German cybersecurity chief: Anyone have any evidence of Huawei naughtiness? Germany's top cybersecurity official has said he hasn't seen any evidence for the espionage allegations against Huawei. Arne Schönbohm, president of the German Federal Office for Information Security (BSI), the nation's cyber-risk assessment agency in Bonn, told Der Spiegel that there is "currently no reliable evidence" of a …
My suspicion is that Huawei kit is actually secure and there are no back-doors or spyware in it. No phoning home or anything dodgy going on at all. I strongly suspect they are banned in various countries precisely because of this. The governments on question can't spy on people using Huawei kit and thus don't want people using it. I'm more inclined to believe in Huawei's honesty over the US, Australian, UK and New Zealand governments any day.
Exactly, the NSA have stolen their source code, and still can't provide any evidence, so that would indicate there is nothing going on. This does potentially point to the NSA not being able to breach the systems, and if that's the case, that would be great, but I don't think so, it is just probably just part of the anti-Chinese, make America great again industry rhetoric that is being thrown around by the white house.
just part of the anti-Chinese, make America great again industry rhetoric that is being thrown around by the white house
This seems to date back to before 2012, when a House of Representatives report alluded to the idea that Huawei were not to be trusted. That rather predates "make America great again" and mad nepotistic f*ckwits with tabby cat wigs.
I feel a bit sorry for my government (New Zealand) as our mobile network gear has been supplied by Huawei since at least 2006 (that I know of, maybe longer) without any problems but the policy changed recently so I'm assuming the US leaned on someone and nobody will ever find out, because "National Security".
The problem being that China is our biggest trading partner, and will not be happy.
The Chinese spy currently sitting in our Parliament will no doubt be reporting back too.
The UK government actually runs something called the "Huawei Cyber Security Evaluation Centre".
They've looked through all the source code and so far have found no back-doors, only bugs.
You can even read Her Majesty's Government reports on it:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/525761/huawei_cyber_security_evaluation_centre_oversight_board_2nd_annual_report_2016.pdf
It is likely to have MORE backdoors, not less. However, not all of these backdoors are there out of malice, a lot of them are out of stupidity.
Based on interviewing a couple of people who wrote software for Huawei in their shop in Bangalore my take is that the attack surface in Huawei is gigantic - it is cannot be audited within a normal cost envelope (even with the billions they sponsor for "security centres").
Disclaimer: my knowledge is indirect, derived from reading CVs and asking questions on an interview and applies only to their CPE devices. I cannot say anything about the big gear (the source for that does not really leave China).
One of the CVs I reviewed at the time contained a description on re-implementing dnsmasq as a kernel module for "performance reasons". DNS and DHCP. In kernel. Written in Bangalore by a guy who did not properly understand the semantics of Linux kernel locking, network processing and memory allocation. Need I say more...
“...for "performance reasons". DNS and DHCP. In kernel.”
Font parsing. In kernel. “For performance reasons”. Ring a bell? It’s not limited to Huawei. If you want to do something as fast as possible you have to avoid context switches. I’m not saying it’s sensible, but customers demand speed, and don’t say “security is paramount, fuck performance” so they get what they desire.
My suspicion is that Huawei kit is actually secure and there are no back-doors or spyware in it.
I agree. I see strong similarities here with the allegations against Kaspersky which have always been suspiciously empty of actual evidence, and here too we are talking about a company that refuses to whitelist backdoors.
... except actually ironic.
One of the following statements explains why Huawei is banned from the Australian 5G networks. The other is part of the Assistance And Access Bill 2018 written by the same collection of muppets. To hold both positions simultaneously is an incredible feat of intellectual contortion. To holda straight face expousing it is nothing short of incredible.
"the government considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference."
"a notice may require a provider to facilitate access to information prior to or after an encryption method is employed"
Rather than spying I'd be concerned that the network hardware had a built-in kill switch, so in the event of a major hostility between China and the West, (and the rest) they could simply shut off your country's entire phone and internet system.
Likewise when Huawei is providing the transmission gear at each end of your major submarine cable networks.
As to reviewing the code in Huawei's equipment, I've previously read that a proper forensic review can take as much effort as it originally took to write the code. Remember that any malicious code is likely to be obfuscated to make it as difficult to spot as possible.
I understand you skepticism, however this is madness. Who should we trust now ?
On one hand we have the Chinese who are doing their best to show they're doing nothing wrong and on the other, we have US and friends trying hard to hide their real motives.
