U.S. lawmakers warn Canada to keep Huawei out of its 5G plans

[NightHawkeye]

U.S. lawmakers warn Canada to keep Huawei out of its 5G plans

In a letter addressed to Canadian Prime Minister Justin Trudeau, Senators Mark Warner and Marco Rubio make a very public case that Canada should leave Chinese tech and telecom giant Huawei out of its plans to build a next-generation mobile network.
...
The outcry comes after the head of the Canadian Centre for Cyber Security dismissed security concerns regarding Huawei in comments last month.​

Hopefully, the Canadians will stay the course. The case against Huawei appears not just weak ... but non-existent.

US Urging Canada To Keep Huawei Out Of Their 5G Plans

2018 for Huawei hasn’t been the best for the company. The company initially had plans to officially partner up with carriers in the US to launch their phones, but those plans were cancelled at the very last minute as US lawmakers had warned carriers about the potential security threat that Huawei posed due to them being from China.​

It's always sad when good products are excluded from the marketplace for what appear to be anti-competitive reasons.

 

[LoAmmi]

The Chinese government does want to spy on the US and is using a lot of different ways to do it. I'm not saying it is a fact, but having smartphones connected to business networks that are provided by a company with close ties to the Chinese government does create a situation where China could steal US intellectual property and harm US companies. I'm not saying that is enough to block sales, but I think it's important to take a close look at this and think about the possible ramifications.

Our two biggest threats are China and Russia, if anybody is curious. Iran is third on the list.

Imagine the Chinese getting access to US military hardware specs because they are able to get into a phone connected to Boeing's network?

 

[NightHawkeye]

The Chinese government does want to spy on the US and is using a lot of different ways to do it. I'm not saying it is a fact, but having smartphones connected to business networks that are provided by a company with close ties to the Chinese government does create a situation where China could steal US intellectual property and harm US companies. I'm not saying that is enough to block sales, but I think it's important to take a close look at this and think about the possible ramifications.

Our two biggest threats are China and Russia, if anybody is curious. Iran is third on the list.

Imagine the Chinese getting access to US military hardware specs because they are able to get into a phone connected to Boeing's network?

I'm all in favor of punishing companies which do bad things. Huawei though, despite being Chinese, has done nothing wrong according to numerous investigations into the allegations hurled repeatedly against them.

For about a decade US intelligence agencies have been overtly critical of Huawei. As a result, the best investigators have looked into Huawei repeatedly ... and found nothing. Instead, we've learned that US intelligence agencies were doing the very things they accused Huawei of ... and apparently upset that Huawei was outside their sphere of influence.

From a technical perspective ... it's logically impossible to build backdoors into equipment which cannot be detected. Those extra bits always reveal themselves when one looks at the input and output.

 

[LoAmmi]

I'm all in favor of punishing companies which do bad things. Huawei though, despite being Chinese, has done nothing wrong according to numerous investigations into the allegations hurled repeatedly against them.

For about a decade US intelligence agencies have been overtly critical of Huawei. As a result, the best investigators have looked into Huawei repeatedly ... and found nothing. Instead, we've learned that US intelligence agencies were doing the very things they accused Huawei of ... and apparently upset that Huawei was outside their sphere of influence.

From a technical perspective ... it's logically impossible to build backdoors into equipment which cannot be detected. Those extra bits always reveal themselves when one looks at the input and output.

Do you have a technical background that lets you make that last statement declaratively?

 

[NightHawkeye]

Do you have a technical background that lets you make that last statement declaratively?

Yes.

 

[LoAmmi]

Yes.

Well, if I wanted to set up phones, I wouldn't have them constantly sending out this stuff. I'd just have a program that's listening for a specific instruction to come in to dump data to the central server. That way you'd be avoiding constant input and output through the network. It'd just be waiting for a signal and then going.

Now, there are risks there and, potentially, anybody looking through the phone's code could catch it in theory. But if it were buried enough, that'd be pretty tough to dig out. Could potentially put it in with a firmware update or something similar to mask it.

Again, not saying they are doing it or are even a risk, but I'm not sure why you'd be assuming a constant connection being required for it to be a problem.

