Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Pentagon Bans Huawei, ZTE Phones From Retail Stores On Military Bases (theverge.com)

Posted by BeauHD on from the safety-precautions dept.

The Pentagon is ordering retail outlets on U.S. military bases to stop selling Huawei and ZTE smartphones, citing security risks. "Huawei and ZTE devices may pose an unacceptable risk to the department's personnel, information and mission," a Pentagon spokesperson said in a statement to The Wall Street Journal. "In light of this information, it was not prudent for the department's exchanges to continue selling them." The Verge reports: U.S. military members can still buy Huawei and ZTE devices for personal use from other stores, as there's no outright ban on that for now. But the spokesperson elaborated that the Pentagon is considering whether it should send out a military-wide advisory about the devices. U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility. An anonymous source told the WSJ that military leaders are wary that Beijing could use ZTE and Huawei devices to locate soldiers' exact coordinates and track their movements. Huawei responded to the news in a statement to The Verge: "Huawei's products are sold in 170 countries worldwide and meet the highest standards of security, privacy and engineering in every country we operate globally including the U.S. We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us compromise the security or integrity of any of our networks or devices."

17 of 86 comments (clear)

  1. Backdoors by sit1963nz · · Score: 4, Insightful

    The USA wants to ensure that the only backdoors are theirs.
    It is important for the paranoid letter spaghetti agencies to be able to track, trace and intercept everyone in the USA because you are all potential enemies of the state.

    The flip side of this is that US technology should not be trusted any more than Chinese technology.

    1. Re:Backdoors by Roger+W+Moore · · Score: 2, Insightful

      The flip side of this is that US technology should not be trusted any more than Chinese technology.

      Just imagine the outcry though if China had banned the sale of the iPhone giving the same reasons! These sort of national security type arguments are likely to end up backfiring on the US when other governments start to apply the same logic.

  2. No possibility of government coersion? by larryjoe · · Score: 4, Insightful

    U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility.

    It may be true that these Chinese companies do not currently implement government-mandated backdoors in their products, and it may be true that they truly would resist such government mandates. However, the assertion that such coercion is not possible is not believable. It's not believable for US companies, and it's not believable for Chinese companies.

    1. Re:No possibility of government coersion? by green1 · · Score: 2

      But why would you single out 2 Chinese manufacturers vs every other manufacturer out there? Keep in mind that there are ZERO phones made entirely in a jurisdiction under US control.

    2. Re:No possibility of government coersion? by Anonymous Coward · · Score: 2, Insightful

      The employees and executives of Apple, for instance, are under US jurisdiction. They answer to US authority despite the fact that make their products in China. The employees and executives of Samsung are under South Korean jurisdiction, a nation that is closely allied with the US and over which the US has great power. They will answer to the US despite the fact that they make their products in China.

      Despite the misguided grant of MFN trading status, China is not an ally of the US and Huawei and ZTE employees and executives do not answer to US authority. Further, the DOD is not obligated to play fair in matters of national security, which may account for why, for instance, Lenovo products are not also banned. The DOD is permitted to make judgement calls based on information to which you are not — and will not be made — privy. The world is not a great big romper room where fairness always prevails and you are not owed an explanation for every decision. These realities will become increasingly clear to you as you mature.

    3. Re:No possibility of government coersion? by Junta · · Score: 2

      You are sorely mistaken if you think American executive is in any way a deterrent from China attempting anything. Not to say China would do it, but the American execs are too busy counting their money to care or delegate caring about what their Chinese suppliers are doing.

      From China's perspective, they have so many channels to inject things into the supply chains through component vendors no one has even heard of, and under less scrutiny than Huawei. I think the risk from the things not even enumerated exceed the risk from Huawei. Huawei has much higher value to be made 'proof' that China can make a dominant technology company entirely organically without so much help from western companies (contrast to Lenovo, which purchased western assets from IBM and even 'westernized' their own name, China's government would probably much rather have the organic, unapologetically Chinese Huawei be what people think of when they think Chinese tech company).

      --
      XML is like violence. If it doesn't solve the problem, use more.
  3. How hard is it to notice these things? by Snotnose · · Score: 2

    Lets say I'm a software engineer for some handset company mostly doing low level stuff (drivers/kernels/etc) I'm pretty familiar with the code base but pretty clueless on encryption. If I decided to peruse the code looking for backdoors, how hard would it be? I'm not expecting backdoor.NSA() or anything like that, but would it look to me like a bug I might fix spontaneously (ok, submit bug report, email to whomever asking it be assigned to me, fix problem, wait for it to be assigned to me, take ownership of bug, check in, close bug. But you know what I mean).

    1. Re: How hard is it to notice these things? by Anonymous Coward · · Score: 2, Informative

      the backdoors that matter are in the hardware, not visible to most.

    2. Re:How hard is it to notice these things? by jeff4747 · · Score: 4, Interesting

      If I decided to peruse the code looking for backdoors, how hard would it be?

      Almost impossible.

      First, you don't actually have the code. You have, at best, a binary created from the code. That could be run through a disassembler and you could spend many, many hours combing through the output looking for something interesting.....but we're talking about something on the scale of reading a large portion of books in a small library looking for one particular sentence....and that sentence can be phrased many different ways.

