Europe Should Be Afraid of Huawei, EU Tech Official Says

The European Union should be worried about Huawei and other Chinese technology companies because of the risk they pose to the bloc's industry and security, the EU's technology commissioner said on Friday. From a report: "Do we have to be worried about Huawei or other Chinese companies? Yes, I think we have to be worried about those companies," Andrus Ansip told a news conference in Brussels, days after a top executive at Chinese tech giant Huawei was arrested in Canada as part of an investigation into alleged bank fraud.

Huawei, which generated $93 billion in revenue last year and is seen as a national champion in China, faces intense scrutiny from many Western nations over its ties to the Chinese government, driven by concerns it could be used by Beijing for spying. Ansip said he was concerned because Chinese technology companies were required to cooperate with Chinese intelligence services, such as on "mandatory back doors" to allow access to encrypted data.

He also said those companies produce chips that could be used "to get our secrets." "As normal, ordinary people we have to be afraid," he said, adding he did not have enough information about the recent arrest in Canada.

yellow peril

Oh noes not the yellow peril all over again. Reds under the bed, cue generic ranting...

Well actually I agree. And I spent a number of years actually examining the insides of Huawei kit for security evaluation. What Huawei are, are masters of shifting the blame, making "accidental" firmware features that shouldn't be on kit when its discovered, and calling racist on every single person who has the audacity to actually out flaws.
Plus they get all of their larger corporate customers tied into a non disclosure agreement on flaws, and fix security issues that the customer refuses to deploy with quietly with no mention in the release notes. So you will *never* hear of a really bad flaw unless its found by a independent researcher (which I was not) because their hands are tied. And independent's don't usually buy in enterprise class hardware for their personal labs.
I also used to deal with other major vendors, and yes, some of them were equally as bad at disclosing & avoiding actually fixing something they could "manage" their way out of doing, but none of them ever tried to get me fired as a racist for finding flaws. Some were great, you found something, they fixed it and you had the fix/release in a day/week, and they used to offer to attribute the finding (which I couldn't accept, because I also had a NDA and no publicity clause).

Of course, so say random guy on slashdot. But...

China copies US

[Framboise]

Over the years we have learned that many US high tech products (processors, motherboards, USB devices,...) contain backdoors, and US developped cryptographic algorithms are deliberately weakened. Now the Echelon states warn EU that China does the same. Smokescreen to the EU ?
   

Probably more concerned about not spying for us.

The European Telecommunications Standards Institute (ETSI) just came up with eTLS, a version of TLS1.3 that can be decrypted by middleboxes because it uses static keys instead of ephemeral keys from a DH key exchange. This eTLS version is to be used so that companies can decrypt TLS connections to inspect for viruses, information leaks, etc., but also so that data inspection requirements of law enforcement can be fulfilled. American companies are subject to American spy agencies and can be forced to implement backdoors that they cannot tell any of their customers about. The existence of National Security Letters leave not a shred more trust in these companies' products than the reign of the Chinese government over Huawei leaves in their products. Nobody's warning about using Erricson, Nokia, Alcatel, Juniper or Cisco in our networks. These are companies which are beholden to "the good guys", right? They are not more secure, but we can tell them to give us backdoor access. We cannot tell Huawei to open a network for us. I think that's the actual reason behind those warnings. Nobody is trustworthy. The difference is who will cooperate with us.

Be very afraid...

[sudden.zero]

...I worked in the mobile industry for years, for many cellular manufacturers, programming mobile devices, and testing them for on-boarding with the carriers. The one thing that seemed to be a standard across the board with most Chinese manufacturers, I won't name names due to non-disclosure agreements, is that location services was turned on in the EPROM whether it was off in the UI or not. So, Chinese devices failed location services tests almost every time, and the carrier would send the device back. The "bug" would be fixed, tested with QXDM or other diagnostic tools, and then submitted as fixed. Then when the next version of software was put out the "bug" would be back, and it would have to be fixed again. This was never the case with Japanese, Korean, or American manufacturers...only the Chinese manufacturers. For this reason I won't buy cellular devices manufactured in China. If I turn my location services off I want them off period! If they are doing that with LBS think what they are probably doing with the rest of the data on your device. Credit Card info, Banking info, personal data, etc. nothing is safe...or as safe as it can be in this world.

Re:Classic whataboutery [Re:china... scary! Russia

irony at its finest! or whataboutism inception!

either way, articles like this are predominantly used to distract from the fact that our own people are doing this to us which IS more concerning than a foreign country doing it. If the people in our own country were to focus on security instead of stockpiling zero days then it would make logical sense to complain about the people who are actively trying to undermine security. Until that day, all of these complaints about chinese companies are hyperbolic hypocritical bullshit. As the saying goes, people in glass houses shouldn't throw stones, which is a fitting saying because that is what our own government is trying to do to us (put us in glass houses). As much as the EU is trying to signal that they care about privacy with the GDPR stuff, at the same time they are trying to enact "lawful" mechanisms to break encryption.

I am not saying that we shouldn't worry about china or Russia, im saying that we should clean up our own backyard and provide private and secure technology for our people before we go complaining about someone else.