Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security China

Huawei Telecom Gear Much More Vulnerable To Hackers Than Rivals' Equipment, Report Says (wsj.com) 84

Telecommunications gear made by China's Huawei is far more likely to contain flaws that could be leveraged by hackers for malicious use than equipment from rival companies, according to new research by cybersecurity experts that top U.S. officials said appeared credible. From a report: Over half of the nearly 10,000 firmware images encoded into more than 500 variations of enterprise network-equipment devices tested by the researchers contained at least one such exploitable vulnerability, the researchers found. Firmware is the software that powers the hardware components of a computer. The tests were compiled in a new report that has been submitted in recent weeks to senior officials in multiple government agencies in the U.S. and the U.K., as well as to lawmakers. The report is notable both for its findings and because it is circulating widely among Trump administration officials who said it further validated their policy decisions toward Huawei.

"This report supports our assessment that since 2009, Huawei has maintained covert access to some of the systems it has installed for international customers," said a White House official who reviewed the findings. "Huawei does not disclose this covert access to customers nor local governments. This covert access enables Huawei to record information and modify databases on those local systems." The report, reviewed by The Wall Street Journal, was prepared by Finite State, a Columbus, Ohio-based cybersecurity firm.

This discussion has been archived. No new comments can be posted.

Huawei Telecom Gear Much More Vulnerable To Hackers Than Rivals' Equipment, Report Says

Comments Filter:
  • against Huawei. I suspect that this is because the USA wants to maintain its technical lead and thus maintain sales. Under World Trade Organisation [wikipedia.org] rules discrimination is prohibited. One of the few exceptions is 'national security' (see 2nd paragraph) [wikipedia.org] which is, IMHO, why the USA is pushing security as an excuse to act against Huawei.

    Yes: Huawei kit has security bugs. I am doubtful about the ''far more likely'' claim. I suspect exaggeration to provide cove for the illegal war. There are security problems in

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Under World Trade Organisation [wikipedia.org] rules discrimination is prohibited.

      The U.S. should have never opened up trade with China because China themselves do not follow WTO rules. If you don't believe me, explain why eBay, Amazon, Google, and a host of many other non-Chinese companies have essentially no footprint in China. The current trade war is Trump's way of somewhat levelling the playing field although I suspect it's being done more for reelection purposes than the benefit of the U.S.A.

      • by Xenx ( 2211586 )
        Not saying China is right for doing it, but I'm pretty sure they block them for national security. Ostensibly, that would be a valid exception to the policy on discrimination.
    • Sorry, Ivan, the US Constitution says it is legal.

      You seem to have been measuring using some sort of foreign law?

      Just fuck right off with that.

      Also, just a linguistic note since you bought this account on a site for nerds, when you drop the word "the" from "the USA," you just say US. "US origin equipment."

    • Trump has definitely abused the national security exemptions. For instance, Canadian steel production instead of US steel production is almost certainly not a national security issue. That said, cyberwarfare, especially since it is deniable, is a large and growing threat. And it's reasonable to want telecom manufacturing at the very least in a nation that's not setting up for Cold War II.

  • Oh you found a vulnerability heres a fix, Don't tell anyone our back door is still there and the fix just put in another couple that should keep you busy for a while
  • was credible information. They also claim credible sources of what they don't want to hear is fake news.

  • by FudRucker ( 866063 ) on Wednesday June 26, 2019 @09:30AM (#58827948)
    then why is microsoft even in business? that vulnerable piece of crap Windows should have been banned from even connecting to the internet, and microsoft forced to halt sales until they correct the problem of ms-windows being vulnerable
  • by Anonymous Coward

    More big claims, but still no proof. And if this was to be taken at face value, wouldn't the US be *encouraging* people to use the Huawei gear so they could exploit it for intelligence gathering? Surely it makes no sense at all to tip off an adversary that you can exploit their equipment?

    • These vulnerabilities are easily discovered as well. That means China's gear has them, too, and would allow American access. Why would China deliberately backdoor their own gear in *obvious* ways which other people could use against them?

