Slashdot Mirror
Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com)
The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
With all this calling out of Huwei, it sounds suspiciously like the US security agencies found a specific back-door planted in the products, want to alert everyone to the issue, but also don't want to make the vulnerability public so they can use it for themselves.
How does it compare to the competition? It's not like there's been too much of a stellar privacy and security conscious record in the whole industry...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Buy US gear because then the US can use them backdoors in there.
Chinese gear has no US-compatible backdoors.
If I were driving Hauwei at this point I would open-source all the software running on my devices. Their competitive edge is in slave-labor manufacturing and insane levels of customer financing, not technical innovation.
Of course they would still have to address the possibility of silicon or FPGA based backdoors but that might be worked out in a similar way.
Remember when the UK supported the US fantasy of WMD in Iraq?
The US says "jump". The UK government asks "how high?"
Enjoy life! This is not a dress rehearsal.
Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
One flaw with your analysis: there are almost no US companies that make similar equipment. At most, you have a Cisco or something that produces a small subsegment of the Huawei portfolio. Even the Pentagon, when talking about 5G, essentially says that the only alternatives are European suppliers like Ericsson or Nokia.
We don't have any proof of it, but we can assume that ALL governments have some kind of "deals" with any major hardware maker, and if they don't want to play ball with who we call our "friends" today, then they're the evil ones, as always.
Huawei is only being targeted because they're so big, and it's a Chinese manufacturer, and a real threat to Apple and other major players elsewhere. It's a dirty game, but they're playing it against them because the "why not" factor, it's a dirty political game, nothing new - but consider the following, in case it was true:
Almost every component known to man, is being produced in China these days, complete chips - take the ever so popular ESP8266, ESP 32 and many other all-in-one chips that provide complete communication solutions, these chips are found inside millions of devices ALL over the world, and could very easily sport a back-door or two to sniff on the networks they serve (I'm in NO WAY accusing them of this), but if you were to point out someone just because they're an apparent product that everyone knows, you'd target the most obvious one that is known and popular with the population.
Nothing of this means that ANYONE have implemented backdoor technology that's widely available to any government, we KNOW of the ME inside the INTEL processors, and yet they're basically everywhere, also in China - so why don't we hear a public uproar against that then? Because we're the good guys? Says who?
You can pretty much assume that any mass produced hardware can be abused in one way or another, whether that was intended or not, that's an entirely different debate. I'm just getting SO sick and tired of these political FUD games that should be SO apparent to ANYONE thinking about it for just more than a few minutes. Stop buying into the FUD, buy what you want - and be smart about your personal safety instead.
If you truly want to know - get god at it, learn to code, learn to reverse engineer, get knowledge instead of walking into a cloud of populist hearsay, fake news and whatnot.
What this world is coming to - is for you and me to decide.