The US Fears Huawei Because It Knows How Tempting Backdoors Are

[dufus]

Huawei has vigorously denied that it conducts wrongful surveillance or that it cooperates with the Chinese government by creating backdoors in its network systems.

 

US officials allege that Huawei has backdoors in its technology. The US knows firsthand how powerful those can be.

 

After publicly pressuring its allies to ban Huawei equipment in their 5G networks, US officials are now publicly accusing the Chinese telecom giant of being able to spy on mobile data. The allegations, reported by the Wall Street Journal on Tuesday, represent the first specific concern the US has articulated about Huawei after months of conceptual arguments.

 

The details around the accusation remain vague, indicating that Huawei may be able to spy on access points meant for law enforcement. US officials speaking to the Journal apparently declined to say whether the company had actually done so. But while suggesting a potential mechanism for improper surveillance does heighten the debate between the US and Huawei, it also hints at a deeper self-awareness on the part of US officials. In truth, the intelligence community fears Huawei for a fundamental reason: China will take whatever advantage it can, not unlike the US has done in the past.

 

US officials have previously said they didn't need to justify their reservations about Huawei and the potential that the company's equipment could contain Chinese government backdoors. But a number of US allies are taking a different approach to dealing with the telecom giant, hoping to manage the potential risks rather than banning Huawei equipment altogether. The United Kingdom, for example, has maintained an auditing facility in China for years adjacent to Huawei's headquarters. And a UK security analysis from last year found that Huawei has more pressing security issues from sloppy, flawed code than from Chinese espionage. Meanwhile, the German legislature will soon vote on a bill that would allow Huawei equipment in German 5G infrastructure if the telecom makes promises about the integrity of its security protections.

 

Still, researchers say that it's unclear what exactly the US is alleging on a technical level with its new allegations that Huawei maintains network access that other manufacturers don't.

 

"We would need to have more details to be able to draw any conclusions," says Lukasz Olejnik, an independent cybersecurity researcher and advisor. "We know that forms of technical lawful intercept are a feature of all generations of cellular telecom specifications. But it's unclear what officials in the Wall Street Journal story are referring to exactly."

 

If Huawei has been abusing law enforcement access capabilities to clandestinely gather or funnel user communication data, it would be an example of the types of backdoors US officials have warned against. Huawei has vigorously denied that it conducts wrongful surveillance or that it cooperates with the Chinese government by creating backdoors in its network systems. But US government officials have pointed out that China is an authoritarian state that maintains laws about corporate cooperation with government demands.

 

Furthermore, the US knows all too well that private companies can be infiltrated for espionage or technical control. Take the Swiss secure communications and equipment firm Crypto AG, which operated for decades under secret US intelligence control. Components of the scheme came to light over the years, but Crypto AG continued to operate until 2018, selling security tools with weakened encryption to foreign governments. In the most comprehensive expose on the operation to date, the Washington Post reported on Tuesday that Crypto AG was co-owned and managed from the 1940s by the CIA and West German intelligence (later the German agency, the BND) until the early 1990s, when the BND sold its stake to the CIA.

 

Crypto AG had a strong business selling security equipment to more than 120 countries, according the Washington Post, including India, Pakistan, and Iran. The Soviet Union and China never bought Crypto AG equipment, citing concerns about links to Western governments.

 

Even with the new layer of accusations, the case against Huawei still comes down to how countries plan to manage "supply chain" security issues. If you don't trust the entity producing technical tools or the environment they were made in, you must consider the possibility that the equipment was created with a hidden backdoor or other foundational flaw. Again, look no further than the US: Reports in 2013 revealed that the US National Security Agency physically intercepted and added technical backdoors to enterprise IT equipment, like Cisco and Juniper Networks products, to enhance data access.

 

This is why it's so difficult to manage risk with a private company through partial mitigations like those the UK is using. It's very difficult to vet market-ready devices for intentional backdoors, especially those designed to weaken encryption algorithms in near-imperceptible ways. You need to both reverse engineer the code accurately to understand exactly how a system functions and then conduct an exhaustive mathematical analysis of the cryptography. No matter how thorough this process, it's always possible that well-engineered flaws can evade detections.

 

"Every organization should understand and accept that they can't fully audit the encryption code on the devices they use to secure their data," says Jake Williams, a former NSA analyst and founder of the security firm Rendition Infosec. "And there's a history of potential hardware tampering by government agencies around the world. So organizations need to choose equipment that, if backdoored, presents the least risk. Supply chain security is a bear."

 

So the Huawei debate continues to go in circles. Regardless of the latest revelations, the question remains whether the risk is manageable, or if the US and its allies should forego Huawei altogether.

 

"Technology is a matter of national security as never before," Olejnik says. "Generally, what matters is control over hardware and software, bottom up, the full stack. Who do you trust? It's a question of digital sovereignty."

 

When it comes to equipment sitting in the heart of US wireless networks, you can start to understand the US government's fundamental concerns with Huawei. Especially given the US's own history of planting backdoors in technologies around the world.

 

sauce

 

US Government Considering A Stake In Nokia, Ericsson

 

 

[Karlston]

US says it can prove Huawei has backdoor access to mobile-phone networks

US hasn't made evidence public but reportedly shared it with UK and Germany.

Enlarge

Huawei

US officials say they have evidence that Huawei has backdoor access to mobile-phone networks around the world, according to a Wall Street Journal article published today.

 

"We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world," US National Security Adviser Robert O'Brien told the Journal.

 

The United States has long claimed that Huawei can secretly access networks through the networking gear it sells to telcos, but the goverment previously argued that it doesn't need to show any proof. US officials still are not providing such evidence publicly but have begun sharing their intelligence with other countries, the Journal report said.

 

The Journal wrote:

The US kept the intelligence highly classified until late last year, when American officials provided details to allies including the UK and Germany, according to officials from the three countries. That was a tactical turnabout by the US, which in the past had argued that it didn't need to produce hard evidence of the threat it says Huawei poses to nations' security.

The US has been sharing this evidence at the same time the Trump administration tries to convince allies to get Huawei gear out of their networks.

 

US officials said they have been aware of Huawei's backdoor access "since observing it in 2009 in early 4G equipment," the Journal wrote. However, the US officials quoted by the Journal "declined to say whether the US has observed Huawei using this access."

Backdoors designed for law enforcement

Telecom-equipment makers who sell products to carriers "are required by law to build into their hardware ways for authorities to access the networks for lawful purposes," but they "are also required to build equipment in such a way that the manufacturer can't get access without the consent of the network operator," the Journal wrote.

 

US officials say that Huawei has violated these laws, which are enforced in multiple countries, the Journal wrote:

US officials say Huawei has built equipment that secretly preserves the manufacturer's ability to access networks through these interfaces without the carriers' knowledge. The officials didn't provide details of where they believe Huawei is able [to] access networks. Other manufacturers don't have the same ability, they said.

One US official told the Journal that "Huawei does not disclose this covert access to its local customers, or the host nation national-security agencies."

Huawei says it’s not spying

Huawei disputed the latest allegations, as it has done in the past, saying it "has never and will never do anything that would compromise or endanger the security of networks and data of its clients." Huawei also said that the United States made its latest accusations "without providing any kind of concrete evidence."

 

"No Huawei employee is allowed to access the network without an explicit approval from the network operator," a Huawei official said, according to the Journal.

 

The US government has been moving to reduce the amount of Huawei and ZTE equipment in telecom networks. The Federal Communications Commission voted unanimously in November to ban Huawei and ZTE gear in projects paid for by the FCC's Universal Service Fund (USF). FCC Chairman Ajit Pai said at the time that Huawei and ZTE "have close ties to China's Communist government and military apparatus" and "are subject to Chinese laws broadly obligating them to cooperate with any request from the country's intelligence services and to keep those requests secret."

 

The ban is expected to hit small carriers the hardest, as Huawei has appealed to small network operators by selling low-cost gear. By contrast, big telcos like AT&T "have long steered clear of Huawei," a March 2018 Wall Street Journal report said.

 

 

Source: US says it can prove Huawei has backdoor access to mobile-phone networks (Ars Technica)  

[dufus]

highly likely