Huaweis Ban and the reprocustions - Page 5
Close
Login to Your Account
Page 5 of 6 FirstFirst ... 3456 LastLast
Results 81 to 100 of 109
  1. #81
    Join Date
    Oct 2010
    Location
    Maryland- USA
    Posts
    3,340
    Post Thanks / Like
    Likes (Given)
    1929
    Likes (Received)
    2130

    Default

    Quote Originally Posted by EmanuelGoldstein View Post

    Second, the big deal about "back doors". Maybe think for two seconds ... if Huawei equipment starts sending enough data back to the motherland to mean anything, then someone at the telcom companies should notice, n'est-ce pas ? Has anyone documented evidence of these so-called back doors ?

    .
    Well there’s this:

    African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts | Council on Foreign Relations

    Tech supplied and installed by China actively used for espionage.

  2. #82
    Join Date
    May 2007
    Country
    UNITED STATES
    State/Province
    Texas
    Posts
    2,599
    Post Thanks / Like
    Likes (Given)
    3052
    Likes (Received)
    479

    Default

    Bob makes a good point tech marches on there will be more and more leaps. Everyone would just like to move forward and not concern ourselves about spying. There has always been a lot invested to monitor whoever the government feels the need to monitor.

    I would hope there is a agreeable way to take these concerns off the table. When any player has some history which raises issues of trust it is a problem. That is the case for any participant depending on viewpoint. I would like having the option of good to superior cell phones and 5G without the concern about nefarious use of that system. Apple is way too high a cost and they need more competition and so does Huawei.

  3. #83
    Join Date
    May 2007
    Country
    UNITED STATES
    State/Province
    Texas
    Posts
    2,599
    Post Thanks / Like
    Likes (Given)
    3052
    Likes (Received)
    479

    Default

    Quote Originally Posted by Trboatworks View Post
    Well there’s this:

    African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts | Council on Foreign Relations

    Tech supplied and installed by China actively used for espionage.
    You are right it is a valid concern. Huawei, Apple, Nokia,NSA, US , China and each one can be singled out as the main concern. There is more that will be learned about the Huawei practices of CEO, employees and the influence of China and it’s military.

  4. #84
    Join Date
    Jan 2017
    Country
    UNITED STATES
    State/Province
    Oregon
    Posts
    2,467
    Post Thanks / Like
    Likes (Given)
    442
    Likes (Received)
    1749

    Default

    Quote Originally Posted by EmanuelGoldstein View Post
    ...First, we are talking about telephones. Anyone doing national security over a cell phone is an idjut.
    My phone is not just a phone, it's a network connected device. When I get home it connects to my home network. When I go to work it connects to my work network. From my phone I can see the rest of the network, manage the routers, etc.

    If someone was to hack my phone, they could gain access to a lot more than my call history- they would have the authentication credentials for my networks, my email, online banking...

    5G will be ore than just a phone network- there will be all kinds of stuff connected. Cars, trains, power systems, etc.

    The Home Depot hackers got in through the lighting systems. They got into the network of the company that manages the HVAC and lighting controls, from there they went to the Home Depot network, got into the POS system and stole all the customer credit card info.

  5. #85
    Join Date
    Jul 2007
    Country
    UNITED KINGDOM
    Posts
    4,728
    Post Thanks / Like
    Likes (Given)
    2488
    Likes (Received)
    2291

    Default

    Quote Originally Posted by jancollc View Post
    My phone is not just a phone, it's a network connected device. When I get home it connects to my home network. When I go to work it connects to my work network. From my phone I can see the rest of the network, manage the routers, etc.

    If someone was to hack my phone, they could gain access to a lot more than my call history- they would have the authentication credentials for my networks, my email, online banking...

    5G will be ore than just a phone network- there will be all kinds of stuff connected. Cars, trains, power systems, etc.

    The Home Depot hackers got in through the lighting systems. They got into the network of the company that manages the HVAC and lighting controls, from there they went to the Home Depot network, got into the POS system and stole all the customer credit card info.
    So why does any of that mean that a network should use another manufacturer instead of Huawei in their 2G/3G/4G/5G rollout?

  6. #86
    Join Date
    Jan 2017
    Country
    UNITED STATES
    State/Province
    Oregon
    Posts
    2,467
    Post Thanks / Like
    Likes (Given)
    442
    Likes (Received)
    1749

    Default

    Quote Originally Posted by Mark Rand View Post
    So why does any of that mean that a network should use another manufacturer instead of Huawei in their 2G/3G/4G/5G rollout?
    I was addressing the comment "anyone doing nat'l security over a phone...".

    The point is that the phone stores more info than just a call log. Much of the 5G network will have co-located servers for cloud edge computing, all of this connected to the backbone. There will be plenty of opportunities for bad actors to exploit. No need to invite them in at the ground floor.

    The US Gov't has long-standing concerns about both Huawei and ZTE. Have you missed that part, or you just don't believe it?

  7. #87
    Join Date
    May 2007
    Country
    UNITED STATES
    State/Province
    Texas
    Posts
    2,599
    Post Thanks / Like
    Likes (Given)
    3052
    Likes (Received)
    479

    Default

    If a carrier is secure and protects against unauthorized access and is secure from hackers or subversive countries then it is not a problem. That kind of company poses no concern.

  8. #88
    Join Date
    Jun 2013
    Location
    Northern Il
    Posts
    1,280
    Post Thanks / Like
    Likes (Given)
    672
    Likes (Received)
    1214

    Default

    Quote Originally Posted by Mark Rand View Post
    So why does any of that mean that a network should use another manufacturer instead of Huawei in their 2G/3G/4G/5G rollout?
    It is my understanding that it is not the actual cell phones that are the issue but rather the backbone hardware that actually makes up the network.

    It is one thing to be using the Huawei modem hardware in your cell phone, that is somewhat a localized risk but if you are using the Huawei hardware to actual do all of the switching in a network then you have at that point a system wide problem.

    Here is a case in which the CIA was doing this to the Russians:Spies in the Xerox Machine - Electrical Strategies

    Albeit this is a very old story but is a good example of the risks a new technology can expose the end user to.

    Whenever you are wholly trusting someones technology without do diligence as to safe guards, you are inviting trojan horse attacks.

  9. #89
    Join Date
    Jul 2007
    Country
    UNITED KINGDOM
    Posts
    4,728
    Post Thanks / Like
    Likes (Given)
    2488
    Likes (Received)
    2291

    Default

    Quote Originally Posted by jancollc View Post
    I was addressing the comment "anyone doing nat'l security over a phone...".

    The point is that the phone stores more info than just a call log. Much of the 5G network will have co-located servers for cloud edge computing, all of this connected to the backbone. There will be plenty of opportunities for bad actors to exploit. No need to invite them in at the ground floor.

    The US Gov't has long-standing concerns about both Huawei and ZTE. Have you missed that part, or you just don't believe it?
    The US government may have long standing concerns about Huawei, but they have no relation whatsoever to security. This is no more or less than a part of the current government's economic warfare against China with a complete disregard to collateral damage.

    Try to find any reports of significant security issues with Huawei equipment*. You won't because they are being constantly monitored by government and business concerns just to find those vulnerabilities. The company's Chief security officer in the US has even made the point that other manufacturers should face the same level of inspection that Huawei have in order to force improvement of their products.

    Forbes article on the topic.

    Including the Bloomberg article about 'back doors'

    PS:- One of the reasons I get het up over this is that I spent over 30 years as programmer, then System administrator, then network administrator for a multi-national company. At one point I was in charge of the Wide Area Network for 65,000 people (Ok, it gave me a nervous breakdown and I ended up on anti-depressants).

  10. Likes JoeE. liked this post
  11. #90
    Join Date
    Jul 2007
    Country
    UNITED KINGDOM
    Posts
    4,728
    Post Thanks / Like
    Likes (Given)
    2488
    Likes (Received)
    2291

    Default

    Quote Originally Posted by Ziggy2 View Post
    Whenever you are wholly trusting someones technology without do diligence as to safe guards, you are inviting trojan horse attacks.
    See post 5 in this thread.

  12. #91
    Join Date
    Jan 2017
    Country
    UNITED STATES
    State/Province
    Oregon
    Posts
    2,467
    Post Thanks / Like
    Likes (Given)
    442
    Likes (Received)
    1749

    Default

    Quote Originally Posted by Ziggy2 View Post
    It is my understanding that it is not the actual cell phones that are the issue but rather the backbone hardware that actually makes up the network.
    It really has to be all of it. The way mobile networks work, the push updates are almost continuous.

    You can do all the security testing in the world today, tomorrow a new software update is pushed down and you are right back at square one.

    The dependence on these networks increases every day, and with each iteration the risks increase as well. It's not something that can ever be eliminated- it's a cat and mouse game.

  13. #92
    Join Date
    Jan 2002
    Location
    West Coast, USA
    Posts
    7,666
    Post Thanks / Like
    Likes (Given)
    472
    Likes (Received)
    5092

    Default

    Quote Originally Posted by Mark Rand View Post
    The US government may have long standing concerns about Huawei, but they have no relation whatsoever to security. . .
    You've raised some good points, Mark. Still, it shouldn't be hard to understand the security concern:

    1) Huawei's founder was a former military technologist for the People's Liberation Army.

    2) The company has gotten to a dominant position, in part, by repeatedly stealing other companies' technology. The company culture is alls-fair-in-war.

    3) It has been deceptive in the Iran trade sanctions issue -- taking great pains to cover its lies about compliance.

    4) The most optimistic case on what influence the Chinese government might have on coding in things like backdoors or utilizing known-only-to-them vulnerabilities is that the Xi-President-for-Life government would never do anything like that -- despite passing a law that explicitly requires it should Xi so choose.

    5) The potential damage in a 5G oriented world is likely orders of magnitude beyond the hacks we've seen to date. Clearly the European and South Korean etc. suppliers of 5G equipment will also require extraordinary review -- and it isn't clear who's up for paying the tab.

    Hard to know where all this is headed. Apparently China's latest move, to support Huawei, is a threat to ban the export of all rare earth metals. Meanwhile the governments of both Australia, New Zealand, and France seem to share a concern. You'd likely know more about your own government's stance, but the UK and Germany share at least some concern.

  14. #93
    Join Date
    Jan 2017
    Country
    UNITED STATES
    State/Province
    Oregon
    Posts
    2,467
    Post Thanks / Like
    Likes (Given)
    442
    Likes (Received)
    1749

    Default

    Quote Originally Posted by Mark Rand View Post
    The US government may have long standing concerns about Huawei, but they have no relation whatsoever to security. This is no more or less than a part of the current government's economic warfare against China with a complete disregard to collateral damage.

    Try to find any reports of significant security issues with Huawei equipment*. You won't because they are being constantly monitored by government and business concerns just to find those vulnerabilities.
    This is your Government's report for 2019. You have been making this same assessment every year for the past 5 years.

    The report is about security issues with Huawei equipment in the UK.

    Start at page 15 for the findings.

    https://assets.publishing.service.go...eport-2019.pdf

  15. #94
    Join Date
    Jan 2007
    Location
    Flushing/Flint, Michigan
    Posts
    7,612
    Post Thanks / Like
    Likes (Given)
    379
    Likes (Received)
    6356

    Default

    Quote Originally Posted by PeteM View Post
    .....

    5) The potential damage in a 5G oriented world is likely orders of magnitude beyond the hacks we've seen to date. Clearly the European and South Korean etc. suppliers of 5G equipment will also require extraordinary review -- and it isn't clear who's up for paying the tab.
    .....
    Please explain this in terms an old school hacker can understand. I don't get the tens times danger or the hype.
    Bob

  16. #95
    Join Date
    Dec 2008
    Location
    Vt USA
    Posts
    6,736
    Post Thanks / Like
    Likes (Given)
    736
    Likes (Received)
    2316

    Default

    This entire business is a matter of trust.
    No different than BREXIT
    No different than the last US election.

  17. Likes Mark Rand liked this post
  18. #96
    Join Date
    Dec 2010
    Location
    Sydney Au
    Posts
    425
    Post Thanks / Like
    Likes (Given)
    43
    Likes (Received)
    43

    Default

    Quote Originally Posted by EmmanuelGoldstein
    And 5 eyes can suck my dick. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated ..."

    Fuck off, US gubmint.
    Apparently you can blame us - How Australia led the US in its global war against Huawei

    Unreasonable searches, ha, this joint is probably one of the most intrusive places short of Cold War East Germany now....but both major parties support this crap too!

  19. #97
    Join Date
    Jul 2007
    Country
    UNITED KINGDOM
    Posts
    4,728
    Post Thanks / Like
    Likes (Given)
    2488
    Likes (Received)
    2291

    Default

    Quote Originally Posted by jancollc View Post
    This is your Government's report for 2019. You have been making this same assessment every year for the past 5 years.
    Which I linked to in post 5 of this thread..

    As noted in that post "The centre set up in the UK to analyse Huawei hardware and software has found some sloppy code, but no back doors in eight years of investigation." The problems indicated in the report are documented and worked on with both the HCSEC and Huawei.

    Every single network device I've ever worked with that was bright enough to need software/firmware with has had software/firmware bugs. Just as with computer operating systems, evaluating and installing patches is an important part of operating a system.

    The fact that there is such intense scrutiny of the company's products is good. It would be better if other manufacturers also underwent the same level of inspection.

  20. #98
    Join Date
    Jan 2002
    Location
    West Coast, USA
    Posts
    7,666
    Post Thanks / Like
    Likes (Given)
    472
    Likes (Received)
    5092

    Default

    Quote Originally Posted by CarbideBob View Post
    Please explain this in terms an old school hacker can understand. I don't get the tens times danger or the hype.
    Bob
    Bob, My take is that the higher speeds and low latency of 5G mean that it can (and thus will) be used in all sorts of automation scenarios: driverless trucks and cars, automated traffic routing, putting trains on the right tracks, factory automation, all sorts of augmented reality apps by government and quasi govt. agencies (e.g. live mapping of underground utilities before digging, ambulance dispatch on the best routes, real time fire and security monitoring systems, faster Wall St. trades, etc.) Even remote surgery is being planned, using tele-operators. Imagine the equivalent of a denial of service attack in the midst of that. Or better yet, a fleet of driver-less trucks gone AWOL?

    We already have entire hospitals, companies, and municipal governments being held ransom by hackers. Plus the usual financial fraud that's likely already up in the trillion range worldwide. And foreign actors hoping (and sometimes succeeding) in disrupting disrupt the entire Internet, financial transactions, voting systems, companies (e.g. Sony and a zillion others), uranium enrichment centrifuges (sure, our fault or credit), etc. But as we add real-time 5G-enabled services, any sort of hostile attack could have much greater impact. And we have lots of very capable hackers (Russia, Ukraine, China, North Korea, Iran etc.) more than happy to oblige for either personal gain or ideological idiocy.

    I'm not by nature an alarmist. Back in Y2K days I was so confident it would not be a problem, that I invited all sorts of friends to a Y2K party. Back then we had a fair amount of redundant systems. Now, however, I think there's a real threat as we become more dependent on net-enabled systems.

    In the old hacker days, individual company servers/networks were at risk. Today, it's anyone connected to the net and a bit careless. Tomorrow it's any device with a computer inside (now even light bulbs and toasters) in a world with about as many cell phones in it as people. There are thousands of companies hoping to become rich with the "Internet of things" -- and that Internet will be pretty much 5G connected.

    Be happy to learn if this concern isn't real . . .

  21. #99
    Join Date
    Jun 2013
    Location
    Northern Il
    Posts
    1,280
    Post Thanks / Like
    Likes (Given)
    672
    Likes (Received)
    1214

    Default

    Quote Originally Posted by jancollc View Post
    This is your Government's report for 2019. You have been making this same assessment every year for the past 5 years.

    The report is about security issues with Huawei equipment in the UK.

    Start at page 15 for the findings.

    https://assets.publishing.service.go...eport-2019.pdf
    Is my read correct in that there appear to be serious issues and doubts over the long term supportability of the hardware buried in the committee report fluff? It also appears that some of these have existed for several years without being remediated.

    Or is my understanding of the report incorrect?

  22. #100
    Join Date
    Jan 2017
    Country
    UNITED STATES
    State/Province
    Oregon
    Posts
    2,467
    Post Thanks / Like
    Likes (Given)
    442
    Likes (Received)
    1749

    Default

    Quote Originally Posted by Mark Rand View Post
    ..The problems indicated in the report are documented and worked on with both the HCSEC and Huawei.
    The same issues were identified in the 2018 report, and the 2019 report says no significant progress has been made.

    Quote Originally Posted by Mark Rand View Post
    Every single network device I've ever worked with that was bright enough to need software/firmware with has had software/firmware bugs. Just as with computer operating systems, evaluating and installing patches is an important part of operating a system.
    They say software is not able to be properly checked because they cannot compile a consistent binary from the source code.
    It has always been part of the mitigation strategy to ensure that the source code examined by HCSEC is precisely that which is compiled to the binaries executing in UK network equipment. Without a process to show that the source code and build environments examined by HCSEC uniquely produce he binary deployed in the UK’s networks, it is impossible to provide end-to-end assurance in the security and integrity of the products in use.

    ...

    HCSEC was tasked with understanding the issues confronting Huawei in creating repeatable builds. The issue in all cases is with Huawei’s underlying build process which provides no end-to-end integrity, no good configuration management, no lifecycle management of software components across versions, use of deprecated and out of support tool chains (some of which are non-deterministic) and poor hygiene in the build environments, many of which cannot be easily recreated by HCSEC.

    It is unclear whether there is any utility in continuing the binary equivalence programme given the fundamental issues in the underlying build process and the customer management and engineering processes that drive it.

    It remains the NCSC intent that all products deployed in the UK will have repeatable builds and that HCSEC will be able to routinely show equivalence between the binary installed in UK networks and the binary that can be built from the source code held by HCSEC, as is usual with a well-managed software engineering process.

    The recent work with the four pilot products demonstrates that this is currently impractical at any useful scale given Huawei’s current build process. The NCSC has advised the Oversight Board that it will only be possible to offer limited assurance for equipment currently deployed in the UK unless and until the build process has fundamentally changed.
    That doesn't sound like any vote of confidence I have ever read.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •