Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com)

Posted by msmash on from the where-there-is-smoke dept.

The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."

58 of 131 comments (clear)

  1. Le sigh.... by Syphonius · · Score: 4, Interesting

    And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).

    It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.

    1. Re:Le sigh.... by Anonymous Coward · · Score: 2, Informative

      https://www.networkworld.com/article/2223272/60-minutes-torpedoes-huawei-in-less-than-15-minutes.html = there's no believing this company.

    2. Re:Le sigh.... by AmiMoJo · · Score: 5, Insightful

      This is just the UK government towing the US line, because in a few weeks it may be rather desperate for a trade deal. No harm in getting the ass-kissing started early.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Le sigh.... by Anonymous Coward · · Score: 1, Insightful

      It's kind of sad how much of a Chinese apologist you are to the point you will even be against your own country.

      If you like China so much why don't you move there?

    4. Re:Le sigh.... by TigerPlish · · Score: 2

      towing the US line

      TOEING the line. As in y'all stand nice and neat toes on the white line so you're all the same.

      "Towing the line makes no sense", and neither does making any business investments in Britain for the next half-decade.

      Brexiters ruined that country, businesses hate FUD more than anything else. All Brexit has done is poison England for business.

      --
      The "Civilized World" jumped the shark ca. 1973.
    5. Re: Le sigh.... by Anonymous Coward · · Score: 1

      They would put him in a concentration camp immediately. If only the UK had the balls...

    6. Re:Le sigh.... by Anonymous Coward · · Score: 1

      Say no to Huawei... please world governments. Let's get this one right.

    7. Re:Le sigh.... by Aighearach · · Score: 1

      Toeing the line, but not as in standing nice and neat so you're all the same.

      The line is the rule that you're not supposed to cross. "Toeing the line" means you're trying to get as close as you can to breaking the rule, without breaking it.

      If they were toeing the line for the US, that means they're just barely complying with demands that they didn't really want to follow.

      If they were trying to be nice and neat just the same as everybody like a good boy, they'd be standing well back from the line, following the intent of the rule. You don't follow the intent of the rule at the edge; the recommended best practices will always be well back from the lines.

    8. Re:Le sigh.... by Anonymous Coward · · Score: 1

      As always, you are 100% wrong and stupid.

      The UK and the US are basically joined at the hip when it comes to intelligence sharing. Contrary to what cretins like you think, the UK is an absolute world titan when it comes to sigint, humint and analysis. Whether that's good or bad is another matter... but the fact remains that the decision by the UK isn't based on Brexit (you short-sighted fucking halfwit). It's based on protecting extremely valuable shared assets.

    9. Re:Le sigh.... by TigerPlish · · Score: 2

      Toe the line's always been about conformity / uniformity. I learned it in the military, and before that in school. "Line up, toes on the line"

      https://en.wikipedia.org/wiki/...

      Dunno what word to use to express your sentiment. Pushing the limit?

      --
      The "Civilized World" jumped the shark ca. 1973.
    10. Re:Le sigh.... by Gonoff · · Score: 1

      ...in a few weeks it may be rather desperate for a trade deal

      You may be under a false impression. WE really REALLY do not want the deal that President Donald Fart is offering us where we have to drop everything from food standards to the NHS before we can take goods from his rich friends and their servants.

      --
      I'll see your Constitution and raise you a Queen.
  2. Another explanation by Okian+Warrior · · Score: 2, Interesting

    And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).

    It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.

    With all this calling out of Huwei, it sounds suspiciously like the US security agencies found a specific back-door planted in the products, want to alert everyone to the issue, but also don't want to make the vulnerability public so they can use it for themselves.

    1. Re:Another explanation by Anonymous Coward · · Score: 1, Insightful

      In actuality it is the opposite. Huawei won't install the back doors the 3 letter agencies use on its hardware.

    2. Re:Another explanation by AmiMoJo · · Score: 4, Interesting

      Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market. So now all the US companies that make similar equipment are losing contracts to Huawei, so the government decided to help them out by raising some "security concerns".

      It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Another explanation by BringsApples · · Score: 3, Insightful

      China has a dictator government, so everything in China is owned by it's government, at least from the government's perspective. Everything tech, from China, should be evaluated.

      --
      Politics; n. : A religion whereby man is god.
    4. Re:Another explanation by TigerPlish · · Score: 1, Offtopic

      It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

      You know, espionage requires that sometimes you tap peoples' lines, steam their mail open, and r00t their routers.

      If NSA did that to everybody indiscrimnately, boo, bad agency.

      If they did to enemies of the USA, or friends of enemies of the USA, then more power to them.

      It's dirty business but it has to be done.

      Are you going to argue that a country should take zero steps to protect itself?

