Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Chinese Telecom That Spooks the World

Posted by samzenpus on from the trust-us dept.

wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."

42 of 153 comments (clear)

  1. Is that even possible? by Anonymous Coward · · Score: 5, Insightful

    How can you be absolutely sure they are not back-doored?

    1. Re:Is that even possible? by Anonymous Coward · · Score: 5, Funny

      You compare the byte-code to Cisco's.

    2. Re:Is that even possible? by M0j0_j0j0 · · Score: 3, Funny

      But Cisco's have backdoors! i don't get it

    3. Re:Is that even possible? by Penurious+Penguin · · Score: 2

      Faith, brother Coward, faith.

      --
      Forward! -- Emperor Norton, 2012
    4. Re:Is that even possible? by Luckyo · · Score: 4, Insightful

      Even if they did 1:1 copy software side, hardware can have its own backdoors, hidden in the chips, completely invisible from software side.

      And if you think that cisco doesn't have backdoors, I have land on the moon to sell you.

    5. Re:Is that even possible? by Luckyo · · Score: 2

      USA seems to have done fine in this task, going from 1:1 copies of European technology to eventually developing and improving it, to USA it is today.

    6. Re:Is that even possible? by Taco+Cowboy · · Score: 2

      It is paranoia at best. More so when it comes from the US because they already do such a thing.

      China, strangely, are completely innocent in comparison to the US.

       
      China is not completely innocent - but compare to US, in term of spying technology, true, China is like a kindergarten kid as compare to Uncle Sam, a University Professor teaching PhD post graduate students
       

      --
      Muchas Gracias, Señor Edward Snowden !
    7. Re:Is that even possible? by Pepebuho · · Score: 2

      Unless everyone forgets: http://crysp.uwaterloo.ca/courses/cs458/F08-lectures/local/www.acm.org/classics/sep95/
      Reflections on Trusting Trust by Ken Thompson

    8. Re:Is that even possible? by Agent+ME · · Score: 3, Interesting

      They practically are backdoored: they're insecure as hell. http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

  2. racism much? by Anonymous Coward · · Score: 5, Insightful

    Why is it ok that all internet equipment cc's a copy to the usa, but not ok to send the same copy to china?

    1. Re:racism much? by Anonymous Coward · · Score: 2, Interesting

      Citation needed.

      Right... because when the CIA backdoors equipment, they always post a page about it on Wikipedia.

      You could start with this, though, to get the general idea of what they want.

    2. Re:racism much? by alexandre_ganso · · Score: 5, Insightful

      Why was this modded negative? It is a reasonable question. So is it fine for the NSA to spy everything, but not china? Double value.

  3. That's the particular concern? by pathological+liar · · Score: 3, Informative

    Not that they're total shit from a security POV? (warning: pdf)

  4. This testing is useless... by sabri · · Score: 4, Insightful

    So, they are being tested by the security watchdog in the U.K. Big deal, they load up a specially prepped software image (like they do for all their customers) and pass the test. Next step is to have all operators buy their heavily discounted gear for almost nothing, implement it and have them install a critical software update to avoid exploits. Have that image backdoored and they are one step closer to total world domination.

    --
    I'm not a complete idiot... Some parts are missing.
    1. Re:This testing is useless... by Anonymous Coward · · Score: 2, Interesting

      Read this.
      http://www.theparliament.com/latest-news/article/newsarticle/cyber-security-john-suffolk/
      CSEC get to see and test the source code (first line of penultimate paragraph). They aren't just pen-testing black boxes.

      I'm posting purely public information as Anon because I know far more about this than I'm allowed to say.

    2. Re:This testing is useless... by chihowa · · Score: 4, Interesting

      Looking at source code is even more useless in this case than examining the black boxes that are actually being deployed. It's difficult to prove that the source they're looking at is what is on the actual sold devices. And looking at the source gives no information about backdoors implemented in hardware.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    3. Re:This testing is useless... by alexandre_ganso · · Score: 2

      Not necessary at all. You do know the classic text on this, right? Reflexions on Trusting Trust, by Ken Thompson.

    4. Re:This testing is useless... by Zocalo · · Score: 2

      I think the credibility of that security audit has just been seriously undermined given the recent revelations that Huawei's routers are riddled with security problems. GCHQ was supposed to be auditing these things to ensure that they were fit for use on the UK's national infrastructure; things like 3G/LTE networks, airports, highways, powerstations, railways, and so on. So, which is it? Either they failed to find the vulnerabilities, even with the advantage of access that Felix Lindner presumably didn't have when he found the vulnerabilities, and so the audit is worthless. Alternatively, GCHQ found them and decided it was better to risk any part of the UK's national infrastructure that used Huawei routers on the off chance that the UK government might be able to use the exploits against a foreign infrastructure in, say, Africa, China, or the Middle East where Huawei has a fair sized market presence.

