back to article UK spy agency warns Brit telcos to flee from ZTE gear

GCHQ's cyber security advice group has formally warned of the risk of using ZTE equipment and services for the UK's telco infrastructure. The National Cyber Security Centre, the cyber part of the UK's nerve centre, founded in 2016, has written to UK telecoms companies warning that using gear from the Chinese firm "would …

Silver badge
Black Helicopters

Irony Abounds

Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?

62
5
Anonymous Coward

Re: Irony Abounds

That is the exact problem here.

One well informed birdie told me that the panic started when during the Bush years one "close to the agencies SP" asked for the backdoors during a tender. The SP procurement team and the double-payrolled people on it were expecting a similar answer as from CSCO, JNPR, NSN which have all said either "impossible" or "development needed" or "per-customer special to be negotiated separately".

Apparently, the Chinese company (not saying which one of the two) returned with an immediate price list item and an actual product code.

That left the "agencies" in the unenviable position of the Bearded taleban leader which have just discovered that his new virgin bride is the "village bicycle". They have been acting in a manner strongly resembling the behaviour of said "Bearded Gentleman" ever since.

16
4
Trollface

Re: Irony Abounds

You're absolutely correct.

The Australian Signals Directorate (ASD) mission statement is:

"Reveal their secrets, protect our own"

I like how they put the aggressive part first as if that's their priority. I don't know how "common citizens" are supposed to be expected to follow the rule of law when their own governmental agencies have mission statements such as this. I wanna be arseholes like those guys!

2
1
Silver badge

Re: Irony Abounds

GCHQ probably don't want people to use ZTE kit because they've not been able to hack it.

6
1
Silver badge

Re: Irony Abounds

Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?

Whilst I understand your sentiment, would you rather they did nothing and we perhaps got royally owned due to use of the kit? They'd be absolutely slated for not pointing out the issues. Spying on your own people is shitty and used to be supposedly illegal but spying on foreigners and protecting our own comms. is their primary reason for existence.

1
0

Re: would you rather they did nothing and we perhaps got royally owned due to use of the kit?

I'm not entirely sure why I should care,

So far, the only thing the Chinese have done to me is sell me some good kit at a decent price and make me some nice takeaway meals over the years.

If their government is spying on me , it isn't in a position to do anything about it (like put me in jail), nor do I appear to be the subject of any Chinese propaganda programmes: I certainly haven't received any pro Communist Party email spam, or leaflets through my door - I hear from the Jehova's Witnesses more often than do from the Chinese government.

They're a long way away geographically.

I lived through the Cold War and the Troubles in Northern Ireland and, so far at least, never once have I been enjoined to fear being nuked by the 'Yellow Peril', nor have Chinese government agents blown up UK service men and women to the nest of my knowledge.

What exactly do I have to fear from the Chinese?

3
1
Silver badge
Trollface

Hey-ho

Looks like the Chinese will just have to go through the Management Engine like everybody else.

16
0
Silver badge

Could we have a 'Cell' for 'phones

a unit near GCHQ that would check/validate mobile operating systems and apps to ensure that they did not have back-doors/spy-ware in them. I would want their results (& checksums published & end-user verifiable) by equivalent Cells in China & Russia - I doubt that the 3 would collude enough to agree common spy-ware.

Hmm: thinking about my last sentence -- I'm not sure.

6
2
Anonymous Coward

Re: Could we have a 'Cell' for 'phones

You dont get it right?

What they want is the backdoors installed, but only them to have the keys.

11
1
Silver badge
Joke

Re: Could we have a 'Cell' for 'phones

What they want is the backdoors installed, but only them to have the keys.

...a situation that would remain extant until someone drops a USB key in a taxi on the way to see Madame Whiplash. I give it about five minutes.

This isn't a new blinkered attitude. They trotted the "millions of people in direct, unfettered, untraceable communication" argument out in the late 70's when the CBers were trying to get 27MHz legalised. One wonders what happened to the noble gentleman's blood pressure when someone told him that people can talk to each other in complete privacy simply by visiting each other.

The same stupidity is likely to continue for many, many years and will give people like us hours of golden entertainment, the likes of which we couldn't pay to have created. Give them a car that they can all pile into with wobbly wheels and doors that fall off and it would be the greatest show on Earth.

