Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Military China Government Privacy Security United States

The Pentagon Bans Huawei, ZTE Phones From Retail Stores On Military Bases (theverge.com) 86

The Pentagon is ordering retail outlets on U.S. military bases to stop selling Huawei and ZTE smartphones, citing security risks. "Huawei and ZTE devices may pose an unacceptable risk to the department's personnel, information and mission," a Pentagon spokesperson said in a statement to The Wall Street Journal. "In light of this information, it was not prudent for the department's exchanges to continue selling them." The Verge reports: U.S. military members can still buy Huawei and ZTE devices for personal use from other stores, as there's no outright ban on that for now. But the spokesperson elaborated that the Pentagon is considering whether it should send out a military-wide advisory about the devices. U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility. An anonymous source told the WSJ that military leaders are wary that Beijing could use ZTE and Huawei devices to locate soldiers' exact coordinates and track their movements. Huawei responded to the news in a statement to The Verge: "Huawei's products are sold in 170 countries worldwide and meet the highest standards of security, privacy and engineering in every country we operate globally including the U.S. We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us compromise the security or integrity of any of our networks or devices."
This discussion has been archived. No new comments can be posted.

The Pentagon Bans Huawei, ZTE Phones From Retail Stores On Military Bases

Comments Filter:
  • by Anonymous Coward

    "We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us compromise the security or integrity of any of our networks or devices."

    Really? I thought the US government was going hammer-and-tongs on every tech company trying to back door their encryption.

  • by Anonymous Coward

    What guarantee is there that other brands/models don't pose security risks as well? How does one know that Google, Samsung, Apple, aren't mole-ridden? All it takes is one deliberate, hidden 'bug'.

    • What guarantee is there that other brands/models don't pose security risks as well?

      There are no "guarantees" in computer security, only probabilities. You work to minimize risk, but you can't eliminate it.

      American devices may have bugs, and they may even have intentional backdoors, but those backdoors are not there at the behest of a foreign government.

      Huawei and ZTE need to do more to show that their code is clean. That means external code reviews, and cryptographic signatures to guarantee that the code in the ROM matches the official binary compiled from the certified source.

      • Doesn't Google and Apple, and Microsoft and Oracle need to do that, too?

        Which entity presides over this code review process? A United Nations panel with reprwsentatives from the US, China, Russia and Zaire? Or does the process break down by national boundaries? The NSA should approve ALL software allowed in the US and the Chinese equivalent for all software in China?

    • by AHuxley ( 892839 )
      PRISM showed who tame most big brands are. Happy to help the US gov spy.
      The problem for the US gov is that the same police access to any phone is now global.
      Other nations are watching US contractors for free around US bases, ports, forts, camps on US networks.
  • Backdoors (Score:5, Insightful)

    by sit1963nz ( 934837 ) on Wednesday May 02, 2018 @04:32PM (#56543702)
    The USA wants to ensure that the only backdoors are theirs.
    It is important for the paranoid letter spaghetti agencies to be able to track, trace and intercept everyone in the USA because you are all potential enemies of the state.

    The flip side of this is that US technology should not be trusted any more than Chinese technology.
    • Re: (Score:3, Insightful)

      The flip side of this is that US technology should not be trusted any more than Chinese technology.

      Just imagine the outcry though if China had banned the sale of the iPhone giving the same reasons! These sort of national security type arguments are likely to end up backfiring on the US when other governments start to apply the same logic.

      • by Anonymous Coward

        Re-read any of the linked stories... They didn't ban the sale of these devices nationwide - they only said that the Defense Department's own stores would stop selling them. You can still get them as bestbuy or amazon or wherever. Just not directly from the Government.

        • You have obviously missed the big chains pulling them from the shelves at the request of the government?

          No, not 'banning' them, just the usual quiet in the background secret deals to, you know, ban them.
          https://www.theverge.com/2018/1/30/16950122/verizon-refuses-huawei-phone-att-espionage-cybersecurity-fears
          https://www.theverge.com/2018/3/22/17151186/best-buy-huawei-smartphone-china

          Of course its a bit of a toss up as to the real reason - it is because they wont install the US backdoors, or because the US is

        • They didn't ban the sale of these devices nationwide

          I never said they did. My point still stands whether it be a nationwide ban or a more limited ban. However, you cannot guarantee that a response will be limited in quite the same fashion which is how these things escalate.

      • And given the number of time the letter spaghettis have been caught illegally spying on its own citizens etc etc etc other governments are right to question US products security.

        Maybe the best option is to have a Chinese made firewall backed by a US firewall backed by a German firewall backed by a Russian firewall........
    • So the question becomes, who makes a phone that could be trusted?
  • by larryjoe ( 135075 ) on Wednesday May 02, 2018 @04:38PM (#56543716)

    U.S. government officials have said that China could order its manufacturers to create backdoors for spying in their devices, although both Huawei and ZTE have denied the possibility.