      Then again, they might have found the vulnerabilities, pretended they hadn't for the look of the thing, and any sensitive tender that might end up utilising Huawei equipment would get a discreet visit from someone senior at Cheltenham or Whitehall to advise them that, just maybe, one of the other tenderers might be a "better choice" for being the successful bidder...

      --
      UNIX? They're not even circumcised! Savages!
    5. Re:This testing is useless... by arkhan_jg · · Score: 4, Informative

      GCHQ is hardly a security watchdog - the closest US equivalent would be the NSA.

      They're the signals intercept and codebreaker agency of the UK government. One presumes they know their shit when they're looking for backdoors planted by the chinese intelligence servives.

      --
      Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
    6. Re:This testing is useless... by c0lo · · Score: 2

      You are right, but:

      IF the OS and patches on these is open source, AND the users are in control of installing these items and updates, AND the source is kept on a public repository, then there is a chance it could be legit.

      Didn't you forget the compiler?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    7. Re:This testing is useless... by Ash+Vince · · Score: 2

      GCHQ is hardly a security watchdog - the closest US equivalent would be the NSA.

      They're the signals intercept and codebreaker agency of the UK government. One presumes they know their shit when they're looking for backdoors planted by the chinese intelligence servives.

      This the interesting thing about GCHQ's remit. It is actually twofold. They are tasked with securing the UK's government communications and also breaking other peoples.

      The most interesting story I ever heard about them involved the guy who is currently their chief mathematician: http://en.wikipedia.org/wiki/Clifford_Cocks
      Particularly relevant is that when they figured out the Public Key Cryptography was actually possible, they expressly did not let anyone else know what they had found even though they decided not to use it themselves.

      When it was finally declassified (20 years after someone else invented it and published, how paranoid is that?) I saw an interview with Clifford Cocks where he was asked about whether he thought anyone else would believe that he had really invented this now it had been in the public domain, his reply was something along the lines of the fact that he had been turning up at various international gatherings about cryptography for years and that most of the people in his field were incredibly suspicious about him anyway since he couldn't actually tell people anything about his work, who he worked for or why the hell he could ask an informed question about RSA cryptography when it was first being postulated by people who clearly had never shared their research with him until it was published.

      It does make me think that if they did find any back doors there is sod all chance they would tell anyone else about them. They would quietly ask Huawei to remove them from the products sold to the UK government then let them exist in everybody else's gear. That is the response most in line with their government remit.

      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
  5. The reason by phantomfive · · Score: 5, Interesting

    The Reason the US is concerned about other countries using telecommunication equipment for spying is because they have done it already. A lot.

    If you don't want to be spied on, encrypt it.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:The reason by ShanghaiBill · · Score: 4, Insightful

      If you don't want to be spied on, encrypt it.

      Even if you encrypt your communications, they can still see who you are talking to. Sometimes knowing who you are talking to can be almost as valuable as knowing what you are saying.

    2. Re:The reason by jaymemaurice · · Score: 3, Informative

      an un-encryPted public message with nO specific desTination mAy in acTuality cOntain a Encrypted private message.

      --
      120 characters ought to be enough for anyone
    3. Re:The reason by Rufty · · Score: 3, Funny

      Dan Quayle, is that you?

      --
      Red to red, black to black. Switch it on, but stand well back.
  6. backdoors by harvey+the+nerd · · Score: 2, Insightful

    When we buy stuff from China without a corresponding increase in our own exports, they've already backdoored our economy.

    1. Re:backdoors by alexandre_ganso · · Score: 2

      Exporting manufactured goods is what makes Germany what it is, and the shift of them from US to anywhere else, well.... see the lower class of the two countries and then we talk.

    2. Re:backdoors by Anonymous Coward · · Score: 3, Insightful

      Short sighted poster forgets 10 years ago when Germany was the "sick old man of Europe" and the government took incredibly unpopular measures to jump start the economy. Please don't speak like building an entirely export based economy is a silver bullet method to success. How is Germany doing today? They joined a common currency with a bunch of knuckleheads and got rich off lowered trade barriers for their goods. Now all the money has dried up and their economy limps on because the domestic markets aren't nearly enough to support their production. Immigration can barely keep up with low birth rates and emigration, the unions have gained job security by agreeing to wage increases that don't keep pace with inflation and the government is making up budget differences by selling weapons to anyone who will buy.

      Germany is a wonderful place, my wife is German, but it ain't all roses. People seem to have very short term memories about their economic power.