17
0
Silver badge

Don't know about infrastructure but great phones

Must have been about 2012 ZTE had surprise smash hit in UK with their Blade phone. I had several and they were fantastic phones and excellent prices.

13
0

Re: Don't know about infrastructure but great phones

Yep but like many, I put a custom ROM on it so this probably wasn't an issue. Hopefully?

3
0
LDS
Silver badge
Joke

"excellent prices"

Sure, when a phone is shared the prices have to be lower....

8
0
K
Silver badge

Re: "excellent prices"

I'm sure it was an american (Google co-founder) who said, "People who don't want to share, usually have something to hide" (or something along those lines).

3
0
Anonymous Coward

Re: Don't know about infrastructure but great phones

Yep but like many, I put a custom ROM on it so this probably wasn't an issue. Hopefully?

What do you really think? If I were the Chinese authorities, I'd be putting a back door into the hardware and firmware, not the OS or apps (or as well as!). I myself own and use a Chinese handset, and an excellent piece of kit it is. I've been applying for jobs at a senior level of late, and I can clearly divide the companies concerned into two piles:

1, Those companies where I would happily carry my Chinese brand handset into work, because I can't see any value if it were backdoored by the Chinese authorities or proxy actors on their behalf, and they eavesdropped on everything.

2; Those companies where I would sadly have to dispose of the phone, because the risks to my employers are too great, even if the probability of my handset being targeted is very small.

3
0
Anonymous Coward

Re: Don't know about infrastructure but great phones

If you have to ask it's probably too late! Most (if not all) CPUs from all manufacturers for the last few decades have contained hidden or otherwise inaccessible/irreversible microcode that may (or may not) include HARDWARE back doors. What do you think the real likelihood of the nations hosting the companies that design and implement CPUs and their microcode allow this to happen with zero influence? Do a web search for the Turing award lecture 'Reflections on Trusting Trust by Ken Thompson' for some background on how old this issue might be.

9
0
Anonymous Coward

Re: Don't know about infrastructure but great phones

Indeed. I expect that many of the 'List X' sites won't allow any personal electronic devices whatsoever beyond the turnstiles anyway. The main challenge is when a contractor simply forgets they left something in their pocket, if not declared immediately upon realising and volunteering for a detailed bug sweep this can mean instant removal from the site and never being welcome to return, possibly via a long visit to a room without a view...

4
0
Silver badge

Re: Don't know about infrastructure but great phones

There's an Orange SanFran on my shelf, still working with CM11 on it. The battery is a bit flaky now but it's useful as a backup.

2
0
Anonymous Coward

Re: Don't know about infrastructure but great phones

@AC re:"many of the 'List X' sites won't allow any personal electronic devices whatsoever beyond the turnstiles anyway".

LOL

0
0
Anonymous Coward

Re: Don't know about infrastructure but great phones

@AC If your indentity gets stolen because your phone (Chinese or otherwise) gets compromised, it really won't matter who you're working for - your life will be a bit of a mess as you gradually realise what someone impersonating you with your (valid) data can actually do with it.

And it won't be anything good.

0
0

Re: "excellent prices"

It was Zuckerburg in the early days of Facebook when challenged about the platform's lack of privacy. So that went well...

2
0
Silver badge

Re: "excellent prices"

So that went well...

Certainly did for the little shit's bank balance.

2
0
Anonymous Coward

U.S. bans American companies from selling to Chinese phone maker ZTE

https://www.reuters.com/article/us-china-zte/u-s-bans-american-companies-from-selling-to-chinese-phone-maker-zte-idUSKBN1HN1P1

4
1
Silver badge

Re: U.S. bans American companies from selling to Chinese phone maker ZTE

Different case. It is the old Iran sanction violation punishment reincarnated.

Not clear what is the issue this time, though considering that even thinking about doing business in Iran will put you on the banned list.

So much for USA signing up to "lift the sanctions" as in the so called joint plan of action.

Classic case of "I am altering the deal, pray that I do not alter it any further".

6
1
Silver badge

Re: U.S. bans American companies from selling to Chinese phone maker ZTE

It isn't just Iran but also North Korea that ZTE is apparently dealing with.

