Slashdot Mirror
The Chinese Telecom That Spooks the World
wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."
How can you be absolutely sure they are not back-doored?
Why is it ok that all internet equipment cc's a copy to the usa, but not ok to send the same copy to china?
Not that they're total shit from a security POV? (warning: pdf)
So, they are being tested by the security watchdog in the U.K. Big deal, they load up a specially prepped software image (like they do for all their customers) and pass the test. Next step is to have all operators buy their heavily discounted gear for almost nothing, implement it and have them install a critical software update to avoid exploits. Have that image backdoored and they are one step closer to total world domination.
I'm not a complete idiot... Some parts are missing.
You can trust equipment designed and made in China, or equipment designed in USA and made in China. But both China and USA want backdoors, so what diff? Who cares if it's China or USA's intelligence orgs that have the backdoor?
The Reason the US is concerned about other countries using telecommunication equipment for spying is because they have done it already. A lot.
If you don't want to be spied on, encrypt it.
"First they came for the slanderers and i said nothing."
I would not be surprised if they have hardware that's not compromised, and hardware that is. Non-destructively checking to ensure that each piece is per spec would be remarkably challenging. However, the odds are very low that they're putting much into most of their products, because more exposure yield a higher risk, and any demonstration of a backdoor would kill the company.
When we buy stuff from China without a corresponding increase in our own exports, they've already backdoored our economy.
The Chinese Telecom That Spooks the Spooks
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored.
More specifically, to make sure there's not any EXTRA backdoors besides the CIA one...
As anyone familiar with the underhanded code contest knows, it's possible to create code that looks fine, easily passes reviews from people even who are on the lookout for back doors, yet still contains back doors.
It's essentially impossible to prove that your equipment is NOT backdoored, unless you designed and built it in-house and believe that your own engineering staff is trustworthy (its own problem, when there is a history of governments buying off employees within companies that have access to critical data and processes).
I thought it was ZTE that really scared the world. I'm pretty sure ZTE's management was tied to the People's Liberation Army.
I normally don't post anonymously but my employer deals with Huawei.
According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.
Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf
If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.
Sure, eliminating eavesdropping opportunities is just the kind of business that SigInt spooks kindly engage in all the time...
http://www.fiercetelecom.com/story/huawei-banned-making-equipment-bids-australias-nbn/2012-03-26
Not just a handicap against them, and no reason given. It's not like there are a lot of world class Australian router companies. They are buying Taiwanese, French-ish, and US-ish, so it isn't nationalism. Just seems to be anti-China sentiment, with no substance backing it up, in this case, or the Aussie NBN.
Learn to love Alaska
post WW2, the UK sold enigma-based encryption machines to Empire/Commonwealth countries. Of course, they didn't tell the recipients that the UK could crack enigma encryption with ease.... Its why the wartime decoding of enigma remained a state secret until the early 70s, when even the most poverty-stricken Commonwealth countries had moved onto something a bit more sophisticated!
Its important to know what both "friends" and enemies are saying about you!
How Israeli Backdoor Technology Penetrated the U.S. Government's Telecom System and Compromised National Security
An Israeli Trojan Horse
http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/
If you don't want to be spied on, encrypt it.
Guvf vf nal rapelcgrq ercyl. Ubcrshyyl gur AFN pna'g ernq guvf.
We do not distrust you, we do not dislike you.
We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of China on the world stage, or have anything against Chinese culture or Chinese people. But because we oppose authoritarian government, of any kind, from any part of the world.
We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in the West, but not for state control of political dialogue.
We in the West believe the ability to express our political opinions freely is very important to the health of our society, that is how and why we call our society free (despite the fact some of our media companies are trying to hurt our freedoms on our communication structure in the effort to prop a media business model that only works in a world without the Internet: don't worry, they will clearly fail, their efforts are the death throes of a dying way of business).
You will see some responses to this comment of mine attempting to falsely equate Chinese authoritarian control of political opinion with various vile things the West does. Don't get me wrong: the West does plenty of evil things and there is plenty I criticize about my government. The difference is: they can express this political opinion of theirs freely, here in the West, and ironically, as they indulge false equivalency, they do not admit or do not know they would experience fear and intimidation if they tried to equally criticize Beijing, from within China.
I myself disagree with those who falsely believe that the West is just as bad as China in regards to suppression of freedoms, but I fully support their right to spout their nonsense, unhindered by fear of government backlash. Here in the West, we believe that the natural competition of ideas that only comes from every single one of them being freely expressed, NATURALLY leads to the flawed opinions sinking and the good opinions rising. Only in this natural competition of ideas do good ones endure the test of criticism and one fail it. If the state attempts to impose its own idea son the people, the state itself might wind up imposing ideas that are flawed, because they are unexamined. The people know better than the state, in this way. In other words, state control of politicla thought is a form of weakness that will eventually harm China.
