back to article Upcoming report from UK's Huawei handler will blast firm for unresolved security issues

Huawei is nursing bruises from a fresh round of bashing in the popular press, this time from a report stating that Britain is to criticise the embattled Chinese telco kit maker over ongoing security vulnerabilities. This morning the Daily Telegraph reported (£), with notably little detail, that Britain's Huawei Cyber Security …

  1. ARGO

    Er, have you read the Reuters link?

    "The GSMA mobile operators' trade association refused to comment on a Reuters report that later this month it will propose an emergency meeting to impose a de facto ban on the use of Huawei equipment by its members."

    Perhaps because that's not what the Reuters report says? GSMA doesn't have the authority to ban anything. The report was suggesting they might discuss a response to government bans.

    (Given that the big three Chinese operators are all GSMA members, it would be interesting to see what response they come up with!)

    1. Anonymous Coward
      Anonymous Coward

      Re: Er, have you read the Reuters link?

      Er, I think that's why the article says 'de facto'...

  2. Ledswinger Silver badge

    Fair enough, if they've found holes that Huawei won't fix....

    ...but of course, are the TLAs (or in GCHQ's case FLA) able to guarantee that they've looked in similar detail at the competing hardware that will be used instead, and they can currently assure us that all the issues that such an examination would find have been fixed?

    Oh, silly me. Of course they haven't, and they don't care. This is politics, not technology.

    The unfortunate thing is that with zero compelling evidence, the West is busy giving Huawei a kicking. If deserved, I'd be happy to accept whatever consequences there will be. But if this is (as I suspect) pure politics driven by US bureaucrats, we can expect a range of Western companies to run into undeserved trouble not just in China, but any market where Chinese money speaks.

    1. fajensen Silver badge

      Re: Fair enough, if they've found holes that Huawei won't fix....

      Look at the bright side: The Internet of Thrash won't be getting it's 5G connectivity for a few years yet!

      1. Anonymous Coward
        Anonymous Coward

        Re: Fair enough, if they've found holes that Huawei won't fix....

        "Look at the bright side: The Internet of Thrash won't be getting it's 5G connectivity for a few years yet!"

        That's a shame - it sounds amazing. Or is the concern that 5G may affect the audio quality?

    2. Anonymous Coward
      Anonymous Coward

      Re: Fair enough, if they've found holes that Huawei won't fix....

      @Ledswinger

      You posted while I was typing "I'm prepared to believe".

      I'm glad I'm not alone in wanting a look behind the curtain.

    3. Anonymous Coward
      Anonymous Coward

      Re: Fair enough, if they've found holes that Huawei won't fix....

      "or in GCHQ's case FLA"

      ... its an XTLA (eXtended Three Letter Agency)

      1. Anonymous Coward
        Anonymous Coward

        Re: Fair enough, if they've found holes that Huawei won't fix....

        ""or in GCHQ's case FLA"

        "... its an XTLA (eXtended Three Letter Agency)"

        Am I confused or is this the same thing as a FLEA?

        Four Letter Extended Abbreviation

  3. Anonymous Coward
    Anonymous Coward

    I'm prepared to believe ...

    ...that Huawei are not whiter-than-white.

    But I'm not prepared to believe that every other hardware/software vendor from every other third party country in the world (I'm looking at you US) is.

    Is there any evidence that similar protocols are in place for products from other nations ('friendly' or otherwise) to rule out similar skullduggery. If not, this just looks like anti-Chinese propaganda.

    A bit like the Kasperksy brouhahah looks like anti-Russian propaganda.

    Again, for the avoidance of doubt, I'm not saying these products/companies are not up to no good. I'm just saying that assuming that everyone else is 'clean' looks, at best, like complacency.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm prepared to believe ...

      Anyway, UK and US spies are close enough to each other they may not be much more worried about what, say, Cisco does. Usually, you're much more worried about what your enemies do. than your allies.

      1. Roland6 Silver badge

        Re: I'm prepared to believe ...

        >they may not be much more worried about what, say, Cisco does.

        They might not be, however, given the current vibes coming out of the White House, I'm reminded of the early 1980's and Leeds-based Systime...

        {Aside: The case revolved around the extent to which the US could control the export of goods from the UK and use export information supplied to the US authorities to the benefit of US-based companies...]

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm prepared to believe ...

          https://www.gracesguide.co.uk/Systime

          https://www.yorkshirepost.co.uk/news/recalling-the-early-days-of-it-1-2558331

          https://api.parliament.uk/historic-hansard/commons/1986/feb/25/systime-plc

          1. Roland6 Silver badge

            Re: I'm prepared to believe ...

            There is also this article:

            NewScientist: Who will tear the Silicon Curtain?

            Given the amount of press coverage the case got and the number of years it went on for, it is interesting just how little is available on the Internet; but then this does date from the "Before Internet" era of computing...

        2. HmmmYes Silver badge

          Re: I'm prepared to believe ...

          Bullshit on sytime and that report.

          Sytimes valueadd was zilch - hightech company my arse. Dodgy box shifter.

          That dumb hansard report details what they were doing - grey importing DEC boxes.

          Describing dec as a supplier snd competitor is wrong. Sytime were breaching their license, massively so.

          At tge time not only sytime breaching decs TnCs they woukd have been breaching us export controls. Total nono.

      2. MJB7

        Re: I'm prepared to believe ...

        Anyway, UK and US spies are close enough to each other they may not be much more worried about what, say, Cisco does. Usually, you're much more worried about what your enemies do. than your allies.

