back to article You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you

US Secretary of State Mike Pompeo has confirmed that Uncle Sam will no longer provide top-secret intelligence to countries that use Huawei equipment in their core networks. Speaking to Fox Business on Thursday, Pompeo said allies using the Chinese vendor's gear in their critical infrastructure can't be trusted to keep …

Page:

  1. mark l 2 Silver badge

    So are the US intelligence agencies say that they either don't encrypt the intelligence information they share or that they think the encryption is easily cracked? As If it is properly encrypted they could send it on a USB stick to the Chinese and it should still remain secret.

  2. Spanky_McPherson

    But why are they inspecting the source code?

    I don't think it's feasible to guarantee that the binaries running on the network gear are generated from the inspected source code.

    Unless you're planning to desolder all the flash chips and test them individually, who's to say what's actually running?

    The OS can simply report whatever the attackers want it to, including lying about what binaries are running.

    1. bombastic bob Silver badge
      Linux

      Re: But why are they inspecting the source code?

      NOTE: if it's GPL'd, you should have the source and the ability to flash your own binary built from it

    2. Jellied Eel Silver badge

      Re: But why are they inspecting the source code?

      I don't think it's feasible to guarantee that the binaries running on the network gear are generated from the inspected source code.

      Depends on the network/application. If it's a high security network, then it should be feasible. So network must be designed in accordance with national standards for classified networks. NSA in the US and GCHQ in the UK manage those. That may require trusted/vetted components and secure OS, but that gets complicated given the cost of auditing source code. Or just vendor's reluctance to release that code. Then combine the components in accordance with say, UK IS1, pass review/audit and go live.

      But that's not the end, ie there's still the ongoing security monitoring, compliance, patch management etc to follow. Do all that, and you should have an officially secure and reasonably secure network. Allow senior politicians to run their own mailsever with classified data on it and you have a security problem.

      The 5G stuff is much the same principle, although it's riskier given it's a public network. Same rules apply, ie how could it be abused, and how can the design prevent or mitigate abuse? That could be accidental or malicious, eg network crashes due to buggy update, lapsed security certificate etc etc, ie all the issues we see reported with depressing regularity.

    3. Anonymous Coward
      Anonymous Coward

      Re: But why are they inspecting the source code?

      It *should* be, the checksum of the firmware applied should match one compiled from the inspected source tree.

      Except, from what I know of this process being followed for various vendor's sources, it could be a mess of dependencies and fudges, so arriving at a matching checksum to the supplied firmwares would be a very expensive and fraught exercise by which time the firmware version supported would be several releases ahead and carry important security fixes*. And the amount of people this source would be disclosed to is very very small and could be suggested to have been undertaken simply as a box ticking exercise on a requirement.

      *you know, those security fixes for bugs that for eg Huawei have never had, because they keep all their customers under NDA as part of the pricing contract.

  3. Osvaldo Coelho

    Mobile at the end of the Chinese era

    https://www.linkedin.com/pulse/mobile-end-chinese-era-osvaldo-coelho/

  4. Nerd1024

    Open source all chips (cpu, memory, phones, every chip)

    Just require that every product that uses chips have every chip details opened source hardware and software for every phone, tablet, tv, personal computer, server, phone tower hardware etc all be open source.....no secrets anymore!!!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Open source all chips (cpu, memory, phones, every chip)

      Yeah...no chips or software, either. Trade secrets mean more to many of these folks than the business itself. If they can't be applied one way, they'll find another, and you're never gonna get them to Give Information to the Enemy.

  5. Nick Kew

    No intelligence

    We can't share intelligence with you. Just take our word. We have a dossier showing incontrovertible proof of Iraq^Hn's WMD and evil plans, and you have to join us in yet further destabilising an ever-growing region.

    Though to be fair, the dodgy dossier itself was a British contribution to f***ing up the middle-east and the Moslem world more widely. I wonder what Great Cause Richard Dearlove ("Mr Dodgy Dossier") might be championing today?

    1. amanfromMars 1 Silver badge

      Re: No intelligence

      I wonder what Great Cause Richard Dearlove ("Mr Dodgy Dossier") might be championing today? .... Nick Kew

      Is that not a question to be asked of Sir John Scarlett, Alastair Campbell's proxy?

  6. trashsilo

    National Security stuff = ?

    I understand as a Chinese company, Huawei along with Chinese citizens are required by laws (‘must not refuse’) to assist the Chinese government with China’s state security.

    We all know national security is a big thing for governments...

    "National security is the first duty of government but we are also committed to reversing the substantial erosion of civil liberties." Theresa May (UK Home Secretary,2010), clearly work in progress.

  7. batfink Silver badge

    Meh - data can be slurped anywhere

    You can't guarantee that your data can't be slurped somewhere along its route. It doesn't have to be on someone's network equipment - it could be a physical tap somewhere along the route (even on point-to-point). Therefore, it's largely irrelevant whether the network gear has been compromised or not.

    The TLAs know this. So, sensitive traffic needs to be strongly encrypted for transit regardless.

    Continuing down the logic trail: if compromise of the network gear doesn't matter, then something else is driving this behavior by the Americans. As they say in the detective novels: follow the money...

  8. Anonymous Coward
    Anonymous Coward

    Infamy, infamy.......they've all got in in for me!

    Dear, oh dear. Trump paranoia rubbing off on everybody. How sad things have become.

  9. Luke Worm
    Happy

    "... we won’t even be able to co-locate American resources, an American embassy and American military outpost.”

    A convenient way of getting rid of the 'mericans ;-)

  10. Anonymous Coward
    Anonymous Coward

    What is the alternative?

    It is a little bit weird, certainly for 5G.

    In 5G there are really only three suppliers to choose from: Huawei, Ericsson and Nokia. None of them are American (although both Ericsson and Nokia have some US operations, including parts closely linked to the US spooks). I get that the Americans might feel that anyone non-Chinese is a better bet than Chinese but this seems quite an extreme position to take with allies given that no US company will benefit.

    Of course, in the core it is different. Two major suppliers (Cisco and Juniper) are US companies, and maybe this is mostly directed at that selection.

  11. M.V. Lipvig
    Facepalm

    I'm not going to say...

    ... that the US is not bugging gear. In fact, only a moron would assume otherwise. What I don't get is the vast swath of people who are more than willing to believe the US is bugging gear but want to see hard, incontrovertible evidence that the Chinese, a people known to have zero regard for the laws of other nations or of individual property rights, and proven time and again to be sending spies to other nations to steal anything they see, and who have spent the last 20 years becoming masters at monitoring their own telecom networks to search for dissidents (on the same gear they sell, I might add) are somehow NOT bugging the telecom gear they sell to other nations. Come ON, they are totally bugging the gear! I get the whole security thing, and if you don't trust Uncle Sam that's fine. We aren't trustworthy as a nation. Compared to China though, we're as trustworthy as Mother Teresa. We'll spy on you for national security purposes, China will spy on you to steal the bread out of your hand. The US government isn't interested in corporate espionage outside that which applies to weaponry advances and the like (our corporations will, but that's another story) but come up with a better way to toast bread and China will steal it and have it on the market before you finish testing.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019