Slashdot Mirror
The Chinese Telecom That Spooks the World
wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."
How can you be absolutely sure they are not back-doored?
Why is it ok that all internet equipment cc's a copy to the usa, but not ok to send the same copy to china?
So, they are being tested by the security watchdog in the U.K. Big deal, they load up a specially prepped software image (like they do for all their customers) and pass the test. Next step is to have all operators buy their heavily discounted gear for almost nothing, implement it and have them install a critical software update to avoid exploits. Have that image backdoored and they are one step closer to total world domination.
I'm not a complete idiot... Some parts are missing.
The Reason the US is concerned about other countries using telecommunication equipment for spying is because they have done it already. A lot.
If you don't want to be spied on, encrypt it.
"First they came for the slanderers and i said nothing."
The Chinese Telecom That Spooks the Spooks
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
As anyone familiar with the underhanded code contest knows, it's possible to create code that looks fine, easily passes reviews from people even who are on the lookout for back doors, yet still contains back doors.
It's essentially impossible to prove that your equipment is NOT backdoored, unless you designed and built it in-house and believe that your own engineering staff is trustworthy (its own problem, when there is a history of governments buying off employees within companies that have access to critical data and processes).
I normally don't post anonymously but my employer deals with Huawei.
According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.
Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf
If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.
We do not distrust you, we do not dislike you.
We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of USA on the world stage, or have anything against USA culture or USA people. But because we oppose authoritarian government, of any kind, from any part of the world.
We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in Europe, but not for state control of political dialogue.
ZDNet, CNN.
I work for a telco supplier, so have had glimpses into the weird world of what happens behind the shonky service and bills.
Huawei when they started out produced kit that was 'very similar' to Cisco. Now you suggest that perhaps they were paying too much homage to their US competitor, but it did mean their kit was pretty easy to deploy. You can setup a VPN in IOS, you can switch to Huawei kit and barely notice the difference.
Next bit of their success was how they engaged with the customer. Legacy vendors have whole stacks of sales all hell-bent on shafting the telco for as much money as possible. Huawei wanted a foothold, kit was cheaper, but they really put in some effort to push the sale - Buy your new network from us, and we'll let you buy it on lease over a decade, our engineers will install/config/support it for you, we'll tweak stuff if it currently doesn't do what you want etc. Legacy vendors might have got a bit of a kicking from the dot.com crash, but they still dragged in the overly-complex vendor structure that makes that makes the proposal of similar flexible solutions somewhat difficult. Simply meant that if you were a small player with a valid business model, picking Huawei allowed you to very easily work out what the kit was going to cost you.
With regards to spying, if they were, it wouldn't be let anywhere near the tier zeros. As far as I can make out, there's no real evidence of China using Huawei to spy and most of the allegations come from the incumbents/vested interests, trying to come up with a reason to oppose the shift in purchasing.
If you're worried about back-doors - don't. They're already everywhere. I've been in plenty of offices which have the 'special room' that everything has to go through and telco employees don't even have the keys to. So just to carry on with this, if your kit DOESN'T have a back-door, it ain't going to be deployed. The only real topic of interest is just working out who holds the back-door-keys.