The Dim-Post

March 28, 2012

Basically I just like saying Huawei

Filed under: Politics — danylmc @ 1:22 pm

Coincidentally, I bought myself a Huawei phone the other day. I remarked at the time that it was the first Chinese brand item I’d ever purchased, and wondered how long it’d be before the majority of my luxury consumer purchases were Chinese brands. It’s an impressive product, so-far. $150 for a smart-phone running Android 2.2.

Ah, but maybe the price is so low because I’m paying an external cost in compromised data security. If Huawei installed a back-door onto the OS of the phone it could access my Twitter and Facebook accounts. It could like things on my behalf without my knowledge!

Maybe I’ve been overwhelmed by brand-loyalty here, but the fears around Huawei winning the bid for the ultra-fast broadband network sound like bullshit to me. Consumer broadband is not a secure or strategic piece of infrastructure, and it’s subject to security audits. If Huawei did install back-doors in the products and they started showing up in those audits, the company would lose all its international business overnight.

It doesn’t make a lot of sense. The Greens’ scare-mongering over this makes me wonder how principled their stand on the Crafer farms sale really was – did they genuinely act out of principle, or was xenophobia a motivating factor?

About these ads

48 Comments »

  1. Russel Norman’s statement this morning that he’d “never” have a Huawei modem in his house was fairly remarkable. Sure, he’d have greater security needs than most of us, but if they were selling consumer modems with espionage back doors, I think the NSA would know about it by now.

    Comment by dubwisenz — March 28, 2012 @ 1:28 pm

  2. security dude on RNZ this morn said hardware “tap” would be near impossible to detect. But he may have been a spokesman for the Nort Carolina Telcommunications Equipment Manufacturers Association.

    Comment by Clunking Fist — March 28, 2012 @ 1:33 pm

  3. “If Huawei installed a back-door onto the OS of the phone”
    Can’t you just “flash” the phone with a new copy of the os downloaded from.. somewhere?

    Comment by Clunking Fist — March 28, 2012 @ 1:35 pm

  4. Someone, I can’t remember who pointed out to me when the Greens were opposing the Crafar farms sale that it was possible to be opposed to the sale of assets to companies from a totalitarian state with a poor human rights record without being xenophobic. Which I thought was sound reasoning. If the Greens had taken that line with Huawei I’d have wondered about their economic nouse – no assets are being sold.
    Taking the “they might be spying on us” line just makes them seem … unnecessarily paranoid. And now that you mention it does give the impression that they are using the Chinese for scaremongering rather then it being a principled stand. Especially given they have in the past, given the impression that they have a reasonable understanding of how telecommunications technology works.

    Comment by Ben — March 28, 2012 @ 1:38 pm

  5. If they were using OpenSource software on their hardware that could easily be upgraded to an aftermarket software then I wouldn’t have an issue about it. Proprietary software that probably comes with an agreement not to reverse engineer is something else. BTW, Android is OpenSource (it’s based upon Linux) and so you should be able to see the source of the software on your phone and upgrade it to any other version of Android (in theory).

    I recall a few years ago when new commercial encryption protocols were being released the NSA submitted one. It was large, clunky and, quite simply, not up to standard and thus not used (it was accepted). What makes me remember it though was that there were rumors that it had a backdoor in it as well.

    “Consumer broadband is not a secure or strategic piece of infrastructure,”
    Wrong, very, very wrong. Our national communications net is most definitely strategic infrastructure.

    Thing is, we should be making this stuff here for our own use from our own resources. That would make sense in matters of security, putting us on a more sustainable path as well as developing our culture.

    Comment by Draco T Bastard — March 28, 2012 @ 1:43 pm

  6. Wasn’t the scare raised because Australia and USA had concerns? All they were saying was has the possibility of security risk been considered in light of other country concerns. Of course the concerns might have arisen from competitors?

    Comment by xianmac — March 28, 2012 @ 1:45 pm

  7. What worries me with the UFB stuff is that there are presumably tons of routers and switches etc all with Huawei’s custom firmware loaded which can have whatever back doors they want installed.
    This is true of the alternatives too. So the question is really who do we want hacking our systems? The US, the Chinese or someone else? It is compounded by the need to apply updates and patches over time, always sourced from the supplier.

