What in the Huawei 5G technology/protocols is "Huawei-only" (ie, "controllable" by China)?

The subject has been building steam for years, and now the UK has initiated some sort of national infrastructure agreement with Huawei, the national security issue of China’s access has intensified.

What a “national infrastructure for technology” is in the West in my sort-of understanding of 4G electronics history, is waiting for the dust to settle and working with a combination of standards with which corporations can do their best, and more importantly relative to the Huawei case, where said corporations are not as easily and correctly viewed as instruments of state policy and not legally, arguablely beholden to the state on anything but the most extreme (see: Apple v FBI) case.

Is it simply the “now” part, that other players–and their presumable more open technology or simple relationships not posing to a threat to the US–are not ready to roll with a system, and the UK (now) and the US (soon, perhaps, although the pushback is intense) have economic interests short term and don’t want to wait for catch-up 5G from other sources?

  1. So what in “5G” now means “Huawei” exclusively for now and presumably in the future?

  2. What/where/how in our 4G system can anyone divert or sequester information, and what in the Huawei system is so exploitable that differs (as to its exploitability)?

Possibly of some tangential relevance here:

US may permanently ground civilian drone program over China fears, Jon Fingas, Engadget, Jan. 12, 2020.

Originally reported last October, but it was just “temporary” then. In the news again because now they are talking of making it permanent.

Yes–naturally that is in the sam church, but different pew, of the OP.

Which for good measure should be informative on what the hell 4G is now, now that it’s getting long in the tooth, and I really don’t know squat… :slight_smile:

To my knowledge, there’s nothing that “requires” Huawei for 5G. In the US, T-Mobile uses Ericsson as the vendor, I believe, not sure about Verizon/AT&T.

But, as with many industries, there’s not a huge amount of choices out there. Huawei, Ericsson, possibly Nokia, that might be about it for countrywide-scale deployments.

I don’t think there’s anything inherently different between 5G and 4G in terms of how a vendor with an intentional backdoor might be able to get information out. Maybe some of the mmWave stuff might have a bigger potential simply because of the greater number of nodes or something. But I’m not sure how much of a player Huweai was in the 4G space, so it either wasn’t a threat because they weren’t being used, or it’s a matter of just now believing it’s a threat.

I think it was Snowden who revealed that the CIA/NSA was intercepting (redirecting) Cisco shipments in order to insert custom software chips into the network equipment destined for overseas.

I assume the USA is paranoid because it did this, so therefore others must be bowing to the demands of their intelligence communities too. Most of the articles I have read said that despite searches by numerous different groups, nobody has found flaws or backdoors in Huawei that would allow surreptitious monitoring or take-over of the devices by outside forces. A few years ago some group, I think in German Intelligence(?), claimed there was a back way into Huawei routers, but what they were describing was the standard telnet login all routers have, without any indication of secret login userids or anyway to bypass telnet access traffic restrictions - that should be standard on any network.

AFAIK Huawei sells devices which speak standard network protocols, so are drop-in compatible with similar devices from other manufacturers. They tend to cost less and of course, China is watching who avoids their high tech industries and could hold it against western countries when negotiating trade deals. “You want to sell your Jaguars in China, but won’t buy our routers?”

This has been covered in a previous thread. They’ve been shown to be an arm of Chinese government, although they say that the spying devices in their severs weren’t placed there by them, but rather a supplier with Peoples Liberation Army spies working at it. Of course they don’t mention that the supplier was a wholly owned subsidiary.

https://boards.straightdope.com/sdmb/showthread.php?t=872872&highlight=Huawei

There was lots of discussion about exactly how they are a security threat and how they are able to create backdoors into their infrastructure to do everything from steal IP from Western companies to monitor other government’s communication. In that thread I linked to a great Wired article with a lot of detail.

I think the decision to go with someone proven to be dirty is one based on cost (they’re cheaper) and the assumption that, as a government, you can mitigate the risk by checking their equipment closely because you know they’re dirty.

The decision to ban them is based (probably) on trade pressure by Trump and the belief that eventually Huawei and their Chinese government overlords will find a way to get around your safeguards.

