Irony Abounds
Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?
GCHQ's cyber security advice group has formally warned of the risk of using ZTE equipment and services for the UK's telco infrastructure. The National Cyber Security Centre, the cyber part of the UK's nerve centre, founded in 2016, has written to UK telecoms companies warning that using gear from the Chinese firm "would …
That is the exact problem here.
One well informed birdie told me that the panic started when during the Bush years one "close to the agencies SP" asked for the backdoors during a tender. The SP procurement team and the double-payrolled people on it were expecting a similar answer as from CSCO, JNPR, NSN which have all said either "impossible" or "development needed" or "per-customer special to be negotiated separately".
Apparently, the Chinese company (not saying which one of the two) returned with an immediate price list item and an actual product code.
That left the "agencies" in the unenviable position of the Bearded taleban leader which have just discovered that his new virgin bride is the "village bicycle". They have been acting in a manner strongly resembling the behaviour of said "Bearded Gentleman" ever since.
You're absolutely correct.
The Australian Signals Directorate (ASD) mission statement is:
"Reveal their secrets, protect our own"
I like how they put the aggressive part first as if that's their priority. I don't know how "common citizens" are supposed to be expected to follow the rule of law when their own governmental agencies have mission statements such as this. I wanna be arseholes like those guys!
Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?
Whilst I understand your sentiment, would you rather they did nothing and we perhaps got royally owned due to use of the kit? They'd be absolutely slated for not pointing out the issues. Spying on your own people is shitty and used to be supposedly illegal but spying on foreigners and protecting our own comms. is their primary reason for existence.
I'm not entirely sure why I should care,
So far, the only thing the Chinese have done to me is sell me some good kit at a decent price and make me some nice takeaway meals over the years.
If their government is spying on me , it isn't in a position to do anything about it (like put me in jail), nor do I appear to be the subject of any Chinese propaganda programmes: I certainly haven't received any pro Communist Party email spam, or leaflets through my door - I hear from the Jehova's Witnesses more often than do from the Chinese government.
They're a long way away geographically.
I lived through the Cold War and the Troubles in Northern Ireland and, so far at least, never once have I been enjoined to fear being nuked by the 'Yellow Peril', nor have Chinese government agents blown up UK service men and women to the nest of my knowledge.
What exactly do I have to fear from the Chinese?
a unit near GCHQ that would check/validate mobile operating systems and apps to ensure that they did not have back-doors/spy-ware in them. I would want their results (& checksums published & end-user verifiable) by equivalent Cells in China & Russia - I doubt that the 3 would collude enough to agree common spy-ware.
Hmm: thinking about my last sentence -- I'm not sure.
What they want is the backdoors installed, but only them to have the keys.
...a situation that would remain extant until someone drops a USB key in a taxi on the way to see Madame Whiplash. I give it about five minutes.
This isn't a new blinkered attitude. They trotted the "millions of people in direct, unfettered, untraceable communication" argument out in the late 70's when the CBers were trying to get 27MHz legalised. One wonders what happened to the noble gentleman's blood pressure when someone told him that people can talk to each other in complete privacy simply by visiting each other.
The same stupidity is likely to continue for many, many years and will give people like us hours of golden entertainment, the likes of which we couldn't pay to have created. Give them a car that they can all pile into with wobbly wheels and doors that fall off and it would be the greatest show on Earth.
Yep but like many, I put a custom ROM on it so this probably wasn't an issue. Hopefully?
What do you really think? If I were the Chinese authorities, I'd be putting a back door into the hardware and firmware, not the OS or apps (or as well as!). I myself own and use a Chinese handset, and an excellent piece of kit it is. I've been applying for jobs at a senior level of late, and I can clearly divide the companies concerned into two piles:
1, Those companies where I would happily carry my Chinese brand handset into work, because I can't see any value if it were backdoored by the Chinese authorities or proxy actors on their behalf, and they eavesdropped on everything.
2; Those companies where I would sadly have to dispose of the phone, because the risks to my employers are too great, even if the probability of my handset being targeted is very small.
Indeed. I expect that many of the 'List X' sites won't allow any personal electronic devices whatsoever beyond the turnstiles anyway. The main challenge is when a contractor simply forgets they left something in their pocket, if not declared immediately upon realising and volunteering for a detailed bug sweep this can mean instant removal from the site and never being welcome to return, possibly via a long visit to a room without a view...
@AC If your indentity gets stolen because your phone (Chinese or otherwise) gets compromised, it really won't matter who you're working for - your life will be a bit of a mess as you gradually realise what someone impersonating you with your (valid) data can actually do with it.
And it won't be anything good.
If you have to ask it's probably too late! Most (if not all) CPUs from all manufacturers for the last few decades have contained hidden or otherwise inaccessible/irreversible microcode that may (or may not) include HARDWARE back doors. What do you think the real likelihood of the nations hosting the companies that design and implement CPUs and their microcode allow this to happen with zero influence? Do a web search for the Turing award lecture 'Reflections on Trusting Trust by Ken Thompson' for some background on how old this issue might be.
Different case. It is the old Iran sanction violation punishment reincarnated.
Not clear what is the issue this time, though considering that even thinking about doing business in Iran will put you on the banned list.
So much for USA signing up to "lift the sanctions" as in the so called joint plan of action.
Classic case of "I am altering the deal, pray that I do not alter it any further".
It isn't just Iran but also North Korea that ZTE is apparently dealing with.
Some of the sanctions against Iran were lifted with the nuclear deal, but not all of them. Presumably this would be one of the ones not lifted, but I'm not sure. Regardless, Trump is looking for any excuse he can come up with to claim the Iran nuclear deal a failure, so enforcing sanctions that were supposed to be lifted would be exactly the sort of thing he'd do to help said failure (especially given that he's trying to start a trade war with China and fining ZTE $1.2 billion helps the trade war along is only a bonus in his eyes)
It's the same process why which as you get onto the M1 from the North Circular the signs say The North. However when you get to The North you find there is something further north than The North, called Scotland. But it is never mentioned on the road signs until you are in The North.
We are too remote even mention in London. Besides Scotland Yard is in W1 or the like, isn't it?
However when you get to The North
Surely "north" is a direction, not a destination? And even if you wanted to be as northy as you could get, that would not be "the north", it would be the North Pole.
Maybe, just maybe, using a collective noun for roadsigns is actually a bloody good idea, instead of listing every single destination on its own? Of course, you'd have to find something else to gripe about...
This post has been deleted by its author
I just started messing with an old ZTE mobile somebody gave me a while back.
The first thing I did (as with ALL smartphones I get) was to look at the system trust certificates that were installed.
This phone had more unusual certs than most mobiles I've seen.
Even though the carrier for the phone was Cricket (AT&T), it had certificates for the carrier "Sprint" installed alongside certs for AT&T's "Cingular Wireless" as well as 2 certs for KISA (Korean Internet and Security Agency).
There were several other trust certificates that I've never seen before on any other Android devices.
It shall be interesting to see what I find when I upload the SHA sums of the certs to Censys and certificate transparency sites .