Huawei caught red-handed: The company has backdoor access to mobile networks worldwide

[Redaktion]

The latest Huawei-related security issue is huge and it's enough to describe it in a few words for everyone to figure out: for over a decade, the Chinese behemoth has been using backdoors intended for law enforcement to access mobile networks — and the sensitive/private information they carry — all over the world.

https://www.notebookcheck.net/Huawei-caught-red-handed-The-company-has-backdoor-access-to-mobile-networks-worldwide.453724.0.html

[ymcst]

It is really hard to believe or take something like this seriously when it is written by The Wall Street journal, against Chinese companies. If we learned anything from near-past, it is that more often than not they lie or exaggerate rumours whenever it will make them profit.

[aristide]

It is really hard to believe or take something like this seriously when it is written by The Wall Street journal, against Chinese companies. If we learned anything from near-past, it is that more often than not they lie or exaggerate rumours whenever it will make them profit.

so "fake news" is what you´re saying?
DONT WORRY, YOU´ll BE FINE! :)
Huawei only wants whats best for the customer :)
/sarcasm

[Stephen Lindsey]

The Times this morning has a front page article about a CIA operation fronted by a swiss equipment manufacturer that spied on 120 countries for years. Can we please have a notebookchat erticle on this

[Alberto Balsam]

"While it is not surprising to find out that backdoor access to mobile networks all over the world is possible and it all has been implemented for use by law enforcement agencies, it all changes when a tech company is involved."

So... US government wants a backdoor but gets whiny about it when there's a backdoor? If you make a hole in enryption there is a hole in the encryption. Every rat will crawl in. American rats, chinese rats, russian rats. Zee Germans will also get there.

[Codrut Nistor]

The Times this morning has a front page article about a CIA operation fronted by a swiss equipment manufacturer that spied on 120 countries for years. Can we please have a notebookchat erticle on this

Excellent suggestion, we'll have it!

"While it is not surprising to find out that backdoor access to mobile networks all over the world is possible and it all has been implemented for use by law enforcement agencies, it all changes when a tech company is involved."

So... US government wants a backdoor but gets whiny about it when there's a backdoor? If you make a hole in enryption there is a hole in the encryption. Every rat will crawl in. American rats, chinese rats, russian rats. Zee Germans will also get there.

All governments want backdoors. They get whiny when someone else is using them. Now, I guess that there should be some agreements between the hardware/