Slashdot Mirror
The Pentagon Bans Huawei, ZTE Phones From Retail Stores On Military Bases (theverge.com)
The Pentagon is ordering retail outlets on U.S. military bases to stop selling Huawei and ZTE smartphones, citing security risks. "Huawei and ZTE devices may pose an unacceptable risk to the department's personnel, information and mission," a Pentagon spokesperson said in a statement to The Wall Street Journal. "In light of this information, it was not prudent for the department's exchanges to continue selling them." The Verge reports: U.S. military members can still buy Huawei and ZTE devices for personal use from other stores, as there's no outright ban on that for now. But the spokesperson elaborated that the Pentagon is considering whether it should send out a military-wide advisory about the devices. U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility. An anonymous source told the WSJ that military leaders are wary that Beijing could use ZTE and Huawei devices to locate soldiers' exact coordinates and track their movements. Huawei responded to the news in a statement to The Verge: "Huawei's products are sold in 170 countries worldwide and meet the highest standards of security, privacy and engineering in every country we operate globally including the U.S. We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us compromise the security or integrity of any of our networks or devices."
The USA wants to ensure that the only backdoors are theirs.
It is important for the paranoid letter spaghetti agencies to be able to track, trace and intercept everyone in the USA because you are all potential enemies of the state.
The flip side of this is that US technology should not be trusted any more than Chinese technology.
U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility.
It may be true that these Chinese companies do not currently implement government-mandated backdoors in their products, and it may be true that they truly would resist such government mandates. However, the assertion that such coercion is not possible is not believable. It's not believable for US companies, and it's not believable for Chinese companies.
If I decided to peruse the code looking for backdoors, how hard would it be?
Almost impossible.
First, you don't actually have the code. You have, at best, a binary created from the code. That could be run through a disassembler and you could spend many, many hours combing through the output looking for something interesting.....but we're talking about something on the scale of reading a large portion of books in a small library looking for one particular sentence....and that sentence can be phrased many different ways.
But it's not necessarily in the code on the phone's filesystem and probably isn't. It's far more reliable for the Bad Guys to put their malware into the chips that make up the phone. You're really not going to find something that's embedded in, say, the chip that runs one of the phone's radios. First, you don't have a way to address it from the software running in the main CPU - you only get to communicate over what the phone maker put in, and that is not going to be complete access to the chip. Second, it's not just a binary sitting on a filesystem, it's a binary embedded in the chip. And your only way to access it is to ask the chip nicely. It doesn't have to let you see the binary, and even if it does show you something, you have no way of knowing if that binary is actually what is running in the chip.
And that's assuming it's still in the firmware and not something baked into the silicon, though that is unlikely. It's hard to do and firmware is plenty good enough.