back to article US firm wins Oz-backed bid to block Huawei from subsea Pacific cables

An American company is to build a series of undersea cables linking Australia to China after the Aussie government put its foot down and kicked Huawei off the contract. Building on our reports from last year that Australia had blocked Huawei from building a 4,000km cable between Australia, Papua New Guinea and the Solomon …

  1. cornetman Silver badge

    > While no western country has, so far, revealed any evidence of a deliberate backdoor being planted in Huawei equipment, it appears that the sloppiness of firmware in Huawei network gear is a large security threat on its own.

    That's pretty awful....but do we have any evidence that other suppliers' code quality is any better? Cisco?

    1. whoseyourdaddy

      I'm thinking Cisco and Arista, If there was a problem, this site wouldn't shut up about it.

      It is interesting that the Aussie-produced drama series picked up by Netflix have government monitoring and terrorism as a central plot element.

      1. Anonymous Coward
        Anonymous Coward

        “I'm thinking Cisco and Arista”

        Any particular reason why? I know they are “network companies” but as far as I’m aware, they don’t have any products in the submarine cable market. I’m not even sure submarine cables would qualify for industry interest outside the cable layers. It’s more likely facilities access by government agencies or telco co-operation by existing vendors.

        I’m not disputing US companies interfering in foreign investment utilising Chinese products, but if I said Tesla was responsible for blocking countries buying aircraft from Airbus, people would look at me as a conspiracy nut. Unless of course that’s already happened - not as a conspiracy, just to prove my example is terrible and that I’m wrong...

        My point is, shouldn’t we be looking at those responsible rather than making up pantomime villains and then wondering why nothing changes?

      2. Sebastian.Q.Ostragoth

        Go back and read Ken Thompson's Turing award speech.

        Looking at the code is not sufficient to tell you if there is a hidden backdoor as the compiler may insert one automatically. Looking at the compiler source is not sufficient to tell you the compiler is doing this as it may have code to add the compromise code to itself. Once such a compiler exists, all the compromise code can be removed from the sources and yet continue to propagate...

        1. Jellied Eel Silver badge

          But this is cable, not windows.

          So H2 is going to be around 12-15Tbps per pair, with the original/initial plan to go Sydney - Hong Kong, with branches off to other Pacific nations like Guam. Then an option to run Sydney - San Franciso via/branching to the Solomons & Hawaii.

          So a good chunk of it is due to land in China anyway, where it could be intercepted. Doing anything to say, Guam - San Francisco would involve doing nefarious things at the optical level to eavesdrop on wavelengths provisioned say, China - Sydney, or Guam - San Francisco.. Which is obviously a sensitive topic given Guam is basically a large US military base. But somehow, you'd need to extend from the optical control plane into the data layer to sniff traffic, and hope nobody notices. Requests to provision say, Nx500Gbps capacity Guam - HK may raise eyebrows amongst the system's operators.

          Again the risk is mainly operational, as in potential denial of service. So given Guam's a major Pacific operations base, cutting services.. Which would be immediately obvious, and generally an indication that all its not well with US - China diplomatic relations, and the situation's about to get worse.

        2. don't you hate it when you lose your account

          Who else uses that compiler

          Looking at you M$ and Adobe

      3. Jeffrey Nonken

        Secret City?

        I started watching because of Fringe actress Anna Torv.

    2. Mike Lewis

      Cisco's code is patched by the NSA.

    3. Alan Brown Silver badge

      "That's pretty awful....but do we have any evidence that other suppliers' code quality is any better? "

      Having pulled a few Huawei rom images apart...

      The core is Wind River Linux (which is pretty good) but a lot of the add on coding shows Bangalore origins and all the "payment by the yard of coding" that implies.

      The big presentation about "insecure Huawei kit" a few years back was _entirely_ on stuff they were building under license at the time - the kit was rebadged 3com and the code was completely Comware - the exact same holes (and worse) were in the original 3com gear (and none of them were present in Huawei's VRP kit. It has other issues such as being SLOW)

      The biggest risk is the stuff failing under load - especially if you try to ask too much via SNMP - Huawei don't understand that enterprise networks use SNMP extensively and dn't pay enough attention to keeping query handling efficient.

  2. martinusher Silver badge

    Huawei seems about average

    "the sloppiness of their firmware" is fairly typical for large software systems. (I'd have panicked if it was all bright and shiny.)

    Yes, Huawei can do better and they probably will. Unfortunately using politics as a tool to aid marketing is a bit of a blunt instrument so "kicking Huawei off a cable" doesn't really change anything -- our own (US) companies have spent 10-20 years downsizing and outsourcing so there really isn't the engineering muscle available to do a lot of the development we were doing years ago, its all been outsourced to facilities in far away places (including Russia and China...). But then this was never about security, its about profits.

  3. werdsmith Silver badge

    Protectionism in disguise.

  4. David 45

    Paranoia?

    Does rather smack of paranoia, even if their practices aren't so good as might be desired. That, presumably could be changed.

  5. Spanners Silver badge
    Alert

    Equally big threat

    All US companies are legally obliged to let their spooks in. This may be a smaller infrastructure threat but it is a much bigger threat toi personal and commercial data.

    China may choose to spy on other countries but the USA is the one that has a track record of spying upon individuals in this country as well as passing commercial data to US corporations.

    1. Annihilator
      Joke

      Re: Equally big threat

      Well, arguably certainty is better than uncertainty...

  6. GrapeBunch
    Coat

    Mais oui. Whenever I am able.

    Uncle Sam love you. Just ask Angela.

    I love America Sam. No chink in my armoured fable.

    My manteau is the one with the radio discussion programme entitled "Cable Débâcle Cackle".

  7. Big_Boomer Silver badge
    Facepalm

    Typical bullies!

    Sounds like the neighbourhoods 2 biggest bullies are gearing up for a shin-kicking bout. Anyone game to spike their pre-bout drinks with laxatives and emetics? Could be messy, but it would be ****ing hilarious!

  8. Anonymous Coward
    Anonymous Coward

    Given the US's approach.. my only thought is:

    To be a true friend and ally, one must have mutual respect and allow disagreement. To be a bitch, one must do as one is told... know how to kiss ass, and not afraid to insert ones tongue!

  9. Rich 2 Silver badge

    Sloppy

    "... it appears that the sloppiness of firmware in Huawei network gear is a large security threat on its own."

    Well if the buggy/crappy PC driver for your average cheap Chinese USB gadget is anything to go by, I can well believe this

  10. mhenriday
    FAIL

    Nothing to do with security problems in Huawei kit,

    and everything to do with what has become an all-out war on Chinese technological progress on the part of the US government. Even the hardly Sinophile Washington Post can't keep from giving the game away....

    Henri

    1. Roland6 Silver badge

      Re: Nothing to do with security problems in Huawei kit,

      Also I suspect it is about 'legitimate' access to the cable for unspecified future 'maintenance' and repairs.

  11. JaitcH
    FAIL

    Must Be Nice To Be Able To Waste Australian Taxpayers Money

    Few international infrastructure projects have been subjected to such petty prejudice.

    Time the US quit polishing it's ego and admitted that they are NOT / NOW LONGER are technological leaders.

    CISCO is a prime example of why US equipment should not be used as they build backdoors in for the Echelon snoopers.

  12. Yes Me Silver badge
    Unhappy

    Just more economic warfare...

    ...and the Chinese are, fortunately, reacting in a very responsible and sensible way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like