 

[NightHawkeye]

Again, not saying they are doing it or are even a risk, but I'm not sure why you'd be assuming a constant connection being required for it to be a problem.

I wasn't assuming a constant connection at all. You are correct that a deep sleeper program could be embedded that doesn't output extra data until some future event. However, such a program would be much easier to detect if it ever did awaken because it would need to transmit a lot of data in a short span of time. A deep sleeper program also has the curious disadvantage that cell phones tend to have very short life spans, typically less than two years. If a deep sleeper program never wakes up then, practically speaking, it never exists.

For all the years the US has been sounding hysterical about Huawei, there have been numerous generations of Huawei mobile devices ... and no one has yet discovered errant bits, though many have looked.

 

[ThatRobGuy]

I wouldn't be surprised if the money trail on this led back to Apple & Samsung (or their lobbying entities). --the two companies that would stand to lose the most by Huawei's equitable (but much less expensive) products.

If there were any sort of exploit in place, it would be in the OS software, and not the physical hardware itself. Considering that their devices run the Android OS (which is owned by Google), it'd be quite easy for Google to build a validation tool to ensure the OS hadn't been tampered with in any nefarious way and notify the user if it had been.

Our markets are literally flooded with Chinese electronic devices that are potentially capable of transmitting data and that could be hacked. Lenovo...for instance. If they were really that worried, they'd be scrutinizing Lenovo pc's before going after Huawei.

 

[LoAmmi]

I wasn't assuming a constant connection at all. You are correct that a deep sleeper program could be embedded that doesn't output extra data until some future event. However, such a program would be much easier to detect if it ever did awaken because it would need to transmit a lot of data in a short span of time. A deep sleeper program also has the curious disadvantage that cell phones tend to have very short life spans, typically less than two years. If a deep sleeper program never wakes up then, practically speaking, it never exists.

For all the years the US has been sounding hysterical about Huawei, there have been numerous generations of Huawei mobile devices ... and no one has yet discovered errant bits, though many have looked.

I'm not disagreeing with you. But if such a program did exist, it could transmit a bunch of data before it was caught, especially if it were not through a company's wifi. As I said, we need to make sure we keep a close eye on it. I don't think we should ban sales.

Were I in a security lead position at Boeing or whatever, I would probably ban them for company use, but that's different than a country doing it.

 

[LoAmmi]

I wouldn't be surprised if the money trail on this led back to Apple & Samsung (or their lobbying entities). --the two companies that would stand to lose the most by Huawei's equitable (but much less expensive) products.

If there were any sort of exploit in place, it would be in the OS software, and not the physical hardware itself. Considering that their devices run the Android OS (which is owned by Google), it'd be quite easy for Google to build a validation tool to ensure the OS hadn't been tampered with in any nefarious way and notify the user if it had been.

Our markets are literally flooded with Chinese electronic devices that are potentially capable of transmitting data and that could be hacked. Lenovo...for instance. If they were really that worried, they'd be scrutinizing Lenovo pc's before going after Huawei.

In theory you could put malware in the firmware of a system. It's more limited than what could be accomplished on the software, but it is not impossible.

 

[NightHawkeye]

I'm not disagreeing with you. But if such a program did exist, it could transmit a bunch of data before it was caught, especially if it were not through a company's wifi. As I said, we need to make sure we keep a close eye on it. I don't think we should ban sales.

No disagreement from me either.

Continued competition in the cellular space is needed. There are plenty of criticisms which can be validly leveled at Huawei, such as its use of cheap Chinese labor and unfair advantages from the Chinese government. Of course, those same criticisms largely apply to Apple as well.

Were I in a security lead position at Boeing or whatever, I would probably ban them for company use, but that's different than a country doing it.

Government contractors must operate under rules mandated by the federal government.

 

[LoAmmi]

Government contractors must operate under rules mandated by the federal government.

Yes, but even if it weren't a restriction, I would consider banning them.

 

[NightHawkeye]

Our markets are literally flooded with Chinese electronic devices that are potentially capable of transmitting data and that could be hacked. Lenovo...for instance. If they were really that worried, they'd be scrutinizing Lenovo pc's before going after Huawei.

This could all be a deception to take attention away from the blatant subversive activities of Microsoft.