That thread says “they could” but nobody has found some concrete evidence. Someone, for example, says “the device could be storing data for later retrieval” - routers are not designed to store massive amounts of random data, anything other than logs and routing information that accumulated significantly over time would be noticed. The Wired article in the other thread basically says the same -“we don’t know, we should be cautious”. All these warning are the same - “there could be hidden backdoors” but nobody has found any. I also don’t believe that there is not a concerted effort by companies and security agencies everywhere to analyze Huawei and any other routers looking for anomalous behaviour - of course some groups are paranoid and double checking, they are specifically paid for that. Still, nobody can say “we found deliberate holes”. As one of the other thread posts mentioned, the equipment is basically x86 hardware and LINUX at its core (sorry) so it’s not like it’s an impenetrable lump of hidden code, and engineers the world over have the same levels of skill - there’s nothing magical about PRC code engineers.

In analysing any risk in which you are dealing with a talented adversary, you minimally want to be looking a three levels of deliberate vulnerabilities.

There is the obvious big wide attack, things like: open telnet port, back door debug access, hard coded admin password. Stuff that happens all the time in poorly executed products. Easy to find, easy to get fixed. You put these in a product so that the naive think they have caught the vulnerability and things are OK now.

Then you look for the subtle vulnerability. Buffer overflow, timing errors in protocols. Stuff that a skilled analysis might uncover. Defensible mistakes maybe. Or deliberate. Find these and you think you are doing a good job.

Then you want to worry about the very deep vulnerability. Even if you have the source code, you probably won’t find them. Very subtle things. Using a signed integer instead of an unsigned integer in code that somewhere performs a right shift in optimised code, and so is incorrectly sign extended. Just so happens to mean that with a packet of just the right length and content a pointer is corrupted just so, and a critical flag overwritten. Could be used to perform nothing more than a denial of service attack by crashing the router. More sophisticated use could be used to override access control.

In the other thread I cited the Underhanded C Contest. Deep and deliberate flaws are not new. The contest is to write code that even when you know there is a vulnerability, you still can’t find it. Apparently poorly written code is a godsend here. Anyone with any coding skills would probably find this contest fascinating and amusing reading

I have no doubt that Huawei makes products that are essentially just x86 devices running slightly customized linux.

I have serious doubts that this accurately describes carrier-grade 5G deployments of BSCs/RNCs/etc.

Keep in mind that this kind of thing isn’t like buying a wifi router from Best Buy, or even a couple Cisco 4900s off the shelf for your office. This is a multi-billion dollar equipment, service and support contract. You will have vendor people looking at your internal network design to understand how to integrate their stuff. You will have vendor people involved with at least some initial installs. You will have vendor people with permanent connections into the network for support–either they will be in your office, or have VPN access in. You will probably have vendor people writing up and/or executing some of the change orders in the network.

Traditionally, the risk of this is mitigated because the vendors have been capitalist-based companies and the NDAs and/or reputation loss would be severe enough that a company is not going to risk it. State actors are worth another level of risk assessment.

Great Bloomberg article: “The Big Hack: How China Used a Tiny Chip to Infiltrate America’s Top Companies” After reading it, I’m convinced Huawei is dirty as can be.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

@md2000 - I’m not sure what standard of “proven” you’re looking for. They’ve been caught inserting chips to allow for backdoor server access, their employees have been arrested for espionage, employees are proven PLA agents.

Regardless of whether we’ve caught them red-handed spying though 5G infrastructure, it seems pretty clear based on their past spying activities that they will do everything they possibly can to do so at every future opportunity.

That story has been thoroughly debunked, with no evidence that it was ever true. No secret tiny chips have ever been found, and no secret supply chain hacks have been identified. This isn’t to say that the Chinese government has clean hands, but using that story as evidence is not convincing.

Huawei absolutely is controlled by the Chinese government. I believe they are publicly one of the largest investors. Huawei has been caught helping African governments spy on their opposition. They definitely are not a clean company. To my knowledge though, there has never been any revelation of true backdoors into their equipment, though. Security flaws and such, yes, but not something that was deliberately designed. As mentioned above, it can be very difficult to find such things, so they might exist. The US’s freak out about Huawei might be justified based on unreleased information, but at this moment, there is still only an absence of evidence.

@Echoreply
Thanks, great article. I hadn’t seen that.
Ignorance fought!

The article you linked to walks through the authors opinion about why it’s technically unlikely, but the security researchers in this article actually performed a similar hack (presented at a security conference) with a cheap chip:

So, proof of concept confirmed but that doesn’t prove it actually happened.

The difference is that 5G infrastructure is eventually going to replace much of the existing internet infrastructure. 4G, by comparison, was more of a “last mile” link between your phone and the internet.

