Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Technology

Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com) 131

The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
This discussion has been archived. No new comments can be posted.

Huawei's Equipment Poses 'Significant' Security Risks, UK Says

Comments Filter:
  • Le sigh.... (Score:5, Interesting)

    by Syphonius ( 11602 ) on Thursday March 28, 2019 @11:14AM (#58348424) Homepage

    And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).

    It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      https://www.networkworld.com/article/2223272/60-minutes-torpedoes-huawei-in-less-than-15-minutes.html = there's no believing this company.

    • And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).

      It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.

      With all this calling out of Huwei, it sounds suspiciously like the US security agencies found a specific back-door planted in the products, want to alert everyone to the issue, but also don't want to make the vulnerability public so they can use it for themselves.

      • Re: (Score:1, Insightful)

        by Anonymous Coward
        In actuality it is the opposite. Huawei won't install the back doors the 3 letter agencies use on its hardware.
      • by AmiMoJo ( 196126 ) on Thursday March 28, 2019 @12:15PM (#58348894) Homepage Journal

        Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market. So now all the US companies that make similar equipment are losing contracts to Huawei, so the government decided to help them out by raising some "security concerns".

        It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

        • Re: (Score:2, Offtopic)

          by TigerPlish ( 174064 )

          It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

          You know, espionage requires that sometimes you tap peoples' lines, steam their mail open, and r00t their routers.

          If NSA did that to everybody indiscrimnately, boo, bad agency.

          If they did to enemies of the USA, or friends of enemies of the USA, then more power to them.

          It's dirty business but it has to be done.

          Are you going to argue that a country should take zero steps to protect itself?

          • "We got computers, we're tapping phone lines I know that that ain't allowed We dress like students, we dress like housewives Or in a suit and a tie I changed my hairstyle, so many times now I don't know what I look like!"
          • by Gonoff ( 88518 )

            ...enemies of the USA, or friends of enemies of the USA...

            Do you mean enemies of the USA or enemies of your rulers? The two are very different.

            Just because someone loathes the people who think they have a divine right to control your country without you knowing who they all are, does not mean they are hostile to you or your country. I'm not talking about your weird far right, your "militias" or even your religious fundamentalists. You saw an example of "control" before your last election when one person was stopped from running and someone less likely was told

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market.

          5G doesn't exist yet. It's a marketing term for now, just like what happened to 3G and LTE. We have discussed this at length before this fiasco started.

          It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.

          Red handed? Tailored access operations tailors access to any equipment whatsoever. They intercepted Cisco hardware, modified it, and sent it on it's way. If you think that can't be done or isn't being done to any hardware manufacturer who has a customer the NSA has an interest in, you are beyond helping.

          It's time to put down the politics and look at the worl

        • What US Companies? (Score:5, Informative)

          by Koreantoast ( 527520 ) on Thursday March 28, 2019 @01:56PM (#58349662)
          One flaw with your analysis: there are almost no US companies that make similar equipment. At most, you have a Cisco or something that produces a small subsegment of the Huawei portfolio. Even the Pentagon, when talking about 5G, essentially says that the only alternatives are European suppliers like Ericsson or Nokia [reuters.com].
          • Comment removed based on user account deletion
          • by AmiMoJo ( 196126 )

            That's what I said. Huawei are years ahead, US companies don't have their 5G infrastructure hardware out yet.

            There are some European players but they are not all that competitive with what Huawei is offering right now.

        • There are two European companies already selling competing hardware.

          You've already been informed of that in other threads, can you please dial down the stupid at least 2 notches?

          • by Rolgar ( 556636 )

            Specifically Ericson and Nokia? From investment info regarding 5G I'm reading, those are the only two companies that can sell 5G gear in the US.

      • by BringsApples ( 3418089 ) on Thursday March 28, 2019 @12:23PM (#58348950)

        China has a dictator government, so everything in China is owned by it's government, at least from the government's perspective. Everything tech, from China, should be evaluated.

    • Re:Le sigh.... (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Thursday March 28, 2019 @11:40AM (#58348646) Homepage Journal

      This is just the UK government towing the US line, because in a few weeks it may be rather desperate for a trade deal. No harm in getting the ass-kissing started early.

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        It's kind of sad how much of a Chinese apologist you are to the point you will even be against your own country.

        If you like China so much why don't you move there?

        • by Anonymous Coward

          They would put him in a concentration camp immediately. If only the UK had the balls...

      • towing the US line

        TOEING the line. As in y'all stand nice and neat toes on the white line so you're all the same.

        "Towing the line makes no sense", and neither does making any business investments in Britain for the next half-decade.

        Brexiters ruined that country, businesses hate FUD more than anything else. All Brexit has done is poison England for business.

        • Brexiters ruined that country, businesses hate FUD more than anything else. All Brexit has done is poison England for business.

          The really annoying thing is that Brexit is in the process of fucking England (which voted, marginally, for it) and Scotland (which voted against it). And it's likely to cause Ireland problems too - but the EU will be trying to mitigate those problems.

          Britain =/= England, in the same way that there are, apparently, some people in America didn't vote for the Tangerine Shitgibbon.

