Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Chinese Telecom That Spooks the World

Posted by samzenpus on from the trust-us dept.

wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."

10 of 153 comments (clear)

  1. Is that even possible? by Anonymous Coward · · Score: 5, Insightful

    How can you be absolutely sure they are not back-doored?

    1. Re:Is that even possible? by Anonymous Coward · · Score: 5, Funny

      You compare the byte-code to Cisco's.

  2. racism much? by Anonymous Coward · · Score: 5, Insightful

    Why is it ok that all internet equipment cc's a copy to the usa, but not ok to send the same copy to china?

    1. Re:racism much? by alexandre_ganso · · Score: 5, Insightful

      Why was this modded negative? It is a reasonable question. So is it fine for the NSA to spy everything, but not china? Double value.

  3. The reason by phantomfive · · Score: 5, Interesting

    The Reason the US is concerned about other countries using telecommunication equipment for spying is because they have done it already. A lot.

    If you don't want to be spied on, encrypt it.

    --
    "First they came for the slanderers and i said nothing."
  4. underhanded code by Anonymous Coward · · Score: 5, Insightful

    As anyone familiar with the underhanded code contest knows, it's possible to create code that looks fine, easily passes reviews from people even who are on the lookout for back doors, yet still contains back doors.

    It's essentially impossible to prove that your equipment is NOT backdoored, unless you designed and built it in-house and believe that your own engineering staff is trustworthy (its own problem, when there is a history of governments buying off employees within companies that have access to critical data and processes).

  5. They don't need back doors! by Anonymous Coward · · Score: 5, Informative

    I normally don't post anonymously but my employer deals with Huawei.

    According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.

    Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

    If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.

  6. Uphill PR Battle: Those Concerns are Growing by ohnocitizen · · Score: 5, Interesting

    ZDNet, CNN.

  7. Re:Dear USA people: by circletimessquare · · Score: 5, Funny

    from the comment you are responding to:

    You will see some responses to this comment of mine attempting to falsely equate Chinese authoritarian control of political opinion with various vile things the West does. Don't get me wrong: the West does plenty of evil things and there is plenty I criticize about my government. The difference is: they can express this political opinion of theirs freely, here in the West, and ironically, as they indulge false equivalency, they do not admit or do not know they would experience fear and intimidation if they tried to equally criticize Beijing, from within China.

    I myself disagree with those who falsely believe that the West is just as bad as China in regards to suppression of freedoms, but I fully support their right to spout their nonsense, unhindered by fear of government backlash.

    see how I inoculated my comment against yours?

    it's so easy to see you braindead false equivalency idiots coming a mile away. i'm sure you didn't even read my comment before formulating your useless mental vomit

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  8. Huawei putting in back-doors is not the problem. by Anonymous Coward · · Score: 5, Interesting

    I work for a telco supplier, so have had glimpses into the weird world of what happens behind the shonky service and bills.

    Huawei when they started out produced kit that was 'very similar' to Cisco. Now you suggest that perhaps they were paying too much homage to their US competitor, but it did mean their kit was pretty easy to deploy. You can setup a VPN in IOS, you can switch to Huawei kit and barely notice the difference.

    Next bit of their success was how they engaged with the customer. Legacy vendors have whole stacks of sales all hell-bent on shafting the telco for as much money as possible. Huawei wanted a foothold, kit was cheaper, but they really put in some effort to push the sale - Buy your new network from us, and we'll let you buy it on lease over a decade, our engineers will install/config/support it for you, we'll tweak stuff if it currently doesn't do what you want etc. Legacy vendors might have got a bit of a kicking from the dot.com crash, but they still dragged in the overly-complex vendor structure that makes that makes the proposal of similar flexible solutions somewhat difficult. Simply meant that if you were a small player with a valid business model, picking Huawei allowed you to very easily work out what the kit was going to cost you.

    With regards to spying, if they were, it wouldn't be let anywhere near the tier zeros. As far as I can make out, there's no real evidence of China using Huawei to spy and most of the allegations come from the incumbents/vested interests, trying to come up with a reason to oppose the shift in purchasing.

    If you're worried about back-doors - don't. They're already everywhere. I've been in plenty of offices which have the 'special room' that everything has to go through and telco employees don't even have the keys to. So just to carry on with this, if your kit DOESN'T have a back-door, it ain't going to be deployed. The only real topic of interest is just working out who holds the back-door-keys.