Sign in / up

back to article EU outlines 5G rules: You don't have to keep 'risky' vendors completely Huawei

It's not just the UK government that's wrestling with the decision to permit Huawei's gear on the 5G network. Across Europe, a similar debate has raged. Can Huawei, which many in intelligence circles believe to be inextricably linked to the Chinese government, be trusted to power the next generation of mobile telephony and data …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. alain williams Silver badge

    HCSEC is auditing Huawei code

    By all accounts this code has quality problems, but is the equivalent code from Cisco, Ericsson, Nokia, Intel, Qualcomm, etc, any better ? I suspect not.

    Why does Huawei not just open source its code (eg upload to Github) and make it easy for users to install their own version ? They can make their money selling hardware & support. This would mean that:

    * it would be hard for others to claim hidden back doors

    * many programmers could work on & improve the code

    Yes: that would still leave the possibility of deliberate hardware bugs - but that is harder to do & so harder to be accused of.

    I do appreciate that doing this is harder than just uploading the code, but it would be doable.

    10 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: HCSEC is auditing Huawei code

      The majority of the code runs on x86 servers - if you give it away, what are customers going to buy? Your installation and support services?

      2 1 Reply
    2. Doctor Syntax Silver badge
      Reply Icon

      Re: HCSEC is auditing Huawei code

      I assume Europe is prepared to trust its own manufacturers but other stuff, and that most certainly includes that from US vendors, should be audited in the same way. Why should they object if they've nothing to hide?

      8 0 Reply
    3. JamesNPA
      Reply Icon

      Re: HCSEC is auditing Huawei code

      Are Cisco, Ericsson, Nokia, Intel, Qualcomm, etc, components manufactured exclusively outside of China?

      6 0 Reply
    4. Aitor 1
      Reply Icon

      Re: HCSEC is auditing Huawei code

      The equivalent is KNOWN to have backdoors for five eyes.

      7 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: HCSEC is auditing Huawei code

        "The equivalent is KNOWN to have backdoors for five eyes."

        Do you know how five eyes gets access? Taping cables. Guess how many code reviews detect that? This is the preferred method as it provides plausible deniability if the US is caught red-handed tapping another member of five eyes communications.

        What I suspect you are referring to is lawful intercept - it is used by law enforcement for "legal" taps. The rules around the request process and whether some requests can be denied are muddy at best...

        0 0 Reply
        1. Mark Exclamation
          Reply Icon
          Headmaster

          Re: HCSEC is auditing Huawei code

          Taping cables? I know duct tape has a multitude of uses, but this is incredible....!

          5 0 Reply
  2. ARGO

    4 companies?

    "So far, the four companies offering 5G infrastructure are Huawei, Nokia, Ericsson, and Samsung."

    ZTE might want to have a word with you about that.... as might all of the open RAN vendors

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: 4 companies?

      Do ZTE or open RAN vendors have customer trials targetting widespread deployment yet?

      My understanding is that Huawei is closest to having an operational 5G standalone solution, with Samsung close (but not so popular outside of South Korea). Nokia and Ericsson have trials of non-standalone solutions (5G clients on a 4G core) but are still a year or two off progressing to an operational 5G standalone solution.

      I am aware of one-off ZTE trials but they don't appear to be progressing to anything larger at present.

      In 2-3 years time when 5G is widespread, I would still expect ZTE to be one of the 4 big players ahead of Samsung, but they tend to support the more cost conscious end of the market.

      1 0 Reply
  3. CJatCTi

    It is all trade war.

    America’s issues with Huawei & 5G is much more about it’s trade war with China than security.

    It is data that is going to be using this network, data (much to the spies annoyance) is now end to end encrypted so what ever network it goes over it is “secure”.

    So all the network manufacturer could do is shut it down. How they would sneak that access in, would be interesting with scrutiny their kit is receiving.

    The only insecure is standard VoIP voice traffic, so anyone can listen into a VoIP call, and they don’t have to be the manufacture of the network to do that.

    To get the data, you need to get the phone, hence the fuss with Mr Amazon’s phone or Mrs. Merkel getting hacked.

    There are only a handfull of 5G newtwork manufatures, get rid of the cheap (high quality) Chinese, and we all pay more.

    Where are most phones made? In China, so let ban all phones made in China, and thus make all phones so expensive nobody can afford them, an then we will be secure.

    12 0 Reply
    1. Chris G
      Reply Icon

      Re: It is all trade war.

      National security for the US is the domination of as many markets as possible and to keep the dollar as the predominant means of international exchange, I doubt it was ever really about China's ability to spy on anyone as much as cornering the market on 5G to the point that it would be difficult for anyone else to compete.

      As things are Huawei seems to be much further ahead in most aspects of 5G and certainly more ready for roll out than most.

      The US is still trying to overcome China's dominance of the highly strategic rare earths market and has been playing catch up there for at least 5 years so 5G added to that is too much for them.

      8 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: It is all trade war.

        "I doubt it was ever really about China's ability to spy on anyone as much as cornering the market on 5G to the point that it would be difficult for anyone else to compete."

        O divine art of subtlety and secrecy! Through you we learn to be invisible, through you inaudible; and hence we can hold the enemy's fate in our hands

        Disrupting others is still considered part of spycraft. Weakening your opponents provides an advantage even if you do not know the exact details of their communications or movements.

        The focus has been on intercepting communications which is unlikely as it is difficult to do without being able to slurp large quantities of information and process it which makes it easily noticeable and likely provides little of value when much of the content is messages saying someones running late, memes or tiktok/youtube videos. i.e. a similar argument to the big Internet companies slurping everything where as a small amount of actual information and a lot of metadata is often more useful than a lot of encrypted communications that requires significant effort to decrypt while providing little useful content.