      --
      The "Civilized World" jumped the shark ca. 1973.
    5. Re:Another explanation by Anonymous Coward · · Score: 1, Insightful

      Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market.

      5G doesn't exist yet. It's a marketing term for now, just like what happened to 3G and LTE. We have discussed this at length before this fiasco started.

      It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

      Red handed? Tailored access operations tailors access to any equipment whatsoever. They intercepted Cisco hardware, modified it, and sent it on it's way. If you think that can't be done or isn't being done to any hardware manufacturer who has a customer the NSA has an interest in, you are beyond helping.

      It's time to put down the politics and look at the world of facts and reason.

    6. Re: Another explanation by Anonymous Coward · · Score: 1

      "Literally every American citizen was tracked by the Obama NSA." = A lie from an uninformed idiot who knows nothing about Thinthread, Xkeyscore, irate-monkeys, any of it.

      META data was collected for pattern analysis, it was collected anyway. That was not all "mined" and no, you were not even aware of it at the time - BECAUSE IT HAD NO REPERCUSSIONS FOR YOU.

      That's not the case with China's industrial state-owned spying apparatus. Go see the inside of a Chinese prison for proof, you idiot.

    7. Re:Another explanation by Locke2005 · · Score: 1

      "We got computers, we're tapping phone lines I know that that ain't allowed We dress like students, we dress like housewives Or in a suit and a tie I changed my hairstyle, so many times now I don't know what I look like!"

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    8. Re:Another explanation by Aighearach · · Score: 2

      There are two European companies already selling competing hardware.

      You've already been informed of that in other threads, can you please dial down the stupid at least 2 notches?

    9. Re:Another explanation by Gonoff · · Score: 1

      ...enemies of the USA, or friends of enemies of the USA...

      Do you mean enemies of the USA or enemies of your rulers? The two are very different.

      Just because someone loathes the people who think they have a divine right to control your country without you knowing who they all are, does not mean they are hostile to you or your country. I'm not talking about your weird far right, your "militias" or even your religious fundamentalists. You saw an example of "control" before your last election when one person was stopped from running and someone less likely was told she could.

      The trouble with truth is that we have been trained to reject it as a conspiracy theory.

      --
      I'll see your Constitution and raise you a Queen.
    10. Re:Another explanation by Rolgar · · Score: 1

      Specifically Ericson and Nokia? From investment info regarding 5G I'm reading, those are the only two companies that can sell 5G gear in the US.

  3. I'm curious by Opportunist · · Score: 4, Insightful

    How does it compare to the competition? It's not like there's been too much of a stellar privacy and security conscious record in the whole industry...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Buy US gear by anonieuweling · · Score: 3, Insightful

    Buy US gear because then the US can use them backdoors in there.
    Chinese gear has no US-compatible backdoors.

    1. Re:Buy US gear by kenai_alpenglow · · Score: 2

      What is a "compatible backdoor"? I'm sure the US, if they know about it, can exploit it. I'm also sure that China has backdoors in it. Why would we expect a communist dictatorship know for industrial espionage NOT to put them in?

    2. Re:Buy US gear by satsuke · · Score: 3, Informative

      Which US gear are you referring to?

      Nokia is Nokia-Alcatel-Lucent, not sure which is dominant, other than Nokia is Norway, Alcatel was French
      Ericsson is Sweden
      Samsung is Korean

      That's most of your LTE infrastructure vendors, and all are not US based.

    3. Re:Buy US gear by Parker+Lewis · · Score: 1

      Cisco?

    4. Re:Buy US gear by RockDoctor · · Score: 1

      other than Nokia is Norway

      Nokia was Finnish, not Norwegian. They don't even speak languages in the same language group.

      Then some bunch of Americans brought it, made it into a laughing stock, and ... does it still actually exist in a meaningful sense?

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    5. Re:Buy US gear by Aighearach · · Score: 1

      For a US 5G supplier you can try to go to HP, but the work is really being done by a German partner company.

    6. Re:Buy US gear by microbox · · Score: 1

      The intelligence services in the USA will intercept the shipping of a product of a specific individual to install hardware backdoors. They aren't installed on literally every device, because the devices are made by private firms.

      --

      Like all pain, suffering is a signal that something isn't right
    7. Re:Buy US gear by microbox · · Score: 1

      Something like 90% of Finland speak Finnish. It's completely different to Swedish or Norwegian.

      --

      Like all pain, suffering is a signal that something isn't right
    8. Re:Buy US gear by strikethree · · Score: 1

      That's most of your LTE infrastructure vendors, and all are not US based.

      That is what happens when you rest on your laurels after dominating the entire world. Maybe Americans should be looking at creating new fields to farm rather than staying stuck 50 years in the past trying to squeeze the maximum amount of money of what existed then?