      But it's not necessarily in the code on the phone's filesystem and probably isn't. It's far more reliable for the Bad Guys to put their malware into the chips that make up the phone. You're really not going to find something that's embedded in, say, the chip that runs one of the phone's radios. First, you don't have a way to address it from the software running in the main CPU - you only get to communicate over what the phone maker put in, and that is not going to be complete access to the chip. Second, it's not just a binary sitting on a filesystem, it's a binary embedded in the chip. And your only way to access it is to ask the chip nicely. It doesn't have to let you see the binary, and even if it does show you something, you have no way of knowing if that binary is actually what is running in the chip.

      And that's assuming it's still in the firmware and not something baked into the silicon, though that is unlikely. It's hard to do and firmware is plenty good enough.

  4. Re:Security by ShanghaiBill · · Score: 2

    What guarantee is there that other brands/models don't pose security risks as well?

    There are no "guarantees" in computer security, only probabilities. You work to minimize risk, but you can't eliminate it.

    American devices may have bugs, and they may even have intentional backdoors, but those backdoors are not there at the behest of a foreign government.

    Huawei and ZTE need to do more to show that their code is clean. That means external code reviews, and cryptographic signatures to guarantee that the code in the ROM matches the official binary compiled from the certified source.

  5. Re:Too late for me by youngone · · Score: 2
    I am replying to your comment from a Five Eyes country over Internet infrastructure that is almost entirely supplied by Huawei.
    There is no way the US would have let that happen if there was anything serious in this. It's probably just another part of the Trade War that is Good, and Easy to Win ©

    Also, that Honor 7x looks like a nice phone for the money. I wonder how good the camera is.

  6. Ok gubmint by TimMD909 · · Score: 2, Insightful

    Time for the government to put up or shut up with its exact and explicit concerns. If they're sitting on intel that Chinese phone companies aren't acting proper, then shame on my government.

    1. Re:Ok gubmint by clonehappy · · Score: 2

      Jesus fucking Christ, how naive can you be? Are you honestly trying to tell me that you don't already know that every smartphone, fuck, every piece of communications/data equipment in modern existence is compromised six ways to Sunday?

      No one is "sitting on intel", it's a known fucking fact. The military brass obviously have the exact same concerns I would have about using those devices: that the Chinese government is getting all of my information. I wouldn't expect stores on Chinese military bases to sell Apple or any other US-based outfit's phones for the exact same reason, because the US government would be getting all of their information.

      I'm sure you could even make an argument that Motorola (Lenovo) phones shouldn't be sold on base, either. But at least Lenovo isn't literally an arm of the Chinese government like ZTE. Letting any military information, no matter how trivial, pass over these compromised devices is indeed an issue of national security. I suppose you could also argue that by letting the rank and file use ZTE/Huawei phones that they are evading the domestic spy grids, in which case the higher-ups want them back on their own compromised plantation to they can know their every word and thought.

      But at any rate I mean, seriously, grow up into the real fucking world. Would you expect any military to allow its members to use comms that are literally manufactured by their enemy's government? Do you honestly think any device, foreign, domestic, or in between isn't just a minor backdoor away from being a (if not already a direct) conduit to some intelligence agency of some sort? For fuck's sake. It's not a secret anymore.

    2. Re:Ok gubmint by thegarbz · · Score: 2

      Jesus fucking Christ, how naive can you be? Are you honestly trying to tell me that you don't already know that every smartphone, fuck, every piece of communications/data equipment in modern existence is compromised six ways to Sunday?

      Someone's tinfoil hat fell off.

  7. Re:Of course they know... by Excelcia · · Score: 3, Interesting

    Any soldier, sailor, or airman who takes ANY powered phone on an op should be charged. EMCON considerations are serious, and they will locate you faster from the fact you are making any transmission than they will locate you from hacks in the phone's OS. This is drilled into everyone.

    No, this is far too measured an escalation, this tells me there are untold behind-the-scenes activities being played out here. This is a shot across the bow. A first real action to hit them in the sales department. I suspect US agencies are trying to negotiate behind-the-scenes deals with Huwei to get their own greasy mitts into the guts of phones they sell in North America and are using the prospect of banning their sales outright for "national security" reasons to put the gears on them. If Huwei doesn't give in, they will find the US will escalate claims of Chinese spying and Huwei will lose access to the market.

  8. Yes, they are trying to.. by thesupraman · · Score: 2

    You have obviously missed the big chains pulling them from the shelves at the request of the government?

    No, not 'banning' them, just the usual quiet in the background secret deals to, you know, ban them.
    https://www.theverge.com/2018/1/30/16950122/verizon-refuses-huawei-phone-att-espionage-cybersecurity-fears
    https://www.theverge.com/2018/3/22/17151186/best-buy-huawei-smartphone-china

    Of course its a bit of a toss up as to the real reason - it is because they wont install the US backdoors, or because the US is protecting Apple? probably safe to assume both.

  9. Too little, too late by thunderclees · · Score: 2

    What about the computing and networking infrastructure?
    Can they really be so naive to think that computing and network gear was not the first thing that was bugged?