      • i.e. if they want proof, lets see an article showing that the Chinese government refuses to allow Huawei gear in their network, and then they have a possible case.

      • These vulnerabilities are easily discovered as well.

        Okay, so?

        That means China's gear has them, too, and would allow American access

        LOL, no. It doesn't mean that at all. They could literally have a build option for backdoors that they only enable for export nations.

    • You're not going to get the "proof" you fucking idiot.

      If you want to understand the problem, become a security professional.

      The people who need to know are the ones who will have access to the proof. What you will get are conclusions. Because you don't need to know.

      My goodness people are fucking stupid on this site these days. Under no circumstances is the government going to give you "proof" of things relating to national security. It isn't your job to evaluate it.

      The same goes for private security. If I h

  • saving money (Score:5, Interesting)

    by lkcl ( 517947 ) <lkcl@lkcl.net> on Wednesday June 26, 2019 @09:49AM (#58828070) Homepage

    Telecommunications gear made by China's Huawei is far more likely to contain flaws that could be leveraged by hackers for malicious use than equipment from rival companies,

    you may have heard the phrase, "never attribute to malice that which may be attributed to sheer incompetence, instead"? i do not believe that we have malice at play, here: simply the expectation that, by developing a proprietary system and not providing the full source code, we're seeing the exact same usual complete lack of security focus and review exhibited by *any* company.

    it's "admin, admin" all over again, where lower cost of equipment results in Huawei *not being able to afford good security experts*. it's not *deliberate* that they're providing back-doors, it's *just down to lower costs*

    unfortunately, Trump is so hyped up on racist nationalistic ignorant paranoia that he's quite happy to make it look like China Govt Is Involved.

    the reality is: this is down to *proprietary software*. we *know* that proprietary software is insecure. the solution: laws that make it mandatory that, for public mission-critical infrastructure the *software* to be public and published under Libre Licenses. *not* paranoid Executive Orders.

  • appeared credible (Score:4, Interesting)

    by dromgodis ( 4533247 ) on Wednesday June 26, 2019 @09:54AM (#58828116)

    by cybersecurity experts that top U.S. officials said appeared credible

    To what extent did the US officials themselves appear credible?

  • by Anonymous Coward

    when sponsored by a government.

  • I can't read the article due to paywall, nor the cited report. I sincerely doubt there was anything like "covert access". Likely they mean "unpatched vulnerability" or something like leaving the telnet port open. That would be more in line with the findings of the UK's Huawei cyber security evaluation centre oversight board [www.gov.uk].
  • "...research by cybersecurity experts that top U.S. officials said appeared credible".

    Could they qualify and weaken that any more? "Credible" means that someone - not everyone, but at least one person - MIGHT believe it. And "appeared" suggests that it might actually NOT be "credible" even to that one person. Appearances are proverbially deceptive, after all.

  • by hackingbear ( 988354 ) on Wednesday June 26, 2019 @10:15AM (#58828258)

    So instead of accusing Huawei put backdoors in the products, the narrative has been changed to Huawei products are buggy.

    by cybersecurity experts that top U.S. officials said appeared credible.

    In the other news, Iraq has massive amount of WMDs.

    • Sorry, Ivan, you might have not understood all the claims. It is quite possible to have intentional actions that are disguised as mistakes. There is no "changed" involved in the claims here.

      That you claim to perceive a "change" merely indicates that you're full of shit and not communicating honestly.

  • Because the KGB insists!

  • Here is the actual report, for those so interested --> https://finitestate.io/wp-cont... [finitestate.io]

    To those of us who try to secure internet-connected products, none of it comes as a surprise. To be fair, it all seems potentially attributable to lazy and insecure software practices rather than nefarious intentions (not to say those are not also at work). Securing devices is difficult, and as long as the incentives for software development weigh heavily on features and schedule rather than security or quality, these

It is not best to swap horses while crossing the river. -- Abraham Lincoln

Working...