>>>"Despite submitting to screening and code inspections no evidence of a back door has been produced."<<<
No backdoor needed if you can have an engineer plug directly into a box and turn on port morroring.
Mobile network operators have reportedly said that tearing up their contracts with Huawei would set Britain's 5G back "by nine months to a year" – so they're ploughing on despite pressure. Stephane Richard, Orange CEO If most punters are unlikely to pay more for 5G, why all the rush? READ MORE UK mobile operator O2 confirmed …
They do check but clearly if you're paranoid and/or prejudiced, no amount of checking will satisfy you. There has never been published even the slightest concrete evidence that Huawei kit is backdoored for the benefit of the Chinese authorities. The whole business is anti-competitive manouevering by lobbyists for their Western competitors, playing on Puzzle Palace paranoia and US Republican prejudice. Sadly the other 5 Eyes countries tend to toady up to the US.
Fortunately for Huawei, not all customers fall for the nonsense.
There has never been published even the slightest concrete evidence that Huawei kit is backdoored for the benefit of the Chinese authorities.
If you are a manufacturer (Huawei) building your own stuff, coding your own stuff, with a large budget and extensive examples of (stolen?) reverse-engineered HW and SW at your disposal, it's only a matter of time before you can come up with a backdoor that is undetectable.
Years ago after Chinese Lenovo bought ThinkPad from IBM, people were initially satisfied that Lenovo laptops had no backdoors. Later it was revealed some Lenovo laptops had a monitoring program that was loaded into Windows from BIOS memory and silently ran in the background ("to improve the customer experience"). It's that type of creative thinking that has people nervous of Huawei.
I don't know about Huawei, but I recently acquired a second-hand netis router. Some googling revealed it had a hard-coded backdoor which when brought to the attention of the manufacturer (who said "oops") was mitigated by a firmware fix. The "fix" was to leave the backdoor code in place but just not have it running, oh and to add some special sauce code that allowed access to the backdoor through a hidden configuration page or something equally bizarre.
The icing on the cake was the companys announcement on the fix being effectively "good enough security for the likes of you".
Just because you're paranoid, it doesn't mean they aren't trying to get you! What this boils down to is who do you you trust least? If you buy American stuff, you can bet the Yanks are spying on you, if you buy Chinese then the Chinese are spying on you and so it goes on. the big difference is that the UK and USA have strategic intelligence gathering alliances and share similar cultures and world views. Not so China and Russia and North Korea, these countries are the biggest threat to us and should be least trusted. What deranged and naive lunatic would put "enemy" equipment at the heart of the UK's telecomms network?
Wow! Seriously? I am sitting here in India and my Vodafone connection gives me 200 GB per month on a 4G connection, with all India roaming and a one year free Amazon Prime connection, free antivirus (for the noobs). Total cost is Rs 400 per month, comes to 4.5 pounds. Speed is a little low - 4.5 Mbps right now.
You folks are getting ripped off.
"Total cost is Rs 400 per month, comes to 4.5 pounds."
For some perspective, what's the average wage across the whole of India? £4.50 is about 30 minutes work even for those on minimum wage in the UK. Best I can find is Indian proposed minimum wage is Rs 7000 per month, so that would be about 1.7 days wages. The first UK unlimited data plan I found was £25 per month, about 2.5 hours work at UK minimum wage.
The awkward questions that go unanswered are -
"So have you compiled the source code and checked the binaries match? Can't answer
So you check what's shipping against the sample? Can't answer
So you do the same for patches and updates before deployment? Can't answer"
Bigger systems have bigger scope for things to be missed.
Gee - I can't think of any reason why you wouldn't install equipment in the CORE of your national communication network from a country that:
- has recently been accused of hacking into businesses all over the world and stealing IP
- has the power to coerce a local company to spy for it while ensuring that that company can't tell anyone about it.
