Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com) 131
The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
Le sigh.... (Score:5, Interesting)
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
Re: (Score:2, Informative)
https://www.networkworld.com/article/2223272/60-minutes-torpedoes-huawei-in-less-than-15-minutes.html = there's no believing this company.
Another explanation (Score:3, Interesting)
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
With all this calling out of Huwei, it sounds suspiciously like the US security agencies found a specific back-door planted in the products, want to alert everyone to the issue, but also don't want to make the vulnerability public so they can use it for themselves.
Re: (Score:1, Insightful)
Re:Another explanation (Score:5, Interesting)
Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market. So now all the US companies that make similar equipment are losing contracts to Huawei, so the government decided to help them out by raising some "security concerns".
It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.
Re: (Score:2, Offtopic)
It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.
You know, espionage requires that sometimes you tap peoples' lines, steam their mail open, and r00t their routers.
If NSA did that to everybody indiscrimnately, boo, bad agency.
If they did to enemies of the USA, or friends of enemies of the USA, then more power to them.
It's dirty business but it has to be done.
Are you going to argue that a country should take zero steps to protect itself?
Re: (Score:1)
"Literally every American citizen was tracked by the Obama NSA." = A lie from an uninformed idiot who knows nothing about Thinthread, Xkeyscore, irate-monkeys, any of it.
META data was collected for pattern analysis, it was collected anyway. That was not all "mined" and no, you were not even aware of it at the time - BECAUSE IT HAD NO REPERCUSSIONS FOR YOU.
That's not the case with China's industrial state-owned spying apparatus. Go see the inside of a Chinese prison for proof, you idiot.
Re: (Score:2)
Re: (Score:2)
...enemies of the USA, or friends of enemies of the USA...
Do you mean enemies of the USA or enemies of your rulers? The two are very different.
Just because someone loathes the people who think they have a divine right to control your country without you knowing who they all are, does not mean they are hostile to you or your country. I'm not talking about your weird far right, your "militias" or even your religious fundamentalists. You saw an example of "control" before your last election when one person was stopped from running and someone less likely was told
Re: (Score:1, Insightful)
Nah, it sounds like Huawei holds most of the patents on 5G infrastructure and is years ahead of everyone else getting hardware to market.
5G doesn't exist yet. It's a marketing term for now, just like what happened to 3G and LTE. We have discussed this at length before this fiasco started.
It's the least they could do after the NSA was caught red handed systematically backdooring Cisco hardware.
Red handed? Tailored access operations tailors access to any equipment whatsoever. They intercepted Cisco hardware, modified it, and sent it on it's way. If you think that can't be done or isn't being done to any hardware manufacturer who has a customer the NSA has an interest in, you are beyond helping.
It's time to put down the politics and look at the worl
What US Companies? (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
That's what I said. Huawei are years ahead, US companies don't have their 5G infrastructure hardware out yet.
There are some European players but they are not all that competitive with what Huawei is offering right now.
Re: (Score:3)
There are two European companies already selling competing hardware.
You've already been informed of that in other threads, can you please dial down the stupid at least 2 notches?
Re: (Score:2)
Specifically Ericson and Nokia? From investment info regarding 5G I'm reading, those are the only two companies that can sell 5G gear in the US.
Re:Another explanation (Score:4, Insightful)
China has a dictator government, so everything in China is owned by it's government, at least from the government's perspective. Everything tech, from China, should be evaluated.
Re:Le sigh.... (Score:5, Insightful)
This is just the UK government towing the US line, because in a few weeks it may be rather desperate for a trade deal. No harm in getting the ass-kissing started early.
Re: (Score:1, Insightful)
It's kind of sad how much of a Chinese apologist you are to the point you will even be against your own country.
If you like China so much why don't you move there?
Re: Le sigh.... (Score:1)
They would put him in a concentration camp immediately. If only the UK had the balls...
Re: (Score:3)
towing the US line
TOEING the line. As in y'all stand nice and neat toes on the white line so you're all the same.
"Towing the line makes no sense", and neither does making any business investments in Britain for the next half-decade.
Brexiters ruined that country, businesses hate FUD more than anything else. All Brexit has done is poison England for business.
