway. But right now you are the servants and your inferiors are running your lives while everyone is lost in debates about which intrusive bullshit slinging government has the easiest access to products produced by companies they host and subsidize (and all governments subsidize businesses. What do you think tax breaks are?)

  9. Jamie Jones Silver badge
    Facepalm

    No security issues?

    Broadly, we have an impeccable track record with 500 telcos in 150 countries. There's never been a security issue of any kind,” Sykes told journalists. “We wouldn't be a $40bn company today if were not good at building secure networks"

    I generally think that Huawei gets political FUD thrown at them, but the above is clearly incorrect.

    If you have one of their wi-fi devices, anyone can grab the wifi password without needing to go through authorisation.

    http://www.securityfocus.com/archive/1/531368

    1. AltesSchlachtross

      What They Meant To Say

      "Our shit is not worse than the Cisco shit".

      Which is 100% fair in my opinion. Time to deconstruct the "Yellow Evil" memes.

    2. Midnight

      Re: No security issues?

      That's not a security issue, it's a matter of customer convenience.

      I trust Huawei more than ever knowing that they have made sure I can never be locked out of my secured network again.

  10. BlueGreen

    "the NSA intended to plant its own backdoors in Huawei firmware"

    Oooh, they are cunts, they really are.

  11. Miek
    Linux

    Plot Twist: It's the Americans spying on everyone and watering down World security standards.

    1. P. Lee
      Black Helicopters

      I'd rather have the Chinese spying on me. Since I don't live in China, they are less likely to send in the heavies to break my door down and drag me off on some trumped up charges - intentionally or otherwise.

      Plus, I don't think their spy-tech is as good as the Yanks, which is also a good thing.

      Plus it would give me great satisfaction to, in some small way, erase the effects of Cisco's political lobbying and US protectionism through FUD.

  12. wobblycogs

    Why worry about back doors

    On this type of equipment I really don't see much point in worrying if there is a back door. If you are sending anything over a public network that you aren't happy for everyone to see you'd better make sure it's encrypted before it leaves your (secure) network, anything else is plain stupidity.

    1. the spectacularly refined chap

      Re: Why worry about back doors

      If you are sending anything over a public network that you aren't happy for everyone to see you'd better make sure it's encrypted before it leaves your (secure) network, anything else is plain stupidity.

      Why worry? Perhaps because it doesn't address the issue? It's an attitude that is typical of very poor security, namely focusing on a single possible attack vector and ignoring everything else.

      Suitably robust encryption protects you against eavesdropping and nothing else, and that's assuming your idea of suitably robust correlates with GCHQ/NSA/FSB/whoever. It does nothing to protect you from other attack vectors. Let's face it - most companies simply are not of interest to the intelligence community in any event. They're still vulnerable if routing between their WAN nodes is deliberately buggered up in a nationwide DoS attack. Then you can rest easy that no-one is getting their hands on your sensitive data, including the intended recipient.

  13. clanger9

    Surely...

    ...the problem for the security services is that Huawei kit doesn't have security service-mandated back doors in it, whereas the domestic kit does?

    You can't trust anyone these days...

  14. This post has been deleted by its author

  15. Miek
    Flame

    Posts deleted before being published? .... must be an Orlowski Article, must make an email filter to put those RSS entries straight in the bin.

    1. gazthejourno (Written by Reg staff)

      Just for that little outburst I've popped you onto the pre-moderation naughty step.

      Have a nice day.

      1. Lockwood
        Pint

        Could it be? Is this Moderatrix 2.0?

        (And sweet irony that a post wondering about the Moderatix' second coming gets put into the modqueue)

  16. Chad H.

    I'm growing to believe that the rumours abuot Huweii inserting Chineese back doors were planted by the CIA/NSA after they had a meeting and Huweii refused to acquise to the American demand to put them in.

    I was thinking this might be some wild conspiracy theory, but given that its revealed this week the US uses the No Fly List to Coerce Pakistani-Americans into becoming informants... the pieces fit.

  17. ptmmac

    What's an honest spook supposed to do?

    Anyone over there see publishing this info about the NSA as going way past alerting the US citizens about the NSA's over reach and on into exposure of all secret NSA programs for the sake of notoriety. Whats an honest spook supposed to do if they can't hack into telecoms without being called out by an ex employee? It also suggests that China may be putting custom hacks into any equipment being shipped overseas by changing it after it leaves the manufacturing plant.

    Wondering what the view is from your side of the pond?

    1. AltesSchlachtross

      My View On You: More Shit From America

      Maybe you can substantiate your allegations/rumours/shitlobbing before you do that ? Innocent before proven guilty, maybe ???

  18. Trollslayer

    Pot

    Kettle.

    1. John Tserkezis

      Re: Pot

      "Kettle."

      Black, White, Beige, what's the difference...

  19. Jaybus

    What security?

    Seeing as the vast majority of Internet traffic is transmitted in the clear to begin with, I'm not sure what security we are talking about here. Security begins and ends with the sender and recipient's machines. Who in their right mind would rely on a third-party, man-in-the-middle network infrastructure to ensure the security of sensitive data?

  20. John Savard

    Suicide

    Corporate suicide beats being sent to a labor re-education camp. When China becomes an open democracy like the U.S. and the U.K., then this won't be a suspicion.

    1. Trevor_Pott Gold badge
    2. P. Lee
      Mushroom

      Re: Suicide

      You seem to be confusing democracy with freedom.

      In the past the great thing about being a US citizen was that (like the Roman citizens of old) you had rights which protected you from being treated by your own government like the foreign scum were. The shock with Snowden is that that is no longer the case.

      The US, UK and Australia seem to be rushing as fast as they can towards a more Chinese-style of government. Yes the government was doing illegal things, but exposing them is illegal in itself so they'll put you in a hole deliberately placed where human rights (for some reason) don't apply and throw away the key. The US do it prisoners of war and government employees, the Australians do it with asylum seekers who fail to arrive on an aeroplane and the UK just goes along with it all and lends a hand.

  21. Anonymous Coward
    Black Helicopters

    Sadly, we already know that the NSA backdoored Huawei gear....

    It was in that "catalog" that got leaked 6 or so months ago. And the 5 Eye members all have access to that catalog's gear.

    And it's not like China has a great reputation for cracking down on hacking, so I have to assume that Huawei has been backdoored by China as well.

    Now, Huawei's management might be oblivious to all of this, but all it takes is co-opting the right 4-5 guys within Huawei to get this done without management's knowledge. Or management may just be blowing smoke to cover up a classified defense program that they do know about, but dare not tell about. Or you can do what NSA Tailored Operations admits they can do in released Snowden docs--intercept the hardware while in logistics transit, backdoor it, stuff it back in the box and send it on it's merry way to the end user.

  22. GaryDMN

    It didn't hurt Google

    Of course Google is never held accountable, it's open source after all.

  23. This post has been deleted by its author

  24. PAT MCCLUNG

    Clerk

    It is a proven fact (beyond denial) that NSA has back doors in Huawei routers and firewalls.

    See the ANT product catalog among the Snowden documets released by Der Speigel: HEADWATER; HALLUXWATER.

  25. Robert Ramsay

    They didn't say it wasn't true...

    ...only that no-one had proved it.

  26. hoola Silver badge

    Nothing to do with "back doors"

    The entire saga is all about protection of an American company. Ignore the fact that much of what they manufacture is outsourced, just as most IT equipment is.

    The US Government is trying to force other "friendly" governments to but Cisco. I personally believe that in the light of the Snowdon revelations, there is a significant risk that the NSA has a way into most equipment that is manufactured by US/Western companies.

    This is probably what irks them most. They are losing that back door. The time when America ruled the world is gone and the sooner they wake up to that fact and stop interfering the better. The EU is not far off the same with the Ukranian problem.

Page:

This topic is closed for new posts.

Other stories you might like