I have a great little Lenovo laptop that was nearly rendered useless by Microsoft when Windows insisted on continuously downloading updates to the operating system even though the OS had already consumed the 32 GByte internal memory storage. At that point the operating system could have stopped updating ... but nope ... no way to stop the updates, even if the machine won't support further updates.

Only paid $125 for the little laptop, but only had it for about six months when it locked itself up trying to futilely update. Fortunately, unlike many inexpensive devices this little Lenovo supported upgradeable storage so with a $50 investment in a 120 GByte solid-state drive the laptop was back in business (although configuring it to support the upgrade was painful).

The only conclusion I could come to is that Microsoft is a virus designed to obsolete computer equipment ... thereby forcing consumers to buy new computers so that Microsoft gets a hefty portion of the new product sale.

 

[ThatRobGuy]

This could all be a deception to take attention away from the blatant subversive activities of Microsoft.

Possibly (and many have had that complaint against Microsoft)...although I'm not sure if Microsoft really would have an ax to grind with a mobile phone manufacturer considering they pretty much lost that particular fight in the technology realm as Windows Mobile is pretty much dead from what I can tell.

 

[High Fidelity]

Does China ban Apple?

After all, the U.S. is the most documented and prolific aggressor regarding snooping in recent history.

Smacks of irony, to say the least.

 

[NightHawkeye]

Possibly (and many have had that complaint against Microsoft)...although I'm not sure if Microsoft really would have an ax to grind with a mobile phone manufacturer considering they pretty much lost that particular fight in the technology realm as Windows Mobile is pretty much dead from what I can tell.

I know. I was really just offering a little tongue-in-cheek perspective. Huawei seems to be so far removed from being a threat to the privacy and security of individual Americans that the claims of the NSA are laughable.

The clear and present danger comes from Microsoft, Google, Cisco and Apple. Just down from there are Facebook, Twitter and likely other social media companies.

 

[LoAmmi]

I know. I was really just offering a little tongue-in-cheek perspective. Huawei seems to be so far removed from being a threat to the privacy and security of individual Americans that the claims of the NSA are laughable.

The clear and present danger comes from Microsoft, Google, Cisco and Apple. Just down from there are Facebook, Twitter and likely other social media companies.

On a personal level, I'd agree. On a business or government level, I'd add a tier above yours for governments like China, Russia, and Iran.

 

[NightHawkeye]

On a personal level, I'd agree. On a business or government level, I'd add a tier above yours for governments like China, Russia, and Iran.

Yep. No argument with that either. I'm well aware that Russian and Chinese espionage is a clear and present danger. Iran may be less so, though they are certainly more militant.

 

[LoAmmi]

Yep. No argument with that either. I'm well aware that Russian and Chinese espionage is a clear and present danger. Iran may be less so, though they are certainly more militant.

Iran has been working to get into our infrastructure. Do things like shut down electricity grids.

North Korea has been doing the same.

 

[NightHawkeye]

Canada's Prime Minister chimed in yesterday ...
Trudeau refuses to let 'politics slip into’ decision on Huawei

Prime Minister Justin Trudeau says Ottawa refuses to let “politics slip into" the decision to allow Huawei equipment into Canada’s next-generation mobile networks even as the U.S. and Australia have barred the Chinese telecom giant on grounds of national security.

The Prime Minister’s comments come just days after two U.S. senators took the unusual step of publicly urging the Liberal government to ban Huawei from Canada’s 5G networks.
...
He cited Canada’s Communications Security Establishment (CSE), the spy agency responsible for protecting the country from cyberattacks and espionage. Scott Jones, the new head of Ottawa’s Canadian Centre for Cyber Security at CSE, recently told MPs this country has a robust system of testing facilities for Huawei equipment and software to prevent security breaches – one Mr. Jones suggested was superior to those of some of Canada’s allies.
...
The Prime Minister was asked Monday how Canada could let Huawei into this country’s 5G mobile network infrastructure even though close allies had decided it was too risky for their next-generation networks.

“First of all, we make our decisions based on evidence, based on the recommendations of our extraordinarily effective Communications Security Establishment. We listen to them,” Mr. Trudeau told The Globe and Mail in an interview.​