Some of the sanctions against Iran were lifted with the nuclear deal, but not all of them. Presumably this would be one of the ones not lifted, but I'm not sure. Regardless, Trump is looking for any excuse he can come up with to claim the Iran nuclear deal a failure, so enforcing sanctions that were supposed to be lifted would be exactly the sort of thing he'd do to help said failure (especially given that he's trying to start a trade war with China and fining ZTE $1.2 billion helps the trade war along is only a bonus in his eyes)

0
2
Black Helicopters

Does the NSA/GCHQ worry about the spyware in ZTE because it clashes with their own stuff they planted years ago?

17
1
Silver badge
Alert

re: Spyware

It is either that or given the UK Newspapers headlines today warning of Russian Hacking (and worse) about to descend on us, GCHQ seems to be worried that the secret sauce keys to ZTE comms kit is in hands of Kremlin Hackers.

Either way, see Icon

4
0
Silver badge

Either that or the Chinese spyware is better and cheaper than the Lockheed McDonnell BAE Northrop equivalent.

8
0
Holmes

This might have something to do with it...

"In March 2017, ZTE was fined a total of US$1.19 billion by the U.S. Department of Commerce for exporting U.S. technology to Iran and North Korea in violation of sanctions."

3
0

Since when is Banbury close to Cheltenham?

5
0
Silver badge

Well they're both outside the M25 so they might as well be on Pluto.

22
0
Silver badge

It's the same process why which as you get onto the M1 from the North Circular the signs say The North. However when you get to The North you find there is something further north than The North, called Scotland. But it is never mentioned on the road signs until you are in The North.

We are too remote even mention in London. Besides Scotland Yard is in W1 or the like, isn't it?

6
0
Anonymous Coward

However when you get to The North

Surely "north" is a direction, not a destination? And even if you wanted to be as northy as you could get, that would not be "the north", it would be the North Pole.

Maybe, just maybe, using a collective noun for roadsigns is actually a bloody good idea, instead of listing every single destination on its own? Of course, you'd have to find something else to gripe about...

3
0
Anonymous Coward

The North - isn't that just beyond the wall?

;)

1
0

Scotland Yard, Great Scotland Yard or (New) New Scotland Yard?

0
0

Semantics

Well, I would say "North" is a direction and "The North" is a place.

3
0
Silver badge

Re: Semantics

Surely it should say "Oop North"

2
0

Oh the madness

So we can't trust Chinese routers, but it's still ok to let them build a nuclear power station in Somerset?

29
0
Silver badge

Re: Oh the madness

So we can't trust Chinese routers, but it's still ok to let them build a nuclear power station in Somerset?

Well I don't know anybody there. Do you?

7
1

This post has been deleted by its author

Anonymous Coward

Re: Oh the madness

Errr... the government were basically blackmailed. Look it up.

But they didn't have the balls to stand up to the bullies.

So we have the most expensive building on the planet and vastly high power bills.

Another great job by Queen Henry VIII.

2
1
Silver badge

Re: Oh the madness

Err, yes and no.

The private companies did not want to shoulder the risk, the gov had no money and we need a source for the trident program.

2
0
Silver badge
Boffin

Then again...

Cheap ZTE mobis are OK as 'burners' if you travel to Russia, China, France etc.

2
3
Silver badge
Trollface

Re: Then again...

I didn't know France was as dangerous as Russia, thanks for the heads-up.

2
0
Silver badge

Theres definitley a market for a 3rd party western spin of android running on chinese phones.

2
0
Big Brother

sure let's stick to American equipment instead because they've never spied on us

2
0
Anonymous Coward

ZTE Desire C

I just started messing with an old ZTE mobile somebody gave me a while back.

The first thing I did (as with ALL smartphones I get) was to look at the system trust certificates that were installed.

This phone had more unusual certs than most mobiles I've seen.

Even though the carrier for the phone was Cricket (AT&T), it had certificates for the carrier "Sprint" installed alongside certs for AT&T's "Cingular Wireless" as well as 2 certs for KISA (Korean Internet and Security Agency).

There were several other trust certificates that I've never seen before on any other Android devices.

It shall be interesting to see what I find when I upload the SHA sums of the certs to Censys and certificate transparency sites .

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018