Huawei Offers 'Complete and Unrestricted' Source Code Access 255
An anonymous reader writes "The BBC reports that 'Huawei has offered to give Australia unrestricted access to its software source code and equipment, as it looks to ease fears that it is a security threat. Questions have been raised about the Chinese telecom firm's ties to the military, something it has denied. Australia has previously blocked Huawei's plans to bid for work on its national broadband network. Huawei said it needed to dispel myths and misinformation.' But is this sufficient? Will they be able to obscure any backdoors written into their equipment?"
Re:Besides (Score:5, Insightful)
Re:Source (Score:2, Insightful)
Even if they did have someone capable, if you've ever read any submissions to the Underhanded C Contest, you'll know how difficult it is to detect hidden back doors even when scrutinizing code.
The US government did it! (Score:5, Insightful)
Re:Source (Score:5, Insightful)
In the US, voting machines pick the next president. With secret closed-source code in an industry with proven fraud and from companies with proven previous errors.
In Australia, they have the source code for routers running a residential broadband network, and that's not good enough.
Why does something seem wrong with that?
Re:Source (Score:4, Insightful)
Yup, even when you a-priori know in which couple hundred lines to look. In a large application, like you'd find in a router, it's demonstrably impossible of a task unless they use something safer than C -- and even then it'd take a formal method approach.
Not worth a lot.... (Score:4, Insightful)
Backdoors cleverly disguised as obscure implementation bugs are very hard to find, and if you find them, you do not know whether they are bugs or obscure implementation errors. Typically, making sure no backdoors are in a piece of complex software is more effort and more difficult than reimplementing it with trustworthy and competent people.
Re:Source (Score:4, Insightful)
Re:Source (Score:5, Insightful)
Re:The US government did it! (Score:4, Insightful)
Yes. Because, it's not xenophobic, it's just plain good sense that critical infrastructure is a huge target. It's what every country should want their intelligence agencies doing. I hope every router sent to China has a backdoor in it that we can shut down in the event of a conflict.
Why do you think China is working so hard to create their own CPU? They know this would be a massive liability and with 10 Billion transistors its' easy to hide things now a days.
I'm usually dismissive of conspiracy theories because they don't actually result in any parties profiting. But this is exactly the sort of thing that countries not only would profit from--but have already done.
Imagine if every car in China could be turned off with a switch. That's a weapon I have absolutely no question our military would love to have. And one which *of course* the Chinese military would also want. If they could do it and get away with it--they will (just as we would).
Re:hardware backdoors (Score:3, Insightful)
Wow, you're just really naive. Really, really naive.
Even without decrypting the information all the way back in WWII, traffic analysis allowed some major victories on the battlefield. With this technique, being automated and in near real time, one could infer a lot about an adversary without actually decrypting one single thing.
Maybe you're not concerned with privacy, but that's why you're not working in this field!
Anything new from Slashdot ? (Score:5, Insightful)
Is there anything new Slashdot can offer, other than this same old China bashing orgy?
If you think that equipments from Huawei is dangerous, what makes you think that Cisco equipment don't come with backdoors?
Which equipment the Stuxnet virus targeted?
Equipment from China or those from the Western countries?
It's easy to bash China - as China has become the poster boy for bashing orgy - from Presidential debate to this one in Slashdot - but I do expect MORE from those who come to Slashdot.
Unlike the tweedledee and tweedeldum on the presidential debate, you guys do have brains.
It's time you use your brain to think, rather than letting others doing the thinking for you.
If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?
it depends on who you are (Score:4, Insightful)
If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?
If I'm running a business in Australia, each of the listed non-Chinese countries is a minor concern. All have strong intellectual property protection. They mostly don't have a reputation for cloning foreign products. China is a different matter entirely.
If I'm running a business in any of the listed countries, China or otherwise, obviously my own country is preferred. They'd kick in my door if they wanted something; it's easier and more fun than hacking. I'd like protection from the others.
If I'm running a business in Iran, I probably want Korea or Japan. China is trying to pry into my finances for trade negotiation, and everybody else just hates Iran.
Re:it depends on who you are (Score:2, Insightful)