Huawei Offers 'Complete and Unrestricted' Source Code Access

An anonymous reader writes "The BBC reports that 'Huawei has offered to give Australia unrestricted access to its software source code and equipment, as it looks to ease fears that it is a security threat. Questions have been raised about the Chinese telecom firm's ties to the military, something it has denied. Australia has previously blocked Huawei's plans to bid for work on its national broadband network. Huawei said it needed to dispel myths and misinformation.' But is this sufficient? Will they be able to obscure any backdoors written into their equipment?"

Re:Besides

[fredprado]

Sorry, but there is absolutely no company in the world that has this thing called "character".

Re:Source

[Anonymous Coward]

Even if they did have someone capable, if you've ever read any submissions to the Underhanded C Contest, you'll know how difficult it is to detect hidden back doors even when scrutinizing code.

The US government did it!

[kawabago]

When American telecom companies won contracts to supply soviet satellite, I think it was Poland, with telecom equipment, The CIA or NSA or both managed to get back doors into the equipment to both monitor calls and in the event of hostilities, to shut the phone system down completely. If American companies let their Government subvert their technology in foreign countries, China would be foolish not to.

Re:Source

[AK Marc]

Yes, though there's no evidence of any improper activities from any Huawei gear, and they are already a step ahead of US voting machines.

In the US, voting machines pick the next president. With secret closed-source code in an industry with proven fraud and from companies with proven previous errors.

In Australia, they have the source code for routers running a residential broadband network, and that's not good enough.

Why does something seem wrong with that?

Re:Source

[tibit]

Yup, even when you a-priori know in which couple hundred lines to look. In a large application, like you'd find in a router, it's demonstrably impossible of a task unless they use something safer than C -- and even then it'd take a formal method approach.

Not worth a lot....

[gweihir]

Backdoors cleverly disguised as obscure implementation bugs are very hard to find, and if you find them, you do not know whether they are bugs or obscure implementation errors. Typically, making sure no backdoors are in a piece of complex software is more effort and more difficult than reimplementing it with trustworthy and competent people.

Re:Source

[Charliemopps]

You're not understanding where the governments coming from. They want someone, other than themselves, to have legal liability if there is a breach. Since all contracts, agreements, and laws are subject to the whim of the Chinese government, they could just tell Huawei to put code on their hardware and they'd have to do it. Where-as, in Australia, or the United States, there are constitutions that supersede the federal governments. The feds can come in and demand that Cisco put a backdoor on their hardware, and Cisco could turn around and site existing law to say "No, we wont do that, it's illegal." Now, in reality, does it actually work like that? No... Cisco bends over backwards for the feds out of greed because they want them to do things like we're seeing here. But from the federal governments perspective, Cisco is doing their bidding and are therefor "Good guys"... Huawei on the other hand are at the very best an unknown. Politicians rarely see beyond their own term... and while violating our constitutional rights to ensure our safety seems worthwhile at the time... it's what the guy that gets elected after their gone does with these entrenched systems that brings ruin.

Re:Source

[overbaud]

The way this works is: 1. Cisco lobby US gov. 2. US gov put pressure on Aus gov. 3. Aus gov create FUD about cisco rival. 4. Aus gov buy cisco. 5. Profit - cisco and US senators.

Re:The US government did it!

[im_thatoneguy]

Yes. Because, it's not xenophobic, it's just plain good sense that critical infrastructure is a huge target. It's what every country should want their intelligence agencies doing. I hope every router sent to China has a backdoor in it that we can shut down in the event of a conflict.

Why do you think China is working so hard to create their own CPU? They know this would be a massive liability and with 10 Billion transistors its' easy to hide things now a days.

I'm usually dismissive of conspiracy theories because they don't actually result in any parties profiting. But this is exactly the sort of thing that countries not only would profit from--but have already done.

Imagine if every car in China could be turned off with a switch. That's a weapon I have absolutely no question our military would love to have. And one which *of course* the Chinese military would also want. If they could do it and get away with it--they will (just as we would).

Re:hardware backdoors

[RocketRabbit]

Wow, you're just really naive. Really, really naive.

Even without decrypting the information all the way back in WWII, traffic analysis allowed some major victories on the battlefield. With this technique, being automated and in near real time, one could infer a lot about an adversary without actually decrypting one single thing.

Maybe you're not concerned with privacy, but that's why you're not working in this field!

Anything new from Slashdot ?

[Taco Cowboy]

Is there anything new Slashdot can offer, other than this same old China bashing orgy?

If you think that equipments from Huawei is dangerous, what makes you think that Cisco equipment don't come with backdoors?

Which equipment the Stuxnet virus targeted?

Equipment from China or those from the Western countries?

It's easy to bash China - as China has become the poster boy for bashing orgy - from Presidential debate to this one in Slashdot - but I do expect MORE from those who come to Slashdot.

Unlike the tweedledee and tweedeldum on the presidential debate, you guys do have brains.

It's time you use your brain to think, rather than letting others doing the thinking for you.

If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?

it depends on who you are

[r00t]

If Huawei (and all equipments from all Chinese companies) are suspicious, what makes you think that equipments from Germany or Japan or Britain or Korea or Canada or USA aren't?

If I'm running a business in Australia, each of the listed non-Chinese countries is a minor concern. All have strong intellectual property protection. They mostly don't have a reputation for cloning foreign products. China is a different matter entirely.

If I'm running a business in any of the listed countries, China or otherwise, obviously my own country is preferred. They'd kick in my door if they wanted something; it's easier and more fun than hacking. I'd like protection from the others.

If I'm running a business in Iran, I probably want Korea or Japan. China is trying to pry into my finances for trade negotiation, and everybody else just hates Iran.

Re:it depends on who you are

[sFurbo]

It also depends on where the competition is situated. The US intelligence have shown their willingness to do industrial espionage, so if your direct competition is a big American company, US produced gear is as suspect as Chinese would be if your main competition was Chinese. This probably goes for most other countries as well.