Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Chinese Telecom That Spooks the World

Posted by samzenpus on from the trust-us dept.

wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."

4 of 153 comments (clear)

  1. That's the particular concern? by pathological+liar · · Score: 3, Informative

    Not that they're total shit from a security POV? (warning: pdf)

  2. They don't need back doors! by Anonymous Coward · · Score: 5, Informative

    I normally don't post anonymously but my employer deals with Huawei.

    According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.

    Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

    If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.

  3. Re:This testing is useless... by arkhan_jg · · Score: 4, Informative

    GCHQ is hardly a security watchdog - the closest US equivalent would be the NSA.

    They're the signals intercept and codebreaker agency of the UK government. One presumes they know their shit when they're looking for backdoors planted by the chinese intelligence servives.

    --
    Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
  4. Re:The reason by jaymemaurice · · Score: 3, Informative

    an un-encryPted public message with nO specific desTination mAy in acTuality cOntain a Encrypted private message.

    --
    120 characters ought to be enough for anyone