The security concern is having a Chinese state-owned/controlled/influence vendor controlling a large portion of the internet and/or how the internet is delivered. For instance 5G may eventually replace in-home wifi. Rather than computers and appliances in a home being protected by the hardware firewall in the wifi router, computers will be connecting using 5G sim cards directly to the internet. If the Chinese government forces Huweai to superstitiously push a malicious update, they state actors may have direct access to a particular computer in a manner that is not currently available.

Security glitches and holes obviously exists today. Given the number of internet providers and companies involved, it is unlikely that a particular vulnerability will be widely exploitable. Each will have different security risks based on their vendors and maintenance practices. However, if all major cell companies install Chinese equipment, we cannot necessarily rely on the company to patch security holes if they are useful to their government. The NSA in this country does the same thing, but we trust the motives of the Chinese spy agencies much less than we distrust our own.

According to a recent CBC radio program (The Current, I think) Huawei is almost completely owned by its worker’s union, which of course is completely independent of outside influence. (Hint - sarcasm) Thus technically the Party calls the shots, but that is irrelevant. Any such activities we’re discussing are not mandated by the board of directors, and it would be surprising if any company brass were aware of them outside the Intelligence services orchestrating them and a few engineering staff.

The point is that the possibility exists, but nobody has seen any concrete evidence there actually are back doors. Yes these are highly technical components, but they deal with published standards for communication. There’s a limit to how well they can diverge from standards without failing. How do you send a buffer overflow over a network if the intermediate devices from other companies are not programmed to pass it through, for example? Surely everyone is analyzing for bad packets, since the risk is always there that a buffer overflow will cause problems. What we see is mixed networks, meaning a total failure - possibly a programming error - is less likely to take down the entire network. Prudent.

Plus, if they do put in a clever back door - there’s always the chance someone will find it. Proof positive that their equipment is compromised will mean Huawei might as well give up selling any equipment outside China.

OP here. Thanks to all on thread. I, like most everybody, am intrigued by the (notionally) easily identifiable tech item of backdoor-in-product that may or may not be possible.

But I think runningdude identified the most logical and effective long-view mode of espionage, in creating a culture of dependency and access.

@md2000

I’m still not clear when you say

Based on echoreply’s correction to my post, I read a number of additional articles on Huawei and there have been a number of documented incidents where “security flaws”, (effectively “back doors”) have been discovered in their existing products.

From what I read, in some of the cases, they have been asked to issue software fixes, have said they did repair them, only to found later to have not done it.

It’s not clear if these flaws allowing for backdoors have been deliberate (at the direction of the PLA) or accidental. Is this what you mean when you say “no concrete evidence”?

If so, what evidence exactly could there be that would be concrete? In the case of software, it can always be attributed to programmer error.

Yeah, that is the big problem. Some things are almost certainly programming errors. For example, a third party open source library that Huawei uses (and other people use) is found to contain an exploitable bug, so everybody can be pretty sure it is just a bug, and not a deliberate backdoor. But what if there is a mistake in Huawei’s encryption routines so that something thought to have a 256 bit (or whatever) key, really only has a 64 bit key? Bugs like that have happened and been genuine mistakes. It also can be a great and subtle way to backdoor something.

Definite proof would probably involve something like the Snowden leak, in which evidence outside the software and hardware is revealed which describes inserted backdoors. Software holes could potentially be complex enough that there is no way they are mistakes, or just have all the signs of being deliberate, for example naming a variable MSS_SECRET_ACCESS_CODE.

So it really does come down to proof, as opposed to speculation. The things I read have all been very critical of Huawei, but are still skeptical that anything shown yet is evidence of backdoors. Some of the articles even pretty much say “found yet.”

According to Chinese law, there is zero right of computer privacy or confidentiality against the government in China. A Chinese company, or a company in China, may not say ‘o, but we promised people we wouldn’t record their conversations or steal their technology’ – under Chinese law there is no way for a company to ring-fence part of their business. This is just now being toughened up to make it crystal clear.

The problem with Huawei isn’t that they have (publicly) done things in the past. The problem is that you are handing your system over to the Chinese government. For me, at home, that’s not a problem. At work, it’s a small problem. For a government security service, it’s a big problem.

@ Melbourne

Good points - but I disagree strongly with your comment

I assume you’re suggesting spying - I do agree in that context. I don’t care of China sees my SMDB messages. However, 5G will eventually (likely) be the basis for all internet and giving an authoritarian communist dictatorship that is actively seeking hegemony control over that (to save a few dollars) is inconceivable to me.

If we get into some serious & escalating conflict with China (like over their current attempted takeover of the South China Sea) and they decide to shut off the internet tap completely via their backdoors, we’re totally f’d as a society.