Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huawei Offers 'Complete and Unrestricted' Source Code Access

Posted by Soulskill on from the as-open-as-a-pr-campaign dept.

An anonymous reader writes "The BBC reports that 'Huawei has offered to give Australia unrestricted access to its software source code and equipment, as it looks to ease fears that it is a security threat. Questions have been raised about the Chinese telecom firm's ties to the military, something it has denied. Australia has previously blocked Huawei's plans to bid for work on its national broadband network. Huawei said it needed to dispel myths and misinformation.' But is this sufficient? Will they be able to obscure any backdoors written into their equipment?"

6 of 255 comments (clear)

  1. Re:Source by Lehk228 · · Score: 5, Informative

    not even the firmware, there could trivially be a on-chip backdoor,

    --
    Snowden and Manning are heroes.
  2. Re:Source by RedPhoenix · · Score: 4, Informative

    Yes; some very good people who evaluate products for use within the Oz government and Defence:
    http://www.dsd.gov.au/infosec/epl/index.php

    However, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.

    Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.

  3. Re:Source by socceroos · · Score: 5, Informative

    The DSD (Defence Signals Directorate) are the ones in Australia who would vet this equipment - they already do it for all equipment used by ASIO, ASIS and other secretive organisations here. The other thing to remember is that it was the DSD that told the Government not to trust Huawei's hardware. Now they get to have a good look at the code without the need to reverse engineer.

  4. Re:Source by Anonymous Coward · · Score: 4, Informative

    Because the rest of those companies weren't founded and run by ex-Chinese military and long-time Chinese Communist Party members?

  5. Re:Is this Sufficient? What else could you want? by mhotchin · · Score: 4, Informative

    http://cm.bell-labs.com/who/ken/trust.html

    If you haven't read it, or even if you haven't read it recently, you really should.

  6. Who needs a back door? by Minupla · · Score: 4, Informative

    Who needs a back door when you have a range of security vulnerabilities to choose from.

    Here's the slide deck from the talk on Huawei talk at Defcon 20 this year. At the end of the talk the presenter addressed the topic of backdoors by saying (my paraphrase) given the state of the code, who knows if a given hole is a backdoor or unintential security vulnerability.

    The deck is worth a read if only for the fortune cookie slides, which contain actual quotes from the object code:
    http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before