        I used to work for Thales. We were told that when hacking attempts appeared to come from the PRC they would just see they had been spotted and leave. When hacking attempts appeared to come from Fort Meade and we asked GCHQ to ask the NSA what was going on, they would reply "Oh dear. Our computers must have been hacked and they were using us as a front."

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm prepared to believe ...

          I worked for a similar type of company and when the (TLA) auditors came around and asked about off-site backup we always used to say that it was the Chinese Embassy. Apparently the 'correct' answer should have been the NSA ;-)

        2. Anonymous Coward
          Anonymous Coward

          Re: I'm prepared to believe ...

          An ISP I once worked for suffered an intrusive hack, and in the fallout it transpired that a tiger team from the US arm of the business performed the deed.

          The purpose? To undermine the UK mgmt arm of the business so the US side could take over.

          1. Anonymous Coward
            Anonymous Coward

            Re: I'm prepared to believe ...

            I'm increasingly suspecting that you're not alone.

            With allies like that, who needs enemies...

  4. Anonymous Coward
    Anonymous Coward

    Geez, if this is the worst 'security breach' at Huawei then they seem pretty good.

  5. LDS Silver badge
    Devil

    HCSEC was set up in 2010 "to...

    .... understand how NCSC works, and how to gather valuable intel that one day could be very, very useful"

  6. Anonymous Coward
    Anonymous Coward

    A little context please

    The use of third party software reaching end of life before the product using it is a problem every system maker has, not just Huawei. I work for one of their competitors and can confirm that we are still actively selling major systems that run on OSes that are no longer supported and using databases that no longer exist with no plans to update or replace them. The only difference is that for political reasons, Huawei are forced to air their dirty laundry in public. This is possibly why despite being artificially blocked from so many markets, they are number one and we are down to number two.

    1. HmmmYes Silver badge

      Re: A little context please

      I would guess they use a long out of support version of Centos

  7. Walter Bishop Silver badge
    Devil

    We'd like you to put our back-doors back into your equipment.

    FAIL The US push back against Huawei is simply an ... attempt to get people to install NSA compliant CISCO and other equipment. Makes it easier for GCHQ, too.”

    They're a very cynical bunch round here :]

    1. HmmmYes Silver badge

      Re: We'd like you to put our back-doors back into your equipment.

      Fails as most telecom hardware is european.

  8. amanfromMars 1 Silver badge

    For Those in Need of a Cyber Hot Lines, Try Tempestuous Post of Sheet Lightning Speed

    ...... with Red Hot AI Feeds to Seed and Mentor?

    Are Huawei into AI Developments with Secure Quantum Communication Lines? Or is that a Nurtured Home-Grown Product of UKGBNI Special IntelAIgent Services? Or is such like right at the top of the every nationalised regular intelligence community wish list?

    Wow .... Friendly Competition to Support and Further Develop the Proposition. Would that be Classified Real MagICQ :-)? Or be dismissed as such to be freed to Wreak Havoc and Mayhem with A.N.Others?

    Leading questions there for servering with answers, or reply with a pleading of the Fifth to prove ignorance in ones defence, if remaining still silent and blissfully unaware.

    1. DanceMan

      Re: For Those in Need of a Cyber Hot Lines, Try Tempestuous Post of Sheet Lightning Speed

      I'm worried about my mind. I think I almost understood amanfromMars 1's post.

      1. Anonymous Coward
        Anonymous Coward

        Re: For Those in Need of a Cyber Hot Lines, Try Tempestuous Post of Sheet Lightning Speed

        There's a knack to it. What you are experiencing is your subconscious starting to generate familiar patterns in association with the text.

        You can accelerate the process by speed-reading and gathering 'impressions' as data points for your mind to work with.

  9. HmmmYes Silver badge

    The joint venture is a site where huawie demo their release to the intelligence community.

    Id guess the following issues have occured

    1 - They been unable to build the exact same release from source

    2 - They dont manage 3rd party deps - letting core components go out of support.

    3 - they cant fix issues as they arise.

    The 3rd is the worse as it points to huawei running out of engineers.

    This will be compounded further by huawie basically being a ponzi run by red army. If the stock falls then its grunts have nothing to show.

  10. martinusher Silver badge

    About those dark hints of 'classified information'

    I suppose its not too much to suppose that GCHQ isn't "close to the UK government"? (Which in practical terms means its a wholly owned subsidiary of the NSA).

    It all comes down to the notion that while the Chinese are making cheap white box products we can put our labels and markups on all is cool but once they start making and selling their own units......honestly, some natives just don't known their place in the natural order of things.

    1. Nick Kew Silver badge

      Re: About those dark hints of 'classified information'

      Making their own units under their own name is one thing: Lenovo has done that for years.

      Could it be that Huawei's crime is to ship products that are not merely competitive with, but ahead of, their Western counterparts. Especially Cisco.

      1. Anonymous Coward
        Anonymous Coward

        Re: About those dark hints of 'classified information'

        In a more candid mood I might suggest that their crime is to *not* have easily exploitable back-doors into their systems (by the proper parties that is).

  11. Anonymous Coward
    Anonymous Coward

    An otherwise Secure Platform ...

    ... let down by running Android.

    1. Anonymous Coward
      Anonymous Coward

      Re: An otherwise Secure Platform ...

      Exactly. The point in this thread is that Huawei isn't the weakest link.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019