back to article UK spy agency warns Brit telcos to flee from ZTE gear

GCHQ's cyber security advice group has formally warned of the risk of using ZTE equipment and services for the UK's telco infrastructure. The National Cyber Security Centre, the cyber part of the UK's nerve centre, founded in 2016, has written to UK telecoms companies warning that using gear from the Chinese firm "would …

  1. }{amis}{ Silver badge
    Black Helicopters

    Irony Abounds

    Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?

    1. Anonymous Coward
      Anonymous Coward

      Re: Irony Abounds

      That is the exact problem here.

      One well informed birdie told me that the panic started when during the Bush years one "close to the agencies SP" asked for the backdoors during a tender. The SP procurement team and the double-payrolled people on it were expecting a similar answer as from CSCO, JNPR, NSN which have all said either "impossible" or "development needed" or "per-customer special to be negotiated separately".

      Apparently, the Chinese company (not saying which one of the two) returned with an immediate price list item and an actual product code.

      That left the "agencies" in the unenviable position of the Bearded taleban leader which have just discovered that his new virgin bride is the "village bicycle". They have been acting in a manner strongly resembling the behaviour of said "Bearded Gentleman" ever since.

    2. DeKrow
      Trollface

      Re: Irony Abounds

      You're absolutely correct.

      The Australian Signals Directorate (ASD) mission statement is:

      "Reveal their secrets, protect our own"

      I like how they put the aggressive part first as if that's their priority. I don't know how "common citizens" are supposed to be expected to follow the rule of law when their own governmental agencies have mission statements such as this. I wanna be arseholes like those guys!

    3. Roj Blake Silver badge

      Re: Irony Abounds

      GCHQ probably don't want people to use ZTE kit because they've not been able to hack it.

    4. Mark 65

      Re: Irony Abounds

      Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?

      Whilst I understand your sentiment, would you rather they did nothing and we perhaps got royally owned due to use of the kit? They'd be absolutely slated for not pointing out the issues. Spying on your own people is shitty and used to be supposedly illegal but spying on foreigners and protecting our own comms. is their primary reason for existence.

      1. GIRZiM Bronze badge

        Re: would you rather they did nothing and we perhaps got royally owned due to use of the kit?

        I'm not entirely sure why I should care,

        So far, the only thing the Chinese have done to me is sell me some good kit at a decent price and make me some nice takeaway meals over the years.

        If their government is spying on me , it isn't in a position to do anything about it (like put me in jail), nor do I appear to be the subject of any Chinese propaganda programmes: I certainly haven't received any pro Communist Party email spam, or leaflets through my door - I hear from the Jehova's Witnesses more often than do from the Chinese government.

        They're a long way away geographically.

        I lived through the Cold War and the Troubles in Northern Ireland and, so far at least, never once have I been enjoined to fear being nuked by the 'Yellow Peril', nor have Chinese government agents blown up UK service men and women to the nest of my knowledge.

        What exactly do I have to fear from the Chinese?

  2. steelpillow Silver badge
    Trollface

    Hey-ho

    Looks like the Chinese will just have to go through the Management Engine like everybody else.

  3. alain williams Silver badge

    Could we have a 'Cell' for 'phones

    a unit near GCHQ that would check/validate mobile operating systems and apps to ensure that they did not have back-doors/spy-ware in them. I would want their results (& checksums published & end-user verifiable) by equivalent Cells in China & Russia - I doubt that the 3 would collude enough to agree common spy-ware.

    Hmm: thinking about my last sentence -- I'm not sure.

    1. Anonymous Coward
      Anonymous Coward

      Re: Could we have a 'Cell' for 'phones

      You dont get it right?

      What they want is the backdoors installed, but only them to have the keys.

      1. Chronos Silver badge
        Joke

        Re: Could we have a 'Cell' for 'phones

        What they want is the backdoors installed, but only them to have the keys.

        ...a situation that would remain extant until someone drops a USB key in a taxi on the way to see Madame Whiplash. I give it about five minutes.

        This isn't a new blinkered attitude. They trotted the "millions of people in direct, unfettered, untraceable communication" argument out in the late 70's when the CBers were trying to get 27MHz legalised. One wonders what happened to the noble gentleman's blood pressure when someone told him that people can talk to each other in complete privacy simply by visiting each other.

        The same stupidity is likely to continue for many, many years and will give people like us hours of golden entertainment, the likes of which we couldn't pay to have created. Give them a car that they can all pile into with wobbly wheels and doors that fall off and it would be the greatest show on Earth.