        • Toeing the line, but not as in standing nice and neat so you're all the same.

          The line is the rule that you're not supposed to cross. "Toeing the line" means you're trying to get as close as you can to breaking the rule, without breaking it.

          If they were toeing the line for the US, that means they're just barely complying with demands that they didn't really want to follow.

          If they were trying to be nice and neat just the same as everybody like a good boy, they'd be standing well back from the line, following

      • by Anonymous Coward

        As always, you are 100% wrong and stupid.

        The UK and the US are basically joined at the hip when it comes to intelligence sharing. Contrary to what cretins like you think, the UK is an absolute world titan when it comes to sigint, humint and analysis. Whether that's good or bad is another matter... but the fact remains that the decision by the UK isn't based on Brexit (you short-sighted fucking halfwit). It's based on protecting extremely valuable shared assets.

      • by Gonoff ( 88518 )

        ...in a few weeks it may be rather desperate for a trade deal

        You may be under a false impression. WE really REALLY do not want the deal that President Donald Fart is offering us where we have to drop everything from food standards to the NHS before we can take goods from his rich friends and their servants.

    • by Anonymous Coward

      Say no to Huawei... please world governments. Let's get this one right.

  • I'm curious (Score:5, Insightful)

    by Opportunist ( 166417 ) on Thursday March 28, 2019 @11:21AM (#58348466)

    How does it compare to the competition? It's not like there's been too much of a stellar privacy and security conscious record in the whole industry...

    • The new U.K. government said it "does not believe that the defects identified are a result of Chinese state interference." Instead, it blamed "poor software engineering" and a lack of "cybersecurity hygiene." In other words, Huawei's networks could be exploited by a "range of actors," not just the Chinese government.

      Raise your hand if you have not made a single bug in your career. Raise your hand if you know of any software company having zero bug or defect.

  • Buy US gear (Score:4, Insightful)

    by anonieuweling ( 536832 ) on Thursday March 28, 2019 @11:24AM (#58348500)
    Buy US gear because then the US can use them backdoors in there.
    Chinese gear has no US-compatible backdoors.
    • What is a "compatible backdoor"? I'm sure the US, if they know about it, can exploit it. I'm also sure that China has backdoors in it. Why would we expect a communist dictatorship know for industrial espionage NOT to put them in?
    • Re:Buy US gear (Score:4, Informative)

      by satsuke ( 263225 ) on Thursday March 28, 2019 @12:09PM (#58348852)

      Which US gear are you referring to?

      Nokia is Nokia-Alcatel-Lucent, not sure which is dominant, other than Nokia is Norway, Alcatel was French
      Ericsson is Sweden
      Samsung is Korean

      That's most of your LTE infrastructure vendors, and all are not US based.

      • Cisco?
      • other than Nokia is Norway

        Nokia was Finnish, not Norwegian. They don't even speak languages in the same language group.

        Then some bunch of Americans brought it, made it into a laughing stock, and ... does it still actually exist in a meaningful sense?

      • For a US 5G supplier you can try to go to HP, but the work is really being done by a German partner company.

      • That's most of your LTE infrastructure vendors, and all are not US based.

        That is what happens when you rest on your laurels after dominating the entire world. Maybe Americans should be looking at creating new fields to farm rather than staying stuck 50 years in the past trying to squeeze the maximum amount of money of what existed then?

        It is almost like the Apollo Program was the last big hurrah and everything after that has just been harvesting the results... and it is ending. The resources are drying up. In a few more decades, America will be no more special than the UK or Por

    • The intelligence services in the USA will intercept the shipping of a product of a specific individual to install hardware backdoors. They aren't installed on literally every device, because the devices are made by private firms.
  • My Solution (Score:5, Insightful)

    by AlanObject ( 3603453 ) on Thursday March 28, 2019 @11:38AM (#58348624)

    If I were driving Hauwei at this point I would open-source all the software running on my devices. Their competitive edge is in slave-labor manufacturing and insane levels of customer financing, not technical innovation.

    Of course they would still have to address the possibility of silicon or FPGA based backdoors but that might be worked out in a similar way.

    • But then the inevitable patent infringements would be exposed, and the west would have actual legal reasons to ban Huawei gear instead of all this vague talk about "security risks".

      • Not only that, Huawei is accused of stealing tech from other companies. Unless Huawei extensively rewrites the code, someone from the Cisco, for example, is going to notice that their proprietary drivers are in Huawei’s open source code.
    • If I were driving Hauwei at this point I would open-source all the software running on my devices.

      You would be executed for corruption. Literally.

  • So if Huawei is compromised by the Chinese government because it is based in China, who could compromise the other network equipment manufacturers? According to Wikipedia [wikipedia.org]:

    Avaya, Cisco, Hewlett Packard, Juniper, Motorola, and Qualcomm: USA.

    Ericsson: Sweden.

    Fujitsu and NEC: Japan.

    Nokia: Finland.

    ZTE: China.

    It seems ZTE is similarly disliked by the US government, while the others are either American or controlled by US allies.