    It may be true that these Chinese companies do not currently implement government-mandated backdoors in their products, and it may be true that they truly would resist such government mandates. However, the assertion that such coercion is not possible is not believable. It's not believable for US companies, and it's not believable for Chinese companies.

    • by green1 ( 322787 )

      But why would you single out 2 Chinese manufacturers vs every other manufacturer out there? Keep in mind that there are ZERO phones made entirely in a jurisdiction under US control.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The employees and executives of Apple, for instance, are under US jurisdiction. They answer to US authority despite the fact that make their products in China. The employees and executives of Samsung are under South Korean jurisdiction, a nation that is closely allied with the US and over which the US has great power. They will answer to the US despite the fact that they make their products in China.

        Despite the misguided grant of MFN trading status, China is not an ally of the US and Huawei and ZTE em

        • by Junta ( 36770 )

          You are sorely mistaken if you think American executive is in any way a deterrent from China attempting anything. Not to say China would do it, but the American execs are too busy counting their money to care or delegate caring about what their Chinese suppliers are doing.

          From China's perspective, they have so many channels to inject things into the supply chains through component vendors no one has even heard of, and under less scrutiny than Huawei. I think the risk from the things not even enumerated ex

          • From China's perspective, they have so many channels to inject things into the supply chains through component vendors no one has even heard of, and under less scrutiny than Huawei

            And American manufacturers take samples of finished product and tear them down to ensure they actually have what is in the spec.

            That doesn't mean it's impossible to slip something through, but it can't be a routine "always include the chip with the malware instead of what we told Apple"......at least not without significantly more effort to disguise it.

            • by Junta ( 36770 )

              At least some may, but I know that at least some companies do not do that.

              Also, a Chinese company with significant US engineering presence can be in the exact same boat of having skilled US engineers watching for issues, but the presumption is that the executives matter, not the engineers.

        • Go read about the NSA etc modifying Cisco networking gear without the knowledge of Cisco.

          So, the 96% of the worlds population who do not live in the USA should not buy US technology because the US is untrustworthy too.

          So the Answer is, you may as well buy Chinese equipment, because it is no more/less secure than US equipment and you get to save a ton of money in the process.
      • by AHuxley ( 892839 )
        Recall PRISM. Some of the big trusted brand US brands are tame and ready to not block the US gov collecting it all.
        The US gov and mil trusts the US brands to help collect on everyone.
      • by Anonymous Coward

        But why would you single out 2 Chinese manufacturers vs every other manufacturer out there? Keep in mind that there are ZERO phones made entirely in a jurisdiction under US control.

        It's almost like they know something you don't.

        • by green1 ( 322787 )

          Yes, they know that the chinese brands are refusing to install NSA back doors. So time to put some pressure on them to fall in to line..

          If they actually knew of a case where Huawei was installing back doors, do you really think they wouldn't tell anyone?

  • by Snotnose ( 212196 ) on Wednesday May 02, 2018 @04:41PM (#56543726)
    Lets say I'm a software engineer for some handset company mostly doing low level stuff (drivers/kernels/etc) I'm pretty familiar with the code base but pretty clueless on encryption. If I decided to peruse the code looking for backdoors, how hard would it be? I'm not expecting backdoor.NSA() or anything like that, but would it look to me like a bug I might fix spontaneously (ok, submit bug report, email to whomever asking it be assigned to me, fix problem, wait for it to be assigned to me, take ownership of bug, check in, close bug. But you know what I mean).
    • by Anonymous Coward

      the backdoors that matter are in the hardware, not visible to most.

    • by jeff4747 ( 256583 ) on Wednesday May 02, 2018 @05:00PM (#56543804)

      If I decided to peruse the code looking for backdoors, how hard would it be?

      Almost impossible.

      First, you don't actually have the code. You have, at best, a binary created from the code. That could be run through a disassembler and you could spend many, many hours combing through the output looking for something interesting.....but we're talking about something on the scale of reading a large portion of books in a small library looking for one particular sentence....and that sentence can be phrased many different ways.

      But it's not necessarily in the code on the phone's filesystem and probably isn't. It's far more reliable for the Bad Guys to put their malware into the chips that make up the phone. You're really not going to find something that's embedded in, say, the chip that runs one of the phone's radios. First, you don't have a way to address it from the software running in the main CPU - you only get to communicate over what the phone maker put in, and that is not going to be complete access to the chip. Second, it's not just a binary sitting on a filesystem, it's a binary embedded in the chip. And your only way to access it is to ask the chip nicely. It doesn't have to let you see the binary, and even if it does show you something, you have no way of knowing if that binary is actually what is running in the chip.

      And that's assuming it's still in the firmware and not something baked into the silicon, though that is unlikely. It's hard to do and firmware is plenty good enough.