It is likely the whole world will split in two again like in the dark ages of world wide confrontations. Cold War 2.0 is booting in 3....2....1....
Even if you accept that a kill switch exists, in practice the chance of it being used is minimal. Think about it, if a kill switch did exist then what would happen if they used it?
That would be the immediate end of ever selling any valuable bit of infrastructure from a Chinese company and everybody would be busy ripping out any and every bit of their equipment going.
Ergo, if a kill switch did exist then it's use would be about as improbable as a nuclear weapon. Both are very powerful, but are in practice impossible to use without horrible retaliation. Hence (in my view) a kill switch would be pretty pointless.
What would you want to do? Well, with a switch you'd probably want the ability to mirror port output and kick the output from the mirror to China, and with a mobile base station probably pretty similar, except with telephone calls. And self destruct that ability if it looks like you've been rumbled, leaving no sign that it existed. You wouldn't want a kill switch.
Or systems your government can hack. The dream of every data fetishist.
And (once that is known) world + dog will be looking through their code for those deliberate holes to hack as well.
The TLA's (and the political sock puppets de jour) will whine the usual 4 horsemen of the infocalypse BS.
Rights. Everyone should have them and everyone's should be protected, even if you don't like them.
Check "lawful intercept" - it's been a feature for listening in to voice/data communications since before I can remember (the 1970's for voice and maybe early 1990's for data?). The only things that potentially protected us at various times have been volumes of data involved and up-to-date cryptography at various times.
Of course, this is only ever used with judicial oversight so we don't have to worry....
"lawful intercept" - it's been a feature for listening in to voice/data communications since before I can remember (the 1970's for voice and maybe early 1990's for data?)
The 1970s? You're kidding. Phone tapping goes back to when the phone was invented, and the Brits were tapping international telegraph cables in the 19th century, and of course very famously during WW I. It's always been legal (because it wasn't illegal), even before those pesky warrants were necessary in some cases.
I believe Queen Elizabeth I used to have her enemies' mail intercepted, quite lawfully.
Five Eyes states Five Eyes states Five Eyes states Five Eyes states Five Eyes states
the main problem with the five eyes management is that they were formed from steel in the heat of battle, excellent (NL) point of view here: https://electrospaces.blogspot.com/2016/11/data-sharing-systems-used-within-five.html
text of BRUSA https://www.nsa.gov/news-features/declassified-documents/ukusa/assets/files/agreement_outline_5mar46.pdf (lots of British EMPIRE stuff!)
CAN/AUS/NZ became tier-partners, after unbecoming Dominions of Empire, I suppose.
but they 5-i still are on a 24/7/365.25 war footing, hence almost inevitably acting as an attractor to AC's above "cold-war2" meme. Recruit more women, talk to them over tea-break, train more PFY's for industry defence-in-depth against the РФ & CN - rotate them into critical infrastructure/banks/supermarkets, get some down-time, less of the antique EMPIRE & war mind-set, ta!
The abiding difficulty for SCADA Command and Control Systems, and you might like to realise that they be both practically and virtually the nature of all current elite executive power platforms and spoof generators, is that without the production and presentation of evidence which can be simply followed and easily understood is everything shared, either freely worldwide or privately in secret, is worthless and self-defeating/enlightening and subversive.
It does have one pondering and wondering on the true state of human intelligence and the value to be put upon the services its present pedlars and pimps supply.
The Germans are terrified if they follow the Americans.
Just a few weeks ago, BMW and Mercedes have released their sales report which reflects a drop in 30% sales in China, their largest market.
If PRoC was capable of "arresting" two Canadians in retaliation, then what would happen if the Germans followed the Americans?
Syllable 1 - HWA
Syllable 2 - WAY
I note it is people from the USA and "ethnic English" people who have the most difficulty with the the first syllable.
It is not - WA, HOOWA or even HEW. Just the H sound followed immediately by a WA sound.
Of course if you speak Chinese as your first language without a western accent, feel free to correct this. If you have the RP speech impediment, maybe not.
I think they’d have a stronger argument using intellectual property theft. It’s probably been rewritten by now, but there were rumors of stolen Cisco code over a decade ago.
IP theft is at least “real” and ongoing...
I’d also like to see evidence of wrongdoing. I’m pretty numb to political rhetoric these days...
There is no serious evidence that Huawei presents a threat?
Huawei is physically located in the People's Republic of China. This country doesn't have an independent free press, free elections, and so on and so forth. Thus, being physically located in the People's Republic of China at the present time is evidence of a threat the same way being physically located in Germany during the 1933-1945 period is evidence of a threat. In both cases, the Government may do pretty much anything it likes, and demand anything it wants, from individuals on its territory.
It's too late to close the barn door after the horse has left. One must eleminate all potential threats of a compromise to vital networks and systems. Of course, cell phones and communications equipment from Chinese-branded companies are not the only threat.
Instead, anything (of a computerized nature) manufactured in mainland China, or containing any components from mainland China, is suspect. Which means every brand of cell phone, just about every consumer desktop or laptop that I've heard of. So from now on, we need to get our computer kit manufactured in places like Malaysia and Indonesia if we want relatively low costs. South Korea or Taiwan would be the next tier. Who knows, they might actually start making things in Japan or the United States again.
That's not evidence of a threat, that's just evidence of a risk.
Huawei sells more phones than Apple so when those phones start being made illegal, we can assume that some evidence will be presented to justify it. In the meantime, "trust us, we're the government" doesn't wash with most people as they have repeatedly proven how untrustworthy they are. And that they're not working for your benefit, but theirs.
This whole issue is about whether western security services can compromise Huawei equipment, and legally eliminating non-US competition at a stroke. As a bonus, all the US lapdog countries will jostle with each other to do what Uncle Sam tells them.
You are right. But people on this list have no clue about China, Russia, etc. They live by "all people united". Left or liberal, they follow the song "Imagine all the people...". Any company in China by definition, is under government control. If CH government wants Huawei to implant a back door, the company will.
Guys, take some time to read about communist countries, USSR and China (which had been created by USSR direct help) history. China was 5000 years back an empire, and it is empire governed by modified communists. Entire world of capitalism helped to grow it to technically modern country. That changed nothing in CH junta mind set. They want to be #1 and control you guys. You think about US as it is "empire". Not really. Simply the US is the state trying to protect you from such things as 1,500.000.000 robots controlled by a dozen of maniacs.
Fix you ignorance, read books (put down you mobile sucker for a couple of years) and you will find out that things as much much more complex than you can imagine. And travel to CH to see thing by yourself.
I see a pattern here, like when Colin Powell gave a Power Point presentation in UN, showing how Iraq and Saddam Hussein produced Weapons of mass destruction in trucks, while those trucks where driving around in Iraq.
This is to protect Cisco and NSA surveillance off those Cisco routers, sold to us.
Technically speaking, Huawei equipment installed in a country Internet infrastructure seems as controlled by local specialists and not by guys from China. Not entirely correct. The update of Huawei equipment will come from China. It means UK guys wasting time checking the code. They are checking "public" version. An update to new "private" version may easy bring as many backdoors as China government wants.
People who did not read about world and particular China history do not understand Chinese mind set. It was last 5000 years the country of slaves, I would use "robots" as it is much closer. It was always the upper not even class but a group of governing people. Not Emperor but his closest circle always ruled the country. Nothing changed. CH government while presenting as "modern communists" are actually the some junta as before. 5000 years back. And current purpose is to dominate the world. They have 1,500.000.000 people, they have a lot of cash, and they sent millions young people to study in the best Western universities. US universities of the best quality occupied by Chinese. The idea is very simple - we have money, we have #1 industry, we want to be the technical and thus real leader of the world. The problem still exists - by gens, Chinese guys cannot think free as Western race. China still needs inventions, trade secrets - in general - ideas. Millions of slaves can do manufacturing but cannot do ideas. So, millions youngsters in the US and other Western countries is the attempt to create a class of Western-thinking technology leaders.
Until they overcome their nature, they will need backdoors and other hacks in Chine Made equipment.
The ransacking of the world by China: Criminal Nation has been documented since 1998, the year the Clinton Administration in the USA provided them with Most Favored Nation status. Due to the nature of China's totalitarian, 'communist' government, there is no creative incentive in China. Therefore, the incentive is to steal everything from those who are creative. To believe Huawei is somehow an exception to the criminal rule, especially considering its very direct ties with China's government, is outrageously naive.
...And the naive will reap the rewards of their foolishness. Do your research and you'll cure your naiveté.
Meanwhile, bless those Chinese who dare to be creative, despite their nation's criminal incentive and mandate!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