    • by Anonymous Coward

      "because it is based in China" = Not the focus. Because it is wholly owned by the Chinese Communist Party and operated by Chinese military officers to deliberately obtain intel for their APT hacking operations. Pay attention.

      Huawei certainly is NOT the only Chinese company that has been both proven and accused of doing this. Reading is key. National origin is "of concern" but that's not 100 or 1:1 what is being discussed, nor why.

      The history of these individual companies is not something you can just w

    • Big businesses in China are essentially wings of the communist party. By analogy, it would be like if the GOP owned and controlled 90% of US manufacturing. Not the US government. The GOP. And it would also be like the GOP controlled the entire military, and the military is sword to the President. Not he country. The president. Just like in Nazi Germany.

      China has large parts under military occupation, and massive camps full of prisoners of conscious. Like if the GOP rounded up large segments of the populat
  • by bradley13 ( 1118935 ) on Thursday March 28, 2019 @11:43AM (#58348674) Homepage

    Remember when the UK supported the US fantasy of WMD in Iraq?

    The US says "jump". The UK government asks "how high?"

    • Remember when Mueller lied us into the Iraq War? Here's video evidence of him lying to Congress. [youtube.com]

      He gave the impression that the FBI, the trusted organization that would never lie, approved of the invasion as absolutely necessary. Because Iraq was going to give WMD to Al-Qaeda, despite Saddam utterly hating Islamists and Al-Qaeda utterly hating nationalists like Saddam.

    • Who said jump when? The report talks about a process working with Huawei going back many years to mitigate various concerns they have about the underlying architecture. There is no discussion of incidents or any specific vulnerability. It is mainly about Huawei's use of a third party realtime OS that is out of general support (Huawei purchased a separate long term support agreement) and their continued use of single user space on different set of devices.
  • warnings from U.S. officials

    Because Chinese [animalsbreeds.com] lap dogs are cuter than British [mascotarios.org].

  • by Anonymous Coward

    US kit was developed by a few engineers from the US but mostly immigrants/HB2s from India, China, UAE, etc., with source and schematics stored on networks run by Somali and Nigerian admins.
    Huawei kit was developed by engineers from China.
    So do you want you network kit to be hackable by everyone or just China?

    That said, the Chinese kit was probably built using schematics and source stolen from US companies so it is probably hackable by everyone as well.
    Captcha: betrayed

  • by gweihir ( 88907 ) on Thursday March 28, 2019 @12:12PM (#58348872)

    Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)

    • Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)

      Wait, which of those are the Swedes, again?

  • I guess that it's best to stick with Cisco then. Can't imagine that any of their kit would report back to CIA?!
  • by MindPrison ( 864299 ) on Thursday March 28, 2019 @02:06PM (#58349750) Journal

    We don't have any proof of it, but we can assume that ALL governments have some kind of "deals" with any major hardware maker, and if they don't want to play ball with who we call our "friends" today, then they're the evil ones, as always.

    Huawei is only being targeted because they're so big, and it's a Chinese manufacturer, and a real threat to Apple and other major players elsewhere. It's a dirty game, but they're playing it against them because the "why not" factor, it's a dirty political game, nothing new - but consider the following, in case it was true:

    Almost every component known to man, is being produced in China these days, complete chips - take the ever so popular ESP8266, ESP 32 and many other all-in-one chips that provide complete communication solutions, these chips are found inside millions of devices ALL over the world, and could very easily sport a back-door or two to sniff on the networks they serve (I'm in NO WAY accusing them of this), but if you were to point out someone just because they're an apparent product that everyone knows, you'd target the most obvious one that is known and popular with the population.

    Nothing of this means that ANYONE have implemented backdoor technology that's widely available to any government, we KNOW of the ME inside the INTEL processors, and yet they're basically everywhere, also in China - so why don't we hear a public uproar against that then? Because we're the good guys? Says who?

    You can pretty much assume that any mass produced hardware can be abused in one way or another, whether that was intended or not, that's an entirely different debate. I'm just getting SO sick and tired of these political FUD games that should be SO apparent to ANYONE thinking about it for just more than a few minutes. Stop buying into the FUD, buy what you want - and be smart about your personal safety instead.

    If you truly want to know - get god at it, learn to code, learn to reverse engineer, get knowledge instead of walking into a cloud of populist hearsay, fake news and whatnot.

  • Anything, and it is tainted by the rest of the utter shit that is going on with the mess that is parliament.
  • A lot of the critical telecommunication infrastructure is already made up of Huawei products (TLC hardware, networking equipment, end-user phones and modems), and has been since the 2000s. Huawei could already spy the heck out of us if this were their secret mission. I don't understand why it's only now, with 5G tenders in sight, that they've become a problem.
  • Looks like US intel world is sharing with our allies. Long past time to show the many backdoor that Chinese companies are leaving in.
  • Comment removed based on user account deletion
  • by sad_ ( 7868 )

    "But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes"

    And software engineering and security processes are so much better at Cisco, nobody has ever found a backdoor or hard coded password in any of their devices.

news: gotcha

Working...