Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huawei Offers 'Complete and Unrestricted' Source Code Access

Posted by Soulskill on from the as-open-as-a-pr-campaign dept.

An anonymous reader writes "The BBC reports that 'Huawei has offered to give Australia unrestricted access to its software source code and equipment, as it looks to ease fears that it is a security threat. Questions have been raised about the Chinese telecom firm's ties to the military, something it has denied. Australia has previously blocked Huawei's plans to bid for work on its national broadband network. Huawei said it needed to dispel myths and misinformation.' But is this sufficient? Will they be able to obscure any backdoors written into their equipment?"

13 of 255 comments (clear)

  1. Source by bjb_admin · · Score: 5, Interesting

    Does the Australian Govt have anyone that can actually properly security audit this? I am sure they are not going to want to spend the money to hire someone who can. Also, who is to say the binary blob firmware doesn't have a back door. Its not like the Australians are going to compile it and install it themselves.

    1. Re:Source by Lehk228 · · Score: 5, Informative

      not even the firmware, there could trivially be a on-chip backdoor,

      --
      Snowden and Manning are heroes.
    2. Re:Source by AK+Marc · · Score: 5, Insightful

      Yes, though there's no evidence of any improper activities from any Huawei gear, and they are already a step ahead of US voting machines.

      In the US, voting machines pick the next president. With secret closed-source code in an industry with proven fraud and from companies with proven previous errors.

      In Australia, they have the source code for routers running a residential broadband network, and that's not good enough.

      Why does something seem wrong with that?

      --
      Learn to love Alaska
    3. Re:Source by RedPhoenix · · Score: 4, Informative

      Yes; some very good people who evaluate products for use within the Oz government and Defence:
      http://www.dsd.gov.au/infosec/epl/index.php

      However, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.

      Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.

    4. Re:Source by socceroos · · Score: 5, Informative

      The DSD (Defence Signals Directorate) are the ones in Australia who would vet this equipment - they already do it for all equipment used by ASIO, ASIS and other secretive organisations here. The other thing to remember is that it was the DSD that told the Government not to trust Huawei's hardware. Now they get to have a good look at the code without the need to reverse engineer.

    5. Re:Source by Anonymous Coward · · Score: 4, Informative

      Because the rest of those companies weren't founded and run by ex-Chinese military and long-time Chinese Communist Party members?

    6. Re:Source by overbaud · · Score: 5, Insightful

      The way this works is: 1. Cisco lobby US gov. 2. US gov put pressure on Aus gov. 3. Aus gov create FUD about cisco rival. 4. Aus gov buy cisco. 5. Profit - cisco and US senators.

      --
      Users... the only thing keeping 1st level support from being the bottom feeders.
  2. Cisco and Motorola may object by Anonymous Coward · · Score: 5, Funny

    ...seeing as how it's their source code being released.

  3. Re:Besides by fredprado · · Score: 4, Insightful

    Sorry, but there is absolutely no company in the world that has this thing called "character".

  4. The US government did it! by kawabago · · Score: 5, Insightful

    When American telecom companies won contracts to supply soviet satellite, I think it was Poland, with telecom equipment, The CIA or NSA or both managed to get back doors into the equipment to both monitor calls and in the event of hostilities, to shut the phone system down completely. If American companies let their Government subvert their technology in foreign countries, China would be foolish not to.

  5. Re:Is this Sufficient? What else could you want? by mhotchin · · Score: 4, Informative

    http://cm.bell-labs.com/who/ken/trust.html

    If you haven't read it, or even if you haven't read it recently, you really should.

  6. Who needs a back door? by Minupla · · Score: 4, Informative

    Who needs a back door when you have a range of security vulnerabilities to choose from.

    Here's the slide deck from the talk on Huawei talk at Defcon 20 this year. At the end of the talk the presenter addressed the topic of backdoors by saying (my paraphrase) given the state of the code, who knows if a given hole is a backdoor or unintential security vulnerability.

    The deck is worth a read if only for the fortune cookie slides, which contain actual quotes from the object code:
    http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  7. Anything new from Slashdot ? by Taco+Cowboy · · Score: 4, Insightful

    Is there anything new Slashdot can offer, other than this same old China bashing orgy?

    If you think that equipments from Huawei is dangerous, what makes you think that Cisco equipment don't come with backdoors?

    Which equipment the Stuxnet virus targeted?

    Equipment from China or those from the Western countries?

    It's easy to bash China - as China has become the poster boy for bashing orgy - from Presidential debate to this one in Slashdot - but I do expect MORE from those who come to Slashdot.

    Unlike the tweedledee and tweedeldum on the presidential debate, you guys do have brains.

    It's time you use your brain to think, rather than letting others doing the thinking for you.

    If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?

    --
    Muchas Gracias, Señor Edward Snowden !