So Chinese people: since you cannot likewise criticize your own government freely within China, do you not have a problem with this fact? If you are proud to be Chinese, as you should be, do you not believe you should be free to speak your mind like I can in your effort to make China strong as a Chinese patriot?
Chinese people: please understand that we in the West respect the Chinese people and wish you prosperity and freedom. And so we await the day you respect yourselves as well to not be treated like slaves by your own government, and to throw off the yolk of the efforts at mind control which exists in Beijing, pointed against the Chinese people and the free expression of your own thoughts, an effort whose only purpose is to serve the continuation of a power structure that is not necessarily good for China, only good for a few rich and connected Chinese at the detriment of all other Chinese.
Sure, this authoritarian power structure has done great things for you economically. But growth doesn't last forever, and when your economy fully matures, I am confident you finally turn your attention to freeing yourselves from the authoritarian government who wants to control your mind and your thoughts.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
We do not distrust you, we do not dislike you.
We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of USA on the world stage, or have anything against USA culture or USA people. But because we oppose authoritarian government, of any kind, from any part of the world.
We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in Europe, but not for state control of political dialogue.
they bought the article are you really surprised...
GCHQ is a fob off Huawei's already been proven to have a multitude of "reporting home" problems...
have fun
ZDNet, CNN.
http://alkindicipher.wordpress.com
All the buffer overflows courtesy of NSA are "mistakes" in Cisco products. Shirley.
I will never buy a piece of Huawei gear if I have a choice. Early versions of their documentation were a direct copy/paste from Cisco's CCO. Cisco proved this by pointing out all of the intentional spelling errors that were in the exact place throuout the documentation. Stealing is not innovating.
I know a lot of people from different parts of the world who are not at all worried about "A Rising China" -- they all have decent IQ, which might explain why they see everything in right perspective and tell me to calm down.
and have them install a critical software update to avoid exploits.
I love how Cisco did something along these lines recently, including the siphoning off of web history, along with a slew of other privacy violations completely in the clear, with no permission whatsoever.
Another possible point of hypocrisy is the CIA's partial funding of Facebook, which seems to suggest that if a foreign company wants to build a network in the US, that is government funded, it's a National Security issue... but if a domestic company, which is funded by the US government, wants to build a network all over the world, and a foreign government says, "Um, no." then it's censorship.
There is also the fact that Huawei has hired a former defense contractor for the US government as it's Chief Security Officer.
They can't catch Chinese athletes that are doping, I doubt they can tell if Huawei gear is not back-doored.
I work for a telco supplier, so have had glimpses into the weird world of what happens behind the shonky service and bills.
Huawei when they started out produced kit that was 'very similar' to Cisco. Now you suggest that perhaps they were paying too much homage to their US competitor, but it did mean their kit was pretty easy to deploy. You can setup a VPN in IOS, you can switch to Huawei kit and barely notice the difference.
Next bit of their success was how they engaged with the customer. Legacy vendors have whole stacks of sales all hell-bent on shafting the telco for as much money as possible. Huawei wanted a foothold, kit was cheaper, but they really put in some effort to push the sale - Buy your new network from us, and we'll let you buy it on lease over a decade, our engineers will install/config/support it for you, we'll tweak stuff if it currently doesn't do what you want etc. Legacy vendors might have got a bit of a kicking from the dot.com crash, but they still dragged in the overly-complex vendor structure that makes that makes the proposal of similar flexible solutions somewhat difficult. Simply meant that if you were a small player with a valid business model, picking Huawei allowed you to very easily work out what the kit was going to cost you.
With regards to spying, if they were, it wouldn't be let anywhere near the tier zeros. As far as I can make out, there's no real evidence of China using Huawei to spy and most of the allegations come from the incumbents/vested interests, trying to come up with a reason to oppose the shift in purchasing.
If you're worried about back-doors - don't. They're already everywhere. I've been in plenty of offices which have the 'special room' that everything has to go through and telco employees don't even have the keys to. So just to carry on with this, if your kit DOESN'T have a back-door, it ain't going to be deployed. The only real topic of interest is just working out who holds the back-door-keys.
asshole
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England â" including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored".
Shouldn't that be the steps Huawei has taken to ensure equipment built by Huawei can be back-doored by GCHQ as easily as the spooks can back-door western companies.
"Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's IOS operating system can be exploited" Feb 2010
AccountKiller
There are the backdoors you know about, and then there's the backdoors you don't. The concern isn't really china eavesdropping. The fact of the matter is, they've got the talent to just hack their way in with or without a backdoor. The concern is that China is producing a large percentage of the networking equipment in the world right now, and it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch. They broadcast some per-determined signal or something and 90% of the routers outside of short their power supplies across a resistor, spiking their power usage all at once world wide causing blackouts and frying all of the equipment. The utility of that isn't all that great but it would be devastating during a war and nearly impossible to detect in their code. The possibilities are endless.
A private, for-profit company would never invest in such things and anything of the sort that would arise would be the result of a bug or something forced on them by federal regulation. Either way, whatever it was that compromised the equipment would be an accident and far less dangerous. When the company is funded and run by the state... and their motives are governed by ideology rather than profit, you can never truly know what the equipment is capable of. You could literally be installing a bomb in your rack and not even know it.
I think the right way to ensure security is to require these companies to release the designs and source code. We shouldn't be relying on closed technology. It's a hazard which will bite us in the ass. It already has bitten everybody who utilises any kind of technology. If you shave and bought the cheaper razer you probably pay too much for the blades. If you bought a computer you got screwed all over. From the operating system software to the printer. You can't update the operating system without paying through the nose or retain the same printer year after year. The printer's dependent on a particular manufacturer's ink cartridges and then stops working after an upgrade due to discontinued support for newer operating systems. All of which can be resolved by requiring companies to open up the technology.
http://it.slashdot.org/story/12/08/02/1226228/security-expert-huawei-routers-riddled-with-vulnerabilities
PERTINENT QUOTE/EXCERPT:
---
"Cnet reports that German security expert Felix Lindner has unearthed several vulnerabilities in Huawei's carrier grade routers. These vulnerabilities could potentially enable attackers, or the Chinese government, to snoop on users' traffic and/or perform a man-in-the-middle attack. While these routers are mostly in use in Asia, Africa and the Middle East, they are increasingly being used in other parts of the world as well, because of their dirt-cheap pricing."
---
* See the potential price of GREED, people? Sure, you may get Chinese good cheap, but what's the price later??
APK
P.S.=> The world makes me ill - There's NO FLAGS (or loyalty + sense of duty to your nation) anymore!
NOW? Now, there's just corporate greed, lobbyists, & the BEST POLITICIANS MONEY CAN TRULY BUY...
... apk
Having worked with one of their HLRs, I can confirm they're mildly dodgy. We only had access to certain things - No proper access to the underlying box, for example. The commandset was identical to another hardware vendor. (Blatant rip-off). Whilst I've said all that, there are worse out there. Comverse, an Israeli company, are at it too. Their founder fled to Namibia after committing lots of fraud: link - That's just the financial fraud. Their voicemail systems & other VAS equipment is backdoored to death. Note that they're also a big wiretap equipment vendor. Look on your doorstep before you start looking to China, Americaland!
I suspect the concerns of the British intelligence community would be around having their own back door to Huawei equipment. The Chinese won't be worried because they probably already have complete access to everything the GCHQ do anyway. There is no such thing as privacy anymore. All major governments have back doors to this gear....and have done for many years. Illegally, of course, in most cases, though 9/11 let them pass laws making legal what they had been doing illegally for quite some time. Governments don't care what the law is unless YOU'RE breaking it.....and if you tell anyone they are breaking it, then you're a criminal and a terrorist. Enjoy. You voted for these crooks.
Only boring people are ever bored.
it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch.
They could, sure. And some people think the CIA has AES cracked. These people didn't think before forming an opinion. You don't put a backdoor on a sytem you yourself use, because if you do an enemy (who might not use your system) will be able to shut you down once it finds the backdoor.
A private, for-profit company would never invest in such things
Oh, boy, aren't you naive. Companies will do anything for money. A big company is not much different from a big government - both have great power and a great urge to abuse that power. Search for Room 641A.
A private, for-profit company would never invest in such things
Oh, boy, aren't you naive. Companies will do anything for money. A big company is not much different from a big government - both have great power and a great urge to abuse that power. Search for Room 641A.
Whaaat? But of course they are diferent... in terms of the efficiency they can screw you... the big companies will do it faster, with a lower cost and potentially at a larger scale.
Why, you only need to look on how US rednecks defaulting on their loans make all world's retirement funds worth nothing: even if they'd try the hardest they could, the US govt would have taken decades for the same outcome.
Questions raise, answers kill. Raise questions to stay alive.
Instead of what the American Government wants: something akin to American control of a foreign company, Huawei will likely do what it has done in the past: take to the countryside and surround the cities, or in this case, sell to other countries and compete hard internationally, selling whatever it can wherever it can, including encroaching on the US market. The government will back down half a second after businesses say that it can't compete with the more expensive 'made in merica' hardware. US companies will even import the hardware themselves to save a buck. The problem the US government has with Huawei technology is that the eavesdropping backdoors it can force into domestic equipment, can't be forced into Huawei stuff.
I'm sure they're not connected, though. Because otherwise the parent poster had a point against the USA's mercantilism.
You've been using the internet for how many years now and you don't know whou built it? Oh! But those were the good guys. ;-)
anybody having develloped anything in software or system industry in the last 40 years just laugh out loud when they read "replace by "any gov agency ", to ensure equipment built by Huawei is not back-doored." and knows that proving the contrary is virtualy impossible (like predicting next week 0 day exploit)
Couldn't see past "it's spread".