  4. Joe Harrison Silver badge

    Don't know about infrastructure but great phones

    Must have been about 2012 ZTE had surprise smash hit in UK with their Blade phone. I had several and they were fantastic phones and excellent prices.

    1. Chewi

      Re: Don't know about infrastructure but great phones

      Yep but like many, I put a custom ROM on it so this probably wasn't an issue. Hopefully?

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't know about infrastructure but great phones

        Yep but like many, I put a custom ROM on it so this probably wasn't an issue. Hopefully?

        What do you really think? If I were the Chinese authorities, I'd be putting a back door into the hardware and firmware, not the OS or apps (or as well as!). I myself own and use a Chinese handset, and an excellent piece of kit it is. I've been applying for jobs at a senior level of late, and I can clearly divide the companies concerned into two piles:

        1, Those companies where I would happily carry my Chinese brand handset into work, because I can't see any value if it were backdoored by the Chinese authorities or proxy actors on their behalf, and they eavesdropped on everything.

        2; Those companies where I would sadly have to dispose of the phone, because the risks to my employers are too great, even if the probability of my handset being targeted is very small.

        1. Anonymous Coward
          Anonymous Coward

          Re: Don't know about infrastructure but great phones

          Indeed. I expect that many of the 'List X' sites won't allow any personal electronic devices whatsoever beyond the turnstiles anyway. The main challenge is when a contractor simply forgets they left something in their pocket, if not declared immediately upon realising and volunteering for a detailed bug sweep this can mean instant removal from the site and never being welcome to return, possibly via a long visit to a room without a view...

          1. Anonymous Coward
            Anonymous Coward

            Re: Don't know about infrastructure but great phones

            @AC re:"many of the 'List X' sites won't allow any personal electronic devices whatsoever beyond the turnstiles anyway".

            LOL

        2. Anonymous Coward
          Anonymous Coward

          Re: Don't know about infrastructure but great phones

          @AC If your indentity gets stolen because your phone (Chinese or otherwise) gets compromised, it really won't matter who you're working for - your life will be a bit of a mess as you gradually realise what someone impersonating you with your (valid) data can actually do with it.

          And it won't be anything good.

      2. Anonymous Coward
        Anonymous Coward

        Re: Don't know about infrastructure but great phones

        If you have to ask it's probably too late! Most (if not all) CPUs from all manufacturers for the last few decades have contained hidden or otherwise inaccessible/irreversible microcode that may (or may not) include HARDWARE back doors. What do you think the real likelihood of the nations hosting the companies that design and implement CPUs and their microcode allow this to happen with zero influence? Do a web search for the Turing award lecture 'Reflections on Trusting Trust by Ken Thompson' for some background on how old this issue might be.

    2. LDS Silver badge
      Joke

      "excellent prices"

      Sure, when a phone is shared the prices have to be lower....

      1. K Silver badge

        Re: "excellent prices"

        I'm sure it was an american (Google co-founder) who said, "People who don't want to share, usually have something to hide" (or something along those lines).

        1. RealBigAl

          Re: "excellent prices"

          It was Zuckerburg in the early days of Facebook when challenged about the platform's lack of privacy. So that went well...

          1. Mark 65

            Re: "excellent prices"

            So that went well...

            Certainly did for the little shit's bank balance.

    3. Chronos Silver badge

      Re: Don't know about infrastructure but great phones

      There's an Orange SanFran on my shelf, still working with CM11 on it. The battery is a bit flaky now but it's useful as a backup.

  5. Anonymous Coward
    Anonymous Coward

    U.S. bans American companies from selling to Chinese phone maker ZTE

    https://www.reuters.com/article/us-china-zte/u-s-bans-american-companies-from-selling-to-chinese-phone-maker-zte-idUSKBN1HN1P1

    1. Voland's right hand Silver badge

      Re: U.S. bans American companies from selling to Chinese phone maker ZTE

      Different case. It is the old Iran sanction violation punishment reincarnated.

      Not clear what is the issue this time, though considering that even thinking about doing business in Iran will put you on the banned list.

      So much for USA signing up to "lift the sanctions" as in the so called joint plan of action.

      Classic case of "I am altering the deal, pray that I do not alter it any further".

      1. DougS Silver badge

        Re: U.S. bans American companies from selling to Chinese phone maker ZTE

        It isn't just Iran but also North Korea that ZTE is apparently dealing with.