    • by tlhIngan ( 30335 )

      Lets say I'm a software engineer for some handset company mostly doing low level stuff (drivers/kernels/etc) I'm pretty familiar with the code base but pretty clueless on encryption. If I decided to peruse the code looking for backdoors, how hard would it be? I'm not expecting backdoor.NSA() or anything like that, but would it look to me like a bug I might fix spontaneously (ok, submit bug report, email to whomever asking it be assigned to me, fix problem, wait for it to be assigned to me, take ownership of

    • by AHuxley ( 892839 )
      A front door is always in place as police support for voice, gps, live mic, file access (up and down) and camera as part of every phone created on one production line.
      Great for watching US mil contractors on a base to see if they are working for another nation.
      Every phone is police ready globally. The only question is who has the keys and is the users phone always set to share with a gov.
      The question for the USA is China watching US contractors doing work on US bases in the same way globally?
  • Of course the US knows that China could order their domestic corporations to put back doors in their products. They know from long experience just [wikipedia.org] how [infoworld.com] easy [reuters.com]it is to slip a back door into products and standards.

    Thing is, if I were a US citizen, I'd far rather have a Huwei product. Actually, as a Canadian I think I still would rather own a Huwei. At least I can probably trust the NSA doesn't have its greasy mitts inside one of those (or, at least, there's a better chance of it). There are daily stori

    • by Anonymous Coward

      This isn't about normal US citizens, though. This is about soldiers. If the enemy knows your position, they can aim their mortars at you. You might be ok carrying it around in the states, but don't take your Chinese phone with you on a deployment.

      • Re: (Score:3, Interesting)

        by Excelcia ( 906188 )

        Any soldier, sailor, or airman who takes ANY powered phone on an op should be charged. EMCON considerations are serious, and they will locate you faster from the fact you are making any transmission than they will locate you from hacks in the phone's OS. This is drilled into everyone.

        No, this is far too measured an escalation, this tells me there are untold behind-the-scenes activities being played out here. This is a shot across the bow. A first real action to hit them in the sales department. I suspe

    • At least I can probably trust the NSA doesn't have its greasy mitts inside one of those

      The problem with backdoors is you don't know if the original controller is still in control of it.

      It is quite possible for one group to take over a backdoor installed by another group.

  • I think that may be the core of the issue right there...
  • I just ordered a Huawai phone, an Honor 7x. It's the hottest cheapo phone out there right now.

    I don't work for the DOD or at the Pentagon but still... I'm explaining all of this to my relatives in case I "disappear".

    • I am replying to your comment from a Five Eyes country over Internet infrastructure that is almost entirely supplied by Huawei.
      There is no way the US would have let that happen if there was anything serious in this. It's probably just another part of the Trade War that is Good, and Easy to Win ©

      Also, that Honor 7x looks like a nice phone for the money. I wonder how good the camera is.

  • When you refuse to put back doors in your hardware for the NSA....

    • by AHuxley ( 892839 )
      In the USA? Your brand is asked again and again to support the NSA and domestic collect it all.. The deals get better then the offers just stop.
      Your brand stops been your brand one day and has new owners who have always helped the NSA.
      • by green1 ( 322787 )

        But if you aren't in the USA, they can't do that. So instead they do a bunch of scare mongering, and start blocking your US sales.

        Of course that just tells the rest of the world that this must be the brand to buy!

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Wednesday May 02, 2018 @06:15PM (#56544220)
    Comment removed based on user account deletion
    • Jesus fucking Christ, how naive can you be? Are you honestly trying to tell me that you don't already know that every smartphone, fuck, every piece of communications/data equipment in modern existence is compromised six ways to Sunday?

      No one is "sitting on intel", it's a known fucking fact. The military brass obviously have the exact same concerns I would have about using those devices: that the Chinese government is getting all of my information. I wouldn't expect stores on Chinese military bases to sell A

      • Jesus fucking Christ, how naive can you be? Are you honestly trying to tell me that you don't already know that every smartphone, fuck, every piece of communications/data equipment in modern existence is compromised six ways to Sunday?

        Someone's tinfoil hat fell off.

    • Depends on scope.

      Should the government ban Chinese vendors from sale to the general public without providing any credible evidence? Hell no.
      Should they ban Chinese vendors from infrastructure projects or ban their devices on military installations, even if no credible evidence exists? Hell yes.

      There are some things that should be done as locally as practical without any justification. National security and infrastructure is right up there.

  • of known safe phones, you know, the phones only the NSA listens to and collects metadata on
  • I'd rather be spied on by the Chinese, than an American 3-letter agency. At a minimum, the Chinese can't arrest you, or extradite you to China if you go on vacation.

    • At a minimum, the Chinese can't arrest you, or extradite you to China if you go on vacation.

      Why not?

      They have the capability to abduct/arrest/assassinate someone anywhere in the world. Just like every other major nation.

      They aren't bragging about using that capability. At this time.

  • Sure. No government. Just a political party...oh wait they're the same, never mind.

  • What about the computing and networking infrastructure?
    Can they really be so naive to think that computing and network gear was not the first thing that was bugged?

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...