    There is one well known way around this: make sure all the software (and the firmware) is open source. That means people can look it over for back doors. It doesn’t mean they cannot be there, but it does mean there’s a huge risk someone will catch them out. The reason the vendors won’t do this is they want to keep their proprietary systems confidential (and possibly because they want to install back doors). So one answer is to only buy from vendors who are prepared to open-course their software.

    Incidentally that is the answer (if you felt you needed one) with your phone. If you can’t get hold of the source of the code installed by Huawei you can download another ROM and load that instead. There are lots of nice people publishing open source Android ROMs on the net. They’re mostly donation-ware, so cheap (or free if you’re mean).

    Comment by Roger Parkinson (@RogerParkinson) — March 28, 2012 @ 1:46 pm

  8. “The Greens’ scare-mongering over this makes me wonder how principled their stand on the Crafer farms sale really was – did they genuinely act out of principle, or was xenophobia a motivating factor?”

    Good question, let me just consult my favourite New Zealand based political blogger, Danyl at the Dim Post. Hmm. He says “while China is a rising economic super-power and a close trade partner of New Zealand, it’s also a totalitarian military dictatorship. People are allowed to feel apprehensive about such a state building its own vertical supply chains within the New Zealand economy without being labeled xenophobic and racist.”

    http://dimpost.wordpress.com/2012/01/28/i-know-its-rude-to-point-this-out/

    Comment by Hugh — March 28, 2012 @ 1:47 pm

  9. Where did you buy the phone?

    Comment by Peterchanel — March 28, 2012 @ 1:49 pm

  10. More than that – Australia has stopped Huawei for bidding for a role in the construction of Australia’s broadband network because of security concerns. Obviously the exact nature of the information justifying this is secret, but its pretty clear from comments made that the source is the US. Given that Australia thinks the information is sufficient to justify this reaction, there is some reason to think it might be more solid than other stuff that goes round.

    The problem in these situations is that its impossible to assess the claims without seeing the evidence, but the evidence is seldom made available (for reasons that are generally sound).

    Comment by BeShakey — March 28, 2012 @ 1:51 pm

  11. Given that Apple and others have been snapped putting backdoors in consumer gear (and suffering no meaningful customer backlash), I don’t think it’s all that fanciful.

    But if I were running a strategic-level intel gathering project for an unscrupulous foreign government, in this initial phase I would be working on building consumer and government-level reputation and networks — people networks, not the electronic kind — in order to inveigle my company and its products into the target market’s technical and administrative fabric with a view to doing evil nefarious stuff once my brand was a trusted household and board-table name.

    Huawei may or may not be doing any of this; I have no clue. But I think it’s a bit simplistic to see it simply as install UFB -> hack Echelon -> global domination. That’s a movie plot threat, sure, but it’s not the only possibility.

    L

    PS Danyl, there’s something screwy going on with comments; I got asked to log in, with SSL and everything. You’re not getting all paranoid-authoritarian on us, are you?

    Comment by Lew (@LewStoddart) — March 28, 2012 @ 1:53 pm

  12. The guy who sold me my phone eagerly informed me that ‘it’s open source, so you can hack the code!’ Given that I can program in C I could, conceivably, re-write the libraries and totally fuck up my phone, but it’s hard to see why, or how many customers could take advantage of this feature.

    Comment by danylmc — March 28, 2012 @ 1:55 pm

  13. Context Hugh, context. Makes a massive difference.

    Comment by Nathaniel — March 28, 2012 @ 1:55 pm

  14. @Nathaniel: The only way I can see the context as having changed is if one genuinely regards this Huawei thing as the first time the Greens have ever tried to raise critical public awareness over something that isn’t actually a big issue. And even then, Danyl’s earlier support for the Greens’ stance was never based on the argument that “The Greens oppose it, and they have integrity, so it must be bad”

    Comment by Hugh — March 28, 2012 @ 2:06 pm

  15. I suppose one could interpret the Greens’ new found appreciation of foreign intelligence agenices as flexibility.

    Comment by NeilM — March 28, 2012 @ 2:09 pm

  16. @Lew Stoddart is absolutely correct, back doors are hardwired into all communication products and are accessed by Police and Government agencies routinely for a range of reasons from National Security through to the tracking of criminals. That same technological back door can be abused by rogue countries to crash a computer network or hack someones personal data, ie Murray McCully and does raise some serious security issues considering the bulk of intergovernmental communications are electronic these days.

    Comment by Kevin — March 28, 2012 @ 2:11 pm

  17. back doors are hardwired into all communication products and are accessed by Police and Government agencies routinely

    No they aren’t. Police and government agencies liaise with service providers.