      It is almost like the Apollo Program was the last big hurrah and everything after that has just been harvesting the results... and it is ending. The resources are drying up. In a few more decades, America will be no more special than the UK or Portugal despite both being world powers at one point or another.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  5. My Solution by AlanObject · · Score: 4, Insightful

    If I were driving Hauwei at this point I would open-source all the software running on my devices. Their competitive edge is in slave-labor manufacturing and insane levels of customer financing, not technical innovation.

    Of course they would still have to address the possibility of silicon or FPGA based backdoors but that might be worked out in a similar way.

    1. Re:My Solution by Cid+Highwind · · Score: 1

      But then the inevitable patent infringements would be exposed, and the west would have actual legal reasons to ban Huawei gear instead of all this vague talk about "security risks".

      --
      0 1 - just my two bits
    2. Re:My Solution by UnknowingFool · · Score: 1

      Not only that, Huawei is accused of stealing tech from other companies. Unless Huawei extensively rewrites the code, someone from the Cisco, for example, is going to notice that their proprietary drivers are in Huawei’s open source code.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    3. Re:My Solution by Aighearach · · Score: 1

      If I were driving Hauwei at this point I would open-source all the software running on my devices.

      You would be executed for corruption. Literally.

  6. Alternatives by Meneth · · Score: 1

    So if Huawei is compromised by the Chinese government because it is based in China, who could compromise the other network equipment manufacturers? According to Wikipedia:

    Avaya, Cisco, Hewlett Packard, Juniper, Motorola, and Qualcomm: USA.

    Ericsson: Sweden.

    Fujitsu and NEC: Japan.

    Nokia: Finland.

    ZTE: China.

    It seems ZTE is similarly disliked by the US government, while the others are either American or controlled by US allies.

    1. Re:Alternatives by Anonymous Coward · · Score: 1

      "because it is based in China" = Not the focus. Because it is wholly owned by the Chinese Communist Party and operated by Chinese military officers to deliberately obtain intel for their APT hacking operations. Pay attention.

      Huawei certainly is NOT the only Chinese company that has been both proven and accused of doing this. Reading is key. National origin is "of concern" but that's not 100 or 1:1 what is being discussed, nor why.

      The history of these individual companies is not something you can just whitewash by national origin, and that goes for the US companies you listed too. I wouldn't trust them without verification and formal analysis.

      The difference? China's government puts a million people in prison based on their ethnicity alone, or whether they smile at facial recognition cameras. The US government uses data to thwart hacking attacks originating in China.

      You decide which is reasonable by your own criteria, but if you choose Chinese prison, go there and experience it first please.

    2. Re:Alternatives by microbox · · Score: 1

      Big businesses in China are essentially wings of the communist party. By analogy, it would be like if the GOP owned and controlled 90% of US manufacturing. Not the US government. The GOP. And it would also be like the GOP controlled the entire military, and the military is sword to the President. Not he country. The president. Just like in Nazi Germany.

      China has large parts under military occupation, and massive camps full of prisoners of conscious. Like if the GOP rounded up large segments of the population, put them in interment camps, and then harvested their organs for profit.

      It's really a great place.

      --

      Like all pain, suffering is a signal that something isn't right
  7. US lap dog barks on command by bradley13 · · Score: 5, Insightful

    Remember when the UK supported the US fantasy of WMD in Iraq?

    The US says "jump". The UK government asks "how high?"

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:US lap dog barks on command by DNS-and-BIND · · Score: 1
      Remember when Mueller lied us into the Iraq War? Here's video evidence of him lying to Congress.

      He gave the impression that the FBI, the trusted organization that would never lie, approved of the invasion as absolutely necessary. Because Iraq was going to give WMD to Al-Qaeda, despite Saddam utterly hating Islamists and Al-Qaeda utterly hating nationalists like Saddam.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    2. Re:US lap dog barks on command by jbmartin6 · · Score: 1

      Who said jump when? The report talks about a process working with Huawei going back many years to mitigate various concerns they have about the underlying architecture. There is no discussion of incidents or any specific vulnerability. It is mainly about Huawei's use of a third party realtime OS that is out of general support (Huawei purchased a separate long term support agreement) and their continued use of single user space on different set of devices.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  8. Go with Huawei by PPH · · Score: 1

    warnings from U.S. officials

    Because Chinese lap dogs are cuter than British.

    --
    Have gnu, will travel.
  9. Open Your Backdoor To Everyone by Anonymous Coward · · Score: 1

    US kit was developed by a few engineers from the US but mostly immigrants/HB2s from India, China, UAE, etc., with source and schematics stored on networks run by Somali and Nigerian admins.
    Huawei kit was developed by engineers from China.
    So do you want you network kit to be hackable by everyone or just China?