        Some of the sanctions against Iran were lifted with the nuclear deal, but not all of them. Presumably this would be one of the ones not lifted, but I'm not sure. Regardless, Trump is looking for any excuse he can come up with to claim the Iran nuclear deal a failure, so enforcing sanctions that were supposed to be lifted would be exactly the sort of thing he'd do to help said failure (especially given that he's trying to start a trade war with China and fining ZTE $1.2 billion helps the trade war along is only a bonus in his eyes)

  6. Blockchain commentard Silver badge
    Black Helicopters

    Does the NSA/GCHQ worry about the spyware in ZTE because it clashes with their own stuff they planted years ago?

    1. Steve Davies 3 Silver badge
      Alert

      re: Spyware

      It is either that or given the UK Newspapers headlines today warning of Russian Hacking (and worse) about to descend on us, GCHQ seems to be worried that the secret sauce keys to ZTE comms kit is in hands of Kremlin Hackers.

      Either way, see Icon

    2. Mike Richards Silver badge

      Either that or the Chinese spyware is better and cheaper than the Lockheed McDonnell BAE Northrop equivalent.

  7. nuked
    Holmes

    This might have something to do with it...

    "In March 2017, ZTE was fined a total of US$1.19 billion by the U.S. Department of Commerce for exporting U.S. technology to Iran and North Korea in violation of sanctions."

  8. YAAC

    Since when is Banbury close to Cheltenham?

    1. monty75

      Well they're both outside the M25 so they might as well be on Pluto.

    2. Muscleguy Silver badge

      It's the same process why which as you get onto the M1 from the North Circular the signs say The North. However when you get to The North you find there is something further north than The North, called Scotland. But it is never mentioned on the road signs until you are in The North.

      We are too remote even mention in London. Besides Scotland Yard is in W1 or the like, isn't it?

      1. Anonymous Coward
        Anonymous Coward

        However when you get to The North

        Surely "north" is a direction, not a destination? And even if you wanted to be as northy as you could get, that would not be "the north", it would be the North Pole.

        Maybe, just maybe, using a collective noun for roadsigns is actually a bloody good idea, instead of listing every single destination on its own? Of course, you'd have to find something else to gripe about...

        1. Anonymous Coward
          Anonymous Coward

          The North - isn't that just beyond the wall?

          ;)

        2. Andre Carneiro

          Semantics

          Well, I would say "North" is a direction and "The North" is a place.

          1. Mark 65

            Re: Semantics

            Surely it should say "Oop North"

      2. durandal

        Scotland Yard, Great Scotland Yard or (New) New Scotland Yard?

  9. Bob Gateaux

    Oh the madness

    So we can't trust Chinese routers, but it's still ok to let them build a nuclear power station in Somerset?

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh the madness

      So we can't trust Chinese routers, but it's still ok to let them build a nuclear power station in Somerset?

      Well I don't know anybody there. Do you?

      1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh the madness

      Errr... the government were basically blackmailed. Look it up.

      But they didn't have the balls to stand up to the bullies.

      So we have the most expensive building on the planet and vastly high power bills.

      Another great job by Queen Henry VIII.

      1. Aitor 1

        Re: Oh the madness

        Err, yes and no.

        The private companies did not want to shoulder the risk, the gov had no money and we need a source for the trident program.

  10. J J Carter Silver badge
    Boffin

    Then again...

    Cheap ZTE mobis are OK as 'burners' if you travel to Russia, China, France etc.

    1. Pascal Monett Silver badge
      Trollface

      Re: Then again...

      I didn't know France was as dangerous as Russia, thanks for the heads-up.

  11. HmmmYes Silver badge

    Theres definitley a market for a 3rd party western spin of android running on chinese phones.

  12. MrReynolds2U
    Big Brother

    sure let's stick to American equipment instead because they've never spied on us

  13. Anonymous Coward
    Anonymous Coward

    ZTE Desire C

    I just started messing with an old ZTE mobile somebody gave me a while back.

    The first thing I did (as with ALL smartphones I get) was to look at the system trust certificates that were installed.

    This phone had more unusual certs than most mobiles I've seen.

    Even though the carrier for the phone was Cricket (AT&T), it had certificates for the carrier "Sprint" installed alongside certs for AT&T's "Cingular Wireless" as well as 2 certs for KISA (Korean Internet and Security Agency).

    There were several other trust certificates that I've never seen before on any other Android devices.

    It shall be interesting to see what I find when I upload the SHA sums of the certs to Censys and certificate transparency sites .

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019