  7. Better title by dszd0g · · Score: 4, Funny

    The Chinese Telecom That Spooks the Spooks

    --
    This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
  8. underhanded code by Anonymous Coward · · Score: 5, Insightful

    As anyone familiar with the underhanded code contest knows, it's possible to create code that looks fine, easily passes reviews from people even who are on the lookout for back doors, yet still contains back doors.

    It's essentially impossible to prove that your equipment is NOT backdoored, unless you designed and built it in-house and believe that your own engineering staff is trustworthy (its own problem, when there is a history of governments buying off employees within companies that have access to critical data and processes).

  9. They don't need back doors! by Anonymous Coward · · Score: 5, Informative

    I normally don't post anonymously but my employer deals with Huawei.

    According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.

    Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

    If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.

  10. Not just the US by Anonymous Coward · · Score: 2, Informative

    post WW2, the UK sold enigma-based encryption machines to Empire/Commonwealth countries. Of course, they didn't tell the recipients that the UK could crack enigma encryption with ease.... Its why the wartime decoding of enigma remained a state secret until the early 70s, when even the most poverty-stricken Commonwealth countries had moved onto something a bit more sophisticated!

    Its important to know what both "friends" and enemies are saying about you!

  11. Dear Chinese people: by circletimessquare · · Score: 3, Insightful

    We do not distrust you, we do not dislike you.

    We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of China on the world stage, or have anything against Chinese culture or Chinese people. But because we oppose authoritarian government, of any kind, from any part of the world.

    We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in the West, but not for state control of political dialogue.

    We in the West believe the ability to express our political opinions freely is very important to the health of our society, that is how and why we call our society free (despite the fact some of our media companies are trying to hurt our freedoms on our communication structure in the effort to prop a media business model that only works in a world without the Internet: don't worry, they will clearly fail, their efforts are the death throes of a dying way of business).

    You will see some responses to this comment of mine attempting to falsely equate Chinese authoritarian control of political opinion with various vile things the West does. Don't get me wrong: the West does plenty of evil things and there is plenty I criticize about my government. The difference is: they can express this political opinion of theirs freely, here in the West, and ironically, as they indulge false equivalency, they do not admit or do not know they would experience fear and intimidation if they tried to equally criticize Beijing, from within China.

    I myself disagree with those who falsely believe that the West is just as bad as China in regards to suppression of freedoms, but I fully support their right to spout their nonsense, unhindered by fear of government backlash. Here in the West, we believe that the natural competition of ideas that only comes from every single one of them being freely expressed, NATURALLY leads to the flawed opinions sinking and the good opinions rising. Only in this natural competition of ideas do good ones endure the test of criticism and one fail it. If the state attempts to impose its own idea son the people, the state itself might wind up imposing ideas that are flawed, because they are unexamined. The people know better than the state, in this way. In other words, state control of politicla thought is a form of weakness that will eventually harm China.

    So Chinese people: since you cannot likewise criticize your own government freely within China, do you not have a problem with this fact? If you are proud to be Chinese, as you should be, do you not believe you should be free to speak your mind like I can in your effort to make China strong as a Chinese patriot?

    Chinese people: please understand that we in the West respect the Chinese people and wish you prosperity and freedom. And so we await the day you respect yourselves as well to not be treated like slaves by your own government, and to throw off the yolk of the efforts at mind control which exists in Beijing, pointed against the Chinese people and the free expression of your own thoughts, an effort whose only purpose is to serve the continuation of a power structure that is not necessarily good for China, only good for a few rich and connected Chinese at the detriment of all other Chinese.

    Sure, this authoritarian power structure has done great things for you economically. But growth doesn't last forever, and when your economy fully matures, I am confident you finally turn your attention to freeing yourselves from the authoritarian government who wants to control your mind and your thoughts.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:Dear Chinese people: by gmhowell · · Score: 2

      When they grow mature, they will surely use drones and missiles to kill the guntoting hillbillies of North Dakota. They will call it a "counter-terrorist operation".

      Ya know, could you at least pick the right targets? The gun toting hillbillies are in North Carolina. I should know, I'm descended from them.

      Bombing the wrong targets just turns you into the thing you claim to hate.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
  12. Dear USA people: by Anonymous Coward · · Score: 4, Insightful

    We do not distrust you, we do not dislike you.

    We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of USA on the world stage, or have anything against USA culture or USA people. But because we oppose authoritarian government, of any kind, from any part of the world.

    We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in Europe, but not for state control of political dialogue.