        0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: It is all trade war.

      "It is data that is going to be using this network, data (much to the spies annoyance) is now end to end encrypted so what ever network it goes over it is “secure”."

      In a typical 4G deployment (and I would assume, proposed 5G deployments), control plane and data plane traffic is already encrypted between mobile devices and endpoints within the 4G (5G) network. This is before any client side encryption (i.e. HTTPS) is included in the picture that attempts to provide end-to-end encryption.

      Being able to see where devices register on the network and if they are active or not are still useful, even within encryption. Being able to impersonate another device is also useful. Knowing where a device is to allow you to swap it with a "bugged" device or to install software via an existing weakness to allow further monitoring allow you to bypass the encryption altogether.

      You decide whether encryption is sufficient if you have something to hide.

      4 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: It is all trade war.

        "You decide whether encryption is sufficient if you have something to hide."

        Anyone using a phone for on-line shopping, banking or whatever is likely to have stuff that they're contractually obliged to hide.

        6 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: It is all trade war.

          If you have software on your mobile device that was installed independently AND allows the encryption to be compromised, are you breaking the terms of those contracts if you are unaware that it is there?

          I'm prepared to assume (with little evidence) that a standard mobile device device is secure for this argument.

          0 0 Reply
        2. NeilPost
          Reply Icon

          Re: It is all trade war.

          Huawei kit is deeply embedded in (BT) Openreach broadband network... so it’s kinda way to late.

          Chosen in preference to Ericsson (formerly Marconi/STC) kit.

          1 1 Reply
          1. NeilPost
            Reply Icon

            Re: It is all trade war.

            Coventry R & D facility and others binned in 2005.

            https://www.theguardian.com/technology/2005/apr/29/business.onlinesupplement

            2 1 Reply
    3. bombastic bob Silver badge
      Reply Icon
      Big Brother

      Re: It is all trade war.

      "end to end encrypted so what ever network it goes over it is “secure”."

      yes, and no. If you can manage to intercept (for example) a DH key exchange it is possible to work out the entire conversation. Similarly there are 'replay attacks' that a "true man in the middle" could perform. Given that surveillance of MANY conversations to a well known server (let's say an email provider's logon servers) might give you enough information to more readily crack the server keys, and so the potential here might be to track people via their e-mail logons. From there, you can hoover up all *kinds* of otherwise encrypted information, from location to what you've most recently posted to social media.

      yeah THAT kind of information, that faecebook, google, and others are (quite literally) hoovering up as much as possible on EVERYONE, has already been demonstrated to be valuable. If the phone providers themselves are DOING THE SAME THING, but sending it to a government, then no information shared via a phone conversation would be "private" any more. Too may really bad implications are there.

      And so far, I don't believe Huawei is trustworthy enough to just believe them at face value.

      2 2 Reply
      1. John H Woods Silver badge
        Reply Icon

        Re: It is all trade war.

        "If you can manage to intercept (for example) a DH key exchange it is possible to work out the entire conversation"

        Errm, how is it? The whole point of a DH key exchange is secure exchange of the keys on a public channel.

        0 0 Reply
  4. JamesNPA

    NCSC reported on alternative 5G vendors?

    Has the NCSC looked at the "non Huawei" 5G suppliers and their cyber security hygiene? Are these reports public domain?

    4 0 Reply
    1. Jellied Eel Silver badge
      Reply Icon

      Re: NCSC reported on alternative 5G vendors?

      Sometimes, sort of. So some of it begins here-

      https://en.wikipedia.org/wiki/Common_Criteria

      With ISO 15408. So I could issue a bid requiring security targets per that, and tender responses show how they'd meet the security requirements. Shortlisted bidders would then be invited to submit reference design(s) to a certification lab, and results used to score and award contracts. But that's an expensive and time consuming process. On the plus side, vendors can submit stuff for independent certification and then make claims about it's compliance with ISO 15408. Like 'Windows is Secure!'*

      Bid stuff would be confidential, vendor's own tests results and might be published.

      Then there's-

      https://en.wikipedia.org/wiki/Evaluation_Assurance_Level

      Which gives a kind of 'approval rating', which can get used in marketing.. But also with caveats, ie the EAL rating is based on a defined Security Target, which generally means a specific version and configuration. And it's an expensive process for vendors, especially as updates should mean resubmission. Example here-

      https://www.cisco.com/c/en/us/solutions/industries/government/global-government-certifications/common-criteria.html

      *when installed on a server, inside a safe filled with concrete and dropped into the Marianas Trench.

      2 1 Reply
  5. Anonymous Coward
    Holmes

    Huawei again?

    First, for what it's worth, Huawei at least has the HCSEC and I don't see any of their competitors doing anything similar.

    Second, Huawei may give my information to the Chinese government while their competitors have and will give my information to the applicable Five Eyes government and they can mess with my life much more than the Chinese.

    Even if their competitors could compete on price or features or track record, I'd still do it Huawei.

    7 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Huawei again?

      True and I upvoted you.

      But one caveat: the west is losing its soul and jobs and skills by always choosing the cheapest. It might well be very advantageous to pay more now in order to keep Nokia and Ericsson in fighting shape. Too much of our industrial strength has already been undermined by our focus on the short term. When deploying 5G we should think about who will be there to deploy 6G and 7G, whatever these will be.

      0 0 Reply
  6. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    There might be enough power in harmonics (it's not all that far from microwave radiation) if Huawei aimed all nearby 5G transmitters at one spot on someone's body to cause them to feel the burn? Or Cancer later.

    0 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like