And if you think you can mitigate the risk by inspecting the source code then you're dreaming - for a start try looking at https://en.wikipedia.org/wiki/International_Obfuscated_C_Code_Contest to get an idea of how you can hide stuff if you want. And then the nightmare of checking that *every* piece of kit delivered has the same firware, doesn't have extra hidden ROM, firmware updates are "clean", etc, etc, etc...
BTW - I would be just as suspicious about equipment bought from the USA, except that with the "Five Eyes" agreement they already have access to all our phone conversations anyway!
The bottom line is that if you don't have equipment designed and manufactured in-country you can't really trust it 100%. So you're already stuffed!
Errr they’re not gonna play code golf to hide backdoors etc. That’s both a clear bit of code that should be fully investigated, and fairly trivial to clarify.
Huawei are there to make money. They’re actually rather good at it. Ergo Cisco lobbying the US gov to get them banned in as many markets as possible. They’re not going to put a backdoor in “just in case” they’re ever asked to supply one. Discovery would end the business, and Cisco etc will be desperately looking for one to do just that.
I’m not saying Huawei kit can’t be exploited, but the same goes for Cisco, Nokia, Eriksen etc. Don’t fall for the “think of the children” argument. This is about competition. If you’re concerned about security how about getting Nokia, Cisco etc to pony up their source code? No?
Having back doors discovered in your code doesn't seem to have hindered Cisco all that much. I think the key is who benefits from the back door. I'm guessing Western govs are happier with the US potentially having access, but the Chinese having access? Less so
Bang on JetSetJim. Cisco wasn’t hurt in the western markets, as western buyers are more likely to think “well at least it was our side”.
How well do you think Cisco fairs in second world countries as a result tho? Do you think the GRU are a Cisco shop? :)
Backdoors in Huawei kit won’t hurt them at home. It will bury them in the West tho. That’s why I don’t buy it. They’ve spent a metric crap load of cash on “the Cell” (bleh) in order to be able to sell an even greater metric crap load of gear to the UK operators, and I imagine hopefully to countries aligned to the UK once they believe the risk profile is as manageable as the other vendors kit.
For them it’s business. Cisco et al are scared. Can’t blame ‘em. Big UK operators have bought their kit. Why pay top dollar for gear that hasn’t had some form of vetting when you can pay less for something that has been vetted to some degree? Cisco can’t compete on free market terms. They need to cut costs, provide a better product/experience for the operator or shout reds under the bed...
On a personal level, I am less troubled by the idea of the Chinese having access to my stuff. They are less likely to pass it to "selected organizations" who will then spam me and share it with other corporations.
On a national level, I would rather that important facets like this were not under the control of either. There are powerful people/groups in both that don't like us. They may see us as useful sometimes but a kill switch for our phone and internet would be in their interest.
The issue is when the Party decides to up the brinksmanship. Piece of piss to brick something you have control over. And with Huawei endemic, they can have massive effect.
And if you think that sounds "paranoid".... well, you'd be right. It does. It also happens to be a blunt statement not just of CNelite's attitude, but of recent history. Cf. Japan's hitech industry being brought to its knees in a matter of weeks by CN deciding they were not being respectful enough, and cutting off key supplies.
And if you think "well, that's still a LONG way more aggressive than normal", well, you'd be right.
But re "normal", consider that Xi 2 weeks ago ordered his southern military command to ready themselves for immediate combat/attack. Against the minatory attacks of the USA and the other Western countries. And consider that when Trumpington decided enough was enough and some retaliation to the decades of passiveaggressive attacks was in order, and threw out negotation-driving tariffs (even at those inflated rates: a fraction of the tariffs CN has imposed on USA for the last few decades) , CN's response was to more than double the "cyber"attacks on US firms.
We are not living in the world that most people would like to think we're living in. Something I've discovered over the last 40 years is that most of the people I detested as a teen/20s chap, as being swivel-eyed right-wing nutcases and loons, actually just knew more than I did at the time. I've subsequently discovered for myself what they were trying to tell me/us. And now *I* sound to noobs like a swivel-eyed loon.