Re: (Score:1)
The really annoying thing is that Brexit is in the process of fucking England (which voted, marginally, for it) and Scotland (which voted against it). And it's likely to cause Ireland problems too - but the EU will be trying to mitigate those problems.
Britain =/= England, in the same way that there are, apparently, some people in America didn't vote for the Tangerine Shitgibbon.
Re: (Score:2)
Toeing the line, but not as in standing nice and neat so you're all the same.
The line is the rule that you're not supposed to cross. "Toeing the line" means you're trying to get as close as you can to breaking the rule, without breaking it.
If they were toeing the line for the US, that means they're just barely complying with demands that they didn't really want to follow.
If they were trying to be nice and neat just the same as everybody like a good boy, they'd be standing well back from the line, following
Re: (Score:3)
Toe the line's always been about conformity / uniformity. I learned it in the military, and before that in school. "Line up, toes on the line"
https://en.wikipedia.org/wiki/... [wikipedia.org]
Dunno what word to use to express your sentiment. Pushing the limit?
Re: (Score:1)
As always, you are 100% wrong and stupid.
The UK and the US are basically joined at the hip when it comes to intelligence sharing. Contrary to what cretins like you think, the UK is an absolute world titan when it comes to sigint, humint and analysis. Whether that's good or bad is another matter... but the fact remains that the decision by the UK isn't based on Brexit (you short-sighted fucking halfwit). It's based on protecting extremely valuable shared assets.
Re: (Score:2)
...in a few weeks it may be rather desperate for a trade deal
You may be under a false impression. WE really REALLY do not want the deal that President Donald Fart is offering us where we have to drop everything from food standards to the NHS before we can take goods from his rich friends and their servants.
Re: (Score:1)
Say no to Huawei... please world governments. Let's get this one right.
I'm curious (Score:5, Insightful)
How does it compare to the competition? It's not like there's been too much of a stellar privacy and security conscious record in the whole industry...
Raise your hand (Score:2)
The new U.K. government said it "does not believe that the defects identified are a result of Chinese state interference." Instead, it blamed "poor software engineering" and a lack of "cybersecurity hygiene." In other words, Huawei's networks could be exploited by a "range of actors," not just the Chinese government.
Raise your hand if you have not made a single bug in your career. Raise your hand if you know of any software company having zero bug or defect.
Buy US gear (Score:4, Insightful)
Chinese gear has no US-compatible backdoors.
Re: (Score:3)
Re:Buy US gear (Score:4, Informative)
Which US gear are you referring to?
Nokia is Nokia-Alcatel-Lucent, not sure which is dominant, other than Nokia is Norway, Alcatel was French
Ericsson is Sweden
Samsung is Korean
That's most of your LTE infrastructure vendors, and all are not US based.
Re: (Score:2)
Re: (Score:2)
Nokia was Finnish, not Norwegian. They don't even speak languages in the same language group.
Then some bunch of Americans brought it, made it into a laughing stock, and ... does it still actually exist in a meaningful sense?
Re: (Score:2)
Re: (Score:2)
For a US 5G supplier you can try to go to HP, but the work is really being done by a German partner company.
Re: (Score:2)
That's most of your LTE infrastructure vendors, and all are not US based.
That is what happens when you rest on your laurels after dominating the entire world. Maybe Americans should be looking at creating new fields to farm rather than staying stuck 50 years in the past trying to squeeze the maximum amount of money of what existed then?
It is almost like the Apollo Program was the last big hurrah and everything after that has just been harvesting the results... and it is ending. The resources are drying up. In a few more decades, America will be no more special than the UK or Por
Re: (Score:2)
My Solution (Score:5, Insightful)
If I were driving Hauwei at this point I would open-source all the software running on my devices. Their competitive edge is in slave-labor manufacturing and insane levels of customer financing, not technical innovation.
Of course they would still have to address the possibility of silicon or FPGA based backdoors but that might be worked out in a similar way.
Re: (Score:2)
But then the inevitable patent infringements would be exposed, and the west would have actual legal reasons to ban Huawei gear instead of all this vague talk about "security risks".
Re: (Score:2)
Re: (Score:2)
If I were driving Hauwei at this point I would open-source all the software running on my devices.
You would be executed for corruption. Literally.