    That said, the Chinese kit was probably built using schematics and source stolen from US companies so it is probably hackable by everyone as well.
    Captcha: betrayed

  10. Jup, it does. Just like all other. by gweihir · · Score: 2

    Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Jup, it does. Just like all other. by Aighearach · · Score: 1

      Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)

      Wait, which of those are the Swedes, again?

  11. Cisco and CIA by Masarand · · Score: 1

    I guess that it's best to stick with Cisco then. Can't imagine that any of their kit would report back to CIA?!

    1. Re: Cisco and CIA by peppepz · · Score: 1

      https://en.m.wikipedia.org/wik...

  12. Raise your hand by hackingbear · · Score: 1

    The new U.K. government said it "does not believe that the defects identified are a result of Chinese state interference." Instead, it blamed "poor software engineering" and a lack of "cybersecurity hygiene." In other words, Huawei's networks could be exploited by a "range of actors," not just the Chinese government.

    Raise your hand if you have not made a single bug in your career. Raise your hand if you know of any software company having zero bug or defect.

  13. What US Companies? by Koreantoast · · Score: 4, Informative

    One flaw with your analysis: there are almost no US companies that make similar equipment. At most, you have a Cisco or something that produces a small subsegment of the Huawei portfolio. Even the Pentagon, when talking about 5G, essentially says that the only alternatives are European suppliers like Ericsson or Nokia.

    1. Re:What US Companies? by DigiShaman · · Score: 1

      Why the rush to 5G? If security is that big of a concern, then wait it out. Don't rush to market just to roll out dubious hardware.

      --
      Life is not for the lazy.
    2. Re:What US Companies? by AmiMoJo · · Score: 1

      That's what I said. Huawei are years ahead, US companies don't have their 5G infrastructure hardware out yet.

      There are some European players but they are not all that competitive with what Huawei is offering right now.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  14. Here's the thing - FUD. by MindPrison · · Score: 2

    We don't have any proof of it, but we can assume that ALL governments have some kind of "deals" with any major hardware maker, and if they don't want to play ball with who we call our "friends" today, then they're the evil ones, as always.

    Huawei is only being targeted because they're so big, and it's a Chinese manufacturer, and a real threat to Apple and other major players elsewhere. It's a dirty game, but they're playing it against them because the "why not" factor, it's a dirty political game, nothing new - but consider the following, in case it was true:

    Almost every component known to man, is being produced in China these days, complete chips - take the ever so popular ESP8266, ESP 32 and many other all-in-one chips that provide complete communication solutions, these chips are found inside millions of devices ALL over the world, and could very easily sport a back-door or two to sniff on the networks they serve (I'm in NO WAY accusing them of this), but if you were to point out someone just because they're an apparent product that everyone knows, you'd target the most obvious one that is known and popular with the population.

    Nothing of this means that ANYONE have implemented backdoor technology that's widely available to any government, we KNOW of the ME inside the INTEL processors, and yet they're basically everywhere, also in China - so why don't we hear a public uproar against that then? Because we're the good guys? Says who?

    You can pretty much assume that any mass produced hardware can be abused in one way or another, whether that was intended or not, that's an entirely different debate. I'm just getting SO sick and tired of these political FUD games that should be SO apparent to ANYONE thinking about it for just more than a few minutes. Stop buying into the FUD, buy what you want - and be smart about your personal safety instead.

    If you truly want to know - get god at it, learn to code, learn to reverse engineer, get knowledge instead of walking into a cloud of populist hearsay, fake news and whatnot.

    --
    What this world is coming to - is for you and me to decide.
  15. UK govt says ... by RockDoctor · · Score: 1

    Anything, and it is tainted by the rest of the utter shit that is going on with the mess that is parliament.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  16. Huawei gear is ALREADY ubiquitous by peppepz · · Score: 1

    A lot of the critical telecommunication infrastructure is already made up of Huawei products (TLC hardware, networking equipment, end-user phones and modems), and has been since the 2000s. Huawei could already spy the heck out of us if this were their secret mission. I don't understand why it's only now, with 5G tenders in sight, that they've become a problem.

  17. Finally by WindBourne · · Score: 1

    Looks like US intel world is sharing with our allies. Long past time to show the many backdoor that Chinese companies are leaving in.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  18. Thing is by CptLoRes · · Score: 1

    If we look past minor details like you know, the lack of any proof of security breaches. If it came down to it, I think I'd rather want to send my data to China then the US...

  19. riiiight by sad_ · · Score: 1

    "But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes"

    And software engineering and security processes are so much better at Cisco, nobody has ever found a backdoor or hard coded password in any of their devices.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.