Except that Xi's enthusiastic adoption of tech's ability to enforce per-person totalitarian control to a degree that the Gestapo could only dream of, means we're kinda in the situation of a 19thCentury soldier rolling his eyes at the people alarmed at the implications of the machinegun. Go go gadget WWI, part 3.
Marconi (and it's predecessors GPT etc) always struck me as a company that was very poor at marketing and ended up with one big customer: BT and even that was only because of the legacy of pre-free market compulsion placed on the GPO to purchase British equipment.
Even going back to the 1980s, they went on huge hype about the old System X switching system used in BT's PSTN and then seem to have achieved almost no exports at all. It seemed to be hyped, expensive and already dated technology that never really grabbed a foothold anywhere other than its home country.
I'm always amazed at that kind of thing in the UK. Companies in tech seem to rise look promising and then either get sold off by short term thinking, greedy shareholders and end up as subsidiaries of multinationals or they just fizzle and die like Marconi and countless others.
There's plenty of tech talent in the UK and some of the world's best known tech universities, yet when it comes to commercialisation, the whole thing seems to fall flat on its rear end with far too few companies making it past SME stage.
I don't know which is harder to comprehend; that allowing a state ideologically committed to spying against you to build your comms network is a very bad idea, or that 9 months is a trivially cheap price to step back from such an unmitigated disaster.
This is not correct. They are not ideologically committed to spying on the West. They are ideologically and culturally committed to dominating the West, and have been for decades, and if that can only be done by dragging the West down then so be it. Life's a zero-sum game, after all, isn't it?
The free independent countries of Xinjiang and Tibet, and the open ocean of the South China Sea shared amongst all the bordering countries, say "hi!", by the way. Feel free to stop in at the new naval base Sri Lanka accidentally built for China -- it's lovely this time of year! And... etc. etc. etc.
The more you pay attention to what's going on, and has been for decades, the colder your blood runs.
I can't wait for 5G as I can then get rid of my pesky landline...and reliance on BTs ancient copper infrastructure (paid for many, many times over).
Given that I only use the LL for broadband, it's an extra expense that can't be switched off until an alternative option becomes available.
And given that my mobile provider allows me to have a number of SIMs on the same contract, so I'll be in the market for a 5G SIM card-compatible router as soon as they come out.
And I've never found a mobile as easy to hear or indeed to hold, as my landline.
Thanks for confirming that I am not the only person who finds mobile phones hard to listen to when using a fixed line phone; IMO it's a situation that has become steadily worse with the passage of time. It is the inevitable outcome of trying to cram more traffic into as little spectrum as is possible; at some point the unintelligibility threshold is crossed.
As it happens I don't use a mobile often enough to find holding one a problem; whatever "addictions" I might have being glued to a mobile isn't one of them.
I think there are two issues here.
1) The Spying which undoubtedly has taken place, but which is hard to verify especially if done in silicon.
2) What inspecting the code might actually reveal.
On point 2 I suspect certain US based networking manufacturers might find a lot of similar looking code to their own. Really we should just ban all Chinese goods and have a massive trade war. China would lose out,especially if the US and Europe withheld the manufacturing technologies that we still control. Without these, China’s technology sector would be left decades behind.
The thing about trade wars is that you always, always, always lose. The only question is how badly you lose.
Eg Trump's current ongoing trade war with China is bankrupting US farmers, so he's borrowing more money from China to keep them afloat.
Huawei is already so well entrenched in the data centre world in the UK that there's no point removing them from 5G. See who uses Huawei carrier routers . . . oh, did I hear Centurylink ? One of the largest business ISPs in the US . . . yes I did :) You'll see the white Huawei kit in many data centres, in locations the public don't usually get to see. And it's a bit hypocritical of BT to remove them from 5G when they've been running ADSL, fttc, fttp and 2G, 3G and 4G for so long.
Too little too late driven by political panic. The Chinese may be the better hackers than the US right now, hence the US worrying so much, but they're just catching up with what the west has been doing for years.
Biting the hand that feeds IT © 1998–2019