Alternatives (Score:2)
So if Huawei is compromised by the Chinese government because it is based in China, who could compromise the other network equipment manufacturers? According to Wikipedia [wikipedia.org]:
Avaya, Cisco, Hewlett Packard, Juniper, Motorola, and Qualcomm: USA.
Ericsson: Sweden.
Fujitsu and NEC: Japan.
Nokia: Finland.
ZTE: China.
It seems ZTE is similarly disliked by the US government, while the others are either American or controlled by US allies.
Re: (Score:1)
"because it is based in China" = Not the focus. Because it is wholly owned by the Chinese Communist Party and operated by Chinese military officers to deliberately obtain intel for their APT hacking operations. Pay attention.
Huawei certainly is NOT the only Chinese company that has been both proven and accused of doing this. Reading is key. National origin is "of concern" but that's not 100 or 1:1 what is being discussed, nor why.
The history of these individual companies is not something you can just w
Re: (Score:2)
China has large parts under military occupation, and massive camps full of prisoners of conscious. Like if the GOP rounded up large segments of the populat
US lap dog barks on command (Score:5, Insightful)
Remember when the UK supported the US fantasy of WMD in Iraq?
The US says "jump". The UK government asks "how high?"
Re: (Score:1)
He gave the impression that the FBI, the trusted organization that would never lie, approved of the invasion as absolutely necessary. Because Iraq was going to give WMD to Al-Qaeda, despite Saddam utterly hating Islamists and Al-Qaeda utterly hating nationalists like Saddam.
Re: (Score:2)
Go with Huawei (Score:2)
warnings from U.S. officials
Because Chinese [animalsbreeds.com] lap dogs are cuter than British [mascotarios.org].
Open Your Backdoor To Everyone (Score:1)
US kit was developed by a few engineers from the US but mostly immigrants/HB2s from India, China, UAE, etc., with source and schematics stored on networks run by Somali and Nigerian admins.
Huawei kit was developed by engineers from China.
So do you want you network kit to be hackable by everyone or just China?
That said, the Chinese kit was probably built using schematics and source stolen from US companies so it is probably hackable by everyone as well.
Captcha: betrayed
Jup, it does. Just like all other. (Score:3)
Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)
Re: (Score:2)
Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)
Wait, which of those are the Swedes, again?
Cisco and CIA (Score:1)
Re: Cisco and CIA (Score:2)
Here's the thing - FUD. (Score:3)
We don't have any proof of it, but we can assume that ALL governments have some kind of "deals" with any major hardware maker, and if they don't want to play ball with who we call our "friends" today, then they're the evil ones, as always.
Huawei is only being targeted because they're so big, and it's a Chinese manufacturer, and a real threat to Apple and other major players elsewhere. It's a dirty game, but they're playing it against them because the "why not" factor, it's a dirty political game, nothing new - but consider the following, in case it was true:
Almost every component known to man, is being produced in China these days, complete chips - take the ever so popular ESP8266, ESP 32 and many other all-in-one chips that provide complete communication solutions, these chips are found inside millions of devices ALL over the world, and could very easily sport a back-door or two to sniff on the networks they serve (I'm in NO WAY accusing them of this), but if you were to point out someone just because they're an apparent product that everyone knows, you'd target the most obvious one that is known and popular with the population.
Nothing of this means that ANYONE have implemented backdoor technology that's widely available to any government, we KNOW of the ME inside the INTEL processors, and yet they're basically everywhere, also in China - so why don't we hear a public uproar against that then? Because we're the good guys? Says who?
You can pretty much assume that any mass produced hardware can be abused in one way or another, whether that was intended or not, that's an entirely different debate. I'm just getting SO sick and tired of these political FUD games that should be SO apparent to ANYONE thinking about it for just more than a few minutes. Stop buying into the FUD, buy what you want - and be smart about your personal safety instead.
If you truly want to know - get god at it, learn to code, learn to reverse engineer, get knowledge instead of walking into a cloud of populist hearsay, fake news and whatnot.
UK govt says ... (Score:2)
Huawei gear is ALREADY ubiquitous (Score:2)
Finally (Score:2)
Re: (Score:2)
riiiight (Score:2)
"But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes"
And software engineering and security processes are so much better at Cisco, nobody has ever found a backdoor or hard coded password in any of their devices.