    1. Re:Dear USA people: by circletimessquare · · Score: 5, Funny

      from the comment you are responding to:

      You will see some responses to this comment of mine attempting to falsely equate Chinese authoritarian control of political opinion with various vile things the West does. Don't get me wrong: the West does plenty of evil things and there is plenty I criticize about my government. The difference is: they can express this political opinion of theirs freely, here in the West, and ironically, as they indulge false equivalency, they do not admit or do not know they would experience fear and intimidation if they tried to equally criticize Beijing, from within China.

      I myself disagree with those who falsely believe that the West is just as bad as China in regards to suppression of freedoms, but I fully support their right to spout their nonsense, unhindered by fear of government backlash.

      see how I inoculated my comment against yours?

      it's so easy to see you braindead false equivalency idiots coming a mile away. i'm sure you didn't even read my comment before formulating your useless mental vomit

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    2. Re:Dear USA people: by Anonymous Coward · · Score: 2, Interesting

      see how I inoculated my comment against yours?

      It doesn't make what you say true. At least China only censors within China, while the USA censors within the whole world.

      So there is no equivalence indeed: the USA is widely considered the larger threat.

  13. Uphill PR Battle: Those Concerns are Growing by ohnocitizen · · Score: 5, Interesting

    ZDNet, CNN.

  14. Huawei putting in back-doors is not the problem. by Anonymous Coward · · Score: 5, Interesting

    I work for a telco supplier, so have had glimpses into the weird world of what happens behind the shonky service and bills.

    Huawei when they started out produced kit that was 'very similar' to Cisco. Now you suggest that perhaps they were paying too much homage to their US competitor, but it did mean their kit was pretty easy to deploy. You can setup a VPN in IOS, you can switch to Huawei kit and barely notice the difference.

    Next bit of their success was how they engaged with the customer. Legacy vendors have whole stacks of sales all hell-bent on shafting the telco for as much money as possible. Huawei wanted a foothold, kit was cheaper, but they really put in some effort to push the sale - Buy your new network from us, and we'll let you buy it on lease over a decade, our engineers will install/config/support it for you, we'll tweak stuff if it currently doesn't do what you want etc. Legacy vendors might have got a bit of a kicking from the dot.com crash, but they still dragged in the overly-complex vendor structure that makes that makes the proposal of similar flexible solutions somewhat difficult. Simply meant that if you were a small player with a valid business model, picking Huawei allowed you to very easily work out what the kit was going to cost you.

    With regards to spying, if they were, it wouldn't be let anywhere near the tier zeros. As far as I can make out, there's no real evidence of China using Huawei to spy and most of the allegations come from the incumbents/vested interests, trying to come up with a reason to oppose the shift in purchasing.

    If you're worried about back-doors - don't. They're already everywhere. I've been in plenty of offices which have the 'special room' that everything has to go through and telco employees don't even have the keys to. So just to carry on with this, if your kit DOESN'T have a back-door, it ain't going to be deployed. The only real topic of interest is just working out who holds the back-door-keys.

  15. It's GCHQ who are back-dooring Huawei by dgharmon · · Score: 2

    "another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England â" including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored".

    Shouldn't that be the steps Huawei has taken to ensure equipment built by Huawei can be back-doored by GCHQ as easily as the spooks can back-door western companies.

    "Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's IOS operating system can be exploited" Feb 2010

    --
    AccountKiller
  16. Re:Huawei putting in back-doors is not the problem by Charliemopps · · Score: 2

    There are the backdoors you know about, and then there's the backdoors you don't. The concern isn't really china eavesdropping. The fact of the matter is, they've got the talent to just hack their way in with or without a backdoor. The concern is that China is producing a large percentage of the networking equipment in the world right now, and it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch. They broadcast some per-determined signal or something and 90% of the routers outside of short their power supplies across a resistor, spiking their power usage all at once world wide causing blackouts and frying all of the equipment. The utility of that isn't all that great but it would be devastating during a war and nearly impossible to detect in their code. The possibilities are endless.

    A private, for-profit company would never invest in such things and anything of the sort that would arise would be the result of a bug or something forced on them by federal regulation. Either way, whatever it was that compromised the equipment would be an accident and far less dangerous. When the company is funded and run by the state... and their motives are governed by ideology rather than profit, you can never truly know what the equipment is capable of. You could literally be installing a bomb in your rack and not even know it.

  17. Re:Huawei putting in back-doors is not the problem by Anonymous Coward · · Score: 2, Interesting

    it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch.

    They could, sure. And some people think the CIA has AES cracked. These people didn't think before forming an opinion. You don't put a backdoor on a sytem you yourself use, because if you do an enemy (who might not use your system) will be able to shut you down once it finds the backdoor.

    A private, for-profit company would never invest in such things

    Oh, boy, aren't you naive. Companies will do anything for money. A big company is not much different from a big government - both have great power and a great urge to abuse that power. Search for Room 641A.