    Comment by danylmc — March 28, 2012 @ 2:14 pm

  18. @Hugh – China doesn’t equal Huawei though – which is kinda the point yeah?

    Comment by Nathaniel — March 28, 2012 @ 2:18 pm

  19. @Nathaniel – The Chinese government isn’t directly buying Crafar either, that’s a China-based company, just like Huawei.

    Comment by Hugh — March 28, 2012 @ 2:19 pm

  20. “The guy who sold me my phone eagerly informed me that ‘it’s open source, so you can hack the code!’ Given that I can program in C I could, conceivably, re-write the libraries and totally fuck up my phone, but it’s hard to see why, or how many customers could take advantage of this feature.”

    http://www.xda-developers.com/ has most of what you’d need.

    Remember you don’t have to rewrite _everything_ because they give you the existing source. You can tweak bits here and there (and totally mess up your phone). Most people don’t, of course. The point is they can, and they can load stuff from other folks. Of course getting support from your vendor afterwards is another challenge. Did the guy who sold you the phone mention that?

    Comment by Roger Parkinson (@RogerParkinson) — March 28, 2012 @ 2:20 pm

  21. The point is that in am authoritarian state-capitalist economy like China’s, it’s practically impossible to rule out Chinese government involvement in, manipulation of or influence over any business.

    L

    Comment by Lew (@LewStoddart) — March 28, 2012 @ 2:21 pm

  22. “The point is that in am authoritarian state-capitalist economy like China’s, it’s practically impossible to rule out Chinese government involvement in, manipulation of or influence over any business.”

    So you’d say Danyl’s wrong not to be concerned about Huawei?

    Comment by Hugh — March 28, 2012 @ 2:26 pm

  23. “15. I suppose one could interpret the Greens’ new found appreciation of foreign intelligence agenices as flexibility. Comment by NeilM — March 28, 2012 @ 2:09 pm”

    Win comment!

    Comment by Clunking Fist — March 28, 2012 @ 2:26 pm

  24. As I found out recently, Huawei is pronounced Wa – che, with an slightly aspirated wh sound…. shades of whanganui!

    Comment by Stephanie — March 28, 2012 @ 2:26 pm

  25. “The Greens’ scare-mongering over this makes me wonder how principled their stand on the Crafer farms sale really was – did they genuinely act out of principle, or was xenophobia a motivating factor?”

    Your funniest line of the year so far.

    Comment by stephenps — March 28, 2012 @ 2:29 pm

  26. “So you’d say Danyl’s wrong not to be concerned about Huawei?”

    Well, I don’t think there’s much to be gained by random individuals wringing their hands about such things. You and I and Danyl aren’t really equipped to judge, and because of this are prone to being mislead by Daiseyesque extravagances from either side. But other governments and those better advised ought to give it some consideration.

    L

    Comment by Lew (@LewStoddart) — March 28, 2012 @ 2:30 pm

  27. @Lew: I’m going to resist the temptation to get into a discussion about the validity of People On The Internet Having Opinions About Things, but I do wonder what constitutes “some consideration”. I’ve noticed there’s a tendency of people to assume that conclusions that don’t align with their preferences to assume that those conclusions must have been made hastily or without due diligence. I mean, isn’t the whole reason we’re having this discussion that some consideration has already been leveled against Huawei’s offer?

    Comment by Hugh — March 28, 2012 @ 2:35 pm

  28. Furthermore – you’d have to assume any electronics made in China to be potentially at risk too. Maybe my TV is spying on me after all?

    Comment by Nathaniel — March 28, 2012 @ 2:37 pm

  29. Hugh, to be clear, I’m fine with People On The Internet Having Opinions About Things, but one Person’s lack of Concern about a given Thing is not in itself a Cause For Concern.

    As to the latter bit, i think the reason we’re having this discussion is because some consideration has already been made of Huawei in Australia, and the conclusion from that differs significantly from our government’s default position.

    L

    Comment by Lew (@LewStoddart) — March 28, 2012 @ 2:45 pm

  30. @Lew: It’s not the lack of concern so much as the implied U-turn – Danyl himself made the comparison between Huawei and Crafar, but I’m not sure if he’s forgotten his former position on Crafar, still holds it but nonetheless suspects the Greens of scare-mongering, or has actually changed his mind. And yea, I’m not too proud to admit that if it’s the last one I’d appreciate a chance to say “I told you so” although perhaps a little more eloquently than that.

    Comment by Hugh — March 28, 2012 @ 2:51 pm

  31. Regarding the UFB equipment,

    I imagine a diplomatic crisis 15 years from now over our support for the Dalai Lama.

    One night the entire Huawei UFB backbone starts resetting itself intermittently, shutting down all banking, phone calls, commerce etc.

    Strangely, the Huawei help desk staff seem uninterested in trouble shooting the problem.

    I wouldn’t want NZ’s entire network to be dependent on one brand, whether that is Nokia, Cisco, Alcatel or Huawei.

    Comment by Graeme Dykes — March 28, 2012 @ 2:55 pm

  32. This is big dilema for the Greens. You can hate on the USA and cheer their demise as much as you like but of course at the same time you open the way for those crafty Chinks to sit in the big chair.

    Caught between the devil and the deep blue sea.

    Comment by King Kong — March 28, 2012 @ 2:58 pm

  33. Huawei? wei a Hugh…

    Comment by mutyala — March 28, 2012 @ 2:59 pm

  34. @mutyala: As Stephanie #24 mentioned, it’s not pronounced like that.

    Comment by Hugh — March 28, 2012 @ 3:06 pm

  35. Why does Huawei need to have access to Russel’s hardware, don’t they have the capacity to just, like, read his mind?

    “Huawei? wei a Hugh…”

    That can’t be a coincidence

    Comment by tinakori — March 28, 2012 @ 3:12 pm

  36. Given that Apple and others have been snapped putting backdoors in consumer gear (and suffering no meaningful customer backlash), I don’t think it’s all that fanciful.

    The idea that Huawei could have been operating a Chinese govt backdoor in millions of consumer modems without the NSA spotting it seems highly unlikely to me, given the US government’s suspicion of Huawei.

    Apple, RIM and Nokia were accused of negotiating a backdoor for Indian government in their products, but that’s almost certainly bollocks.

    The other one of which I’m aware, the iTunes backdoor, looked more like an exploit that a commercial firm discovered and used as the basis of a hacking tool it sold to foreign governments:

    http://www.telegraph.co.uk/technology/apple/8912714/Apple-iTunes-flaw-allowed-government-spying-for-3-years.html

    Still not a great look for Apple.

    Basically, I’ve seen no evidence of a connection between Huawei products and Chinese government-sponsored hacking. I’m not saying it doesn’t exist, but you’d think there’d be something out there. Huawei set up a product security centre in Britain that was pretty much a glass box, and invited in regulators, security agencies, etc. MI6 grilled their prospective global security chief, John Suffolk, a former British govt CIO, but eventually told the PM’s office he could grant permission for Suffolk to take the job. It’s really not as if people haven’t been looking very hard at this company.

    BTW, the ASIO seems to have acted on the advice of the US-China Economic and Security Review Commission if anyone wants to research them.

    Comment by dubwisenz — March 28, 2012 @ 3:19 pm

  37. Sigh – why would China need a complex expensive operation with high risk when:
    a) it is cheaper to buy a human (say someone like this guy http://en.wikipedia.org/wiki/Robert_Hanssen) who with a $20 memory stick can download most government and industrial secrets.
    b) you can rely on groups like Wikilinks http://en.wikipedia.org/wiki/WikiLeaks to give it to you for free

    but hey I wear a tinfoil hat just to be sure

    Comment by WH — March 28, 2012 @ 3:57 pm

  38. While consumer BB might not be ‘strategic’, the switching gear is not specifically designed for that purpose on the network.

    Also, tools that monitor committed bitrate, manage network shaping etc. and analyse patterns in transmission are used for BI purposes so could certainly be used for passive (i.e. non- intercept) SIGINT.

    But yes as WH points out, given that it would be easier to buy the information from a disgruntled network planner with a gambling problem, why go to all the bother.

    Comment by Gregor W — March 28, 2012 @ 4:33 pm

  39. Not really on topic, but Huawei NZ is right dodgy. A large part of their work force is made up of Chinese nationals being paid as Chinese contractors on temporary working visas. They’re housed in dorm/offices that they never leave becase they don’t get holidays and they don’t have enough money to do anything.

    It’d be a good job for an investigative journalist if we had any.

    Comment by will — March 28, 2012 @ 5:08 pm

  40. Personally I would:
    – create a gmail address like mmcully53@gmail.com
    – send email from it to various targets asking to have correspondence cc’ed that that address from now on, stressing that they really need to be more careful with security these days, just to throw them off the scent.
    – wait for the confidential correspondence to come in
    – having harvested addresses from people who are sucked in, send some trojanned attachments/phishing URLs to those known-to-be careless people to get further inside

    Much easier.

    Incidentally, if I were auditing email with respect to the Judith Collins/Pullar/ACC debacle, one thing I’d be looking into is whether the addresses involved actually belong to the people whose names they resemble, whether they are stil in control of the account, etc.

    tl;dr

    HELP MCCULLY HERE, GOT MUGGED OUTSIDE CONSULTATE PLEASE SEND FUNDS.

    Comment by Stephen J — March 28, 2012 @ 5:12 pm

  41. I’m assuming CONSULTATE is an Auckland bar for the worthy and well known

    Comment by insider — March 28, 2012 @ 5:16 pm

  42. “Not really on topic, but Huawei NZ is right dodgy. A large part of their work force is made up of Chinese nationals being paid as Chinese contractors on temporary working visas. ”

    Now you see -that- is an issue that I could get worked up over, rather than Huawei being an intelligence front.

    (Just to prove I’m not a Huawei PR spokesman in disguise)

    Comment by Hugh — March 28, 2012 @ 5:18 pm

  43. well the Chinese have just failed to buy a few cows so it’s not surprising they’ve gone to DEFCON 1.

    but seriously, the Greens have gone all alarmist. Hughes has been cherry pick the science literature on fraking to try and build a shock-horror story which suggests they really haven’t learnt anything about how to deal with science since the GM saga.

    Comment by NeilM — March 28, 2012 @ 7:39 pm

  44. @NeilM, “gone”?

    Comment by Hugh — March 28, 2012 @ 8:40 pm

  45. “It doesn’t make a lot of sense. The Greens’ scare-mongering over this makes me wonder how principled their stand on the Crafer farms sale really was – did they genuinely act out of principle, or was xenophobia a motivating factor?”

    Ah, gold! That’s almost worth printing out and sticking on the fridge!

    Comment by Swan — March 28, 2012 @ 10:02 pm

  46. It’s common knowledge that Microsoft have had back doors in Windows for at least 15 years, allowing the NSA to access personal computers. The Chinese, Germans and others avoid Windows in security-sensitive deployments for this reason.

    Similarly Tier1 network providers in the US were providing listening facilities to the NSA illegally for most of a decade before the Patriot Act made it legal.

    Blackberry has had to compromise its network security to allow government agencies to spy on phone users. The governments complaining were the ones who didn’t yet gave access. The rest (who want it) already do.

    As for Huawei, they got their start pirating / counterfeiting Cisco routers and selling them all over Asia and Africa very cheaply in countries that didn’t enforce intellectual property laws. I saw some years ago. Huawei hardware virtually identical to a Cisco router…and the operating system was almost 100% Cisco. Like many criminal organisations, once they got big enough they go “legit”.

    Just a couple of weeks ago, a top US security official said out loud that devices like smartphones gave the government the ability to eavesdrop on people in their homes an places of work by activating the microphones remotely without the user’s knowledge.

    Based on experience, we should assume any major manufacturer is required to provide access to the security agencies of the governments they are vulnerable to.

    This is the record of the past two decades. If you aren’t aware of it, you haven’t been paying attention. The Australians have pulled their head out of the sand on this one…..though somewhat selectively. They still use American gear.

    Comment by Steve (@nza1) — March 29, 2012 @ 9:38 am

  47. “Based on experience, we should assume any major manufacturer is required to provide access to the security agencies of the governments they are vulnerable to.”

    So to reduce our security vulnerability, we should use hardware from… um… ????

    Comment by Hugh — March 29, 2012 @ 12:59 pm

  48. The first thing I’d be asking about the Australian concerns is who benefits? Who else is going to get the contract if Huawei doesn’t. If it’s any company from the US then a conflict of interest immediately throws doubt on the allegations – after all, the US government is well known for meddling to the benefit of US based corps.

    The Greens should instead be pushing for more NZ companies to be involved – at least then there’s an immediate economic benefit to NZers through additional employment. I would have thought they could use the tinfoil on other things…

    Comment by leftyliberal — March 29, 2012 @ 2:17 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 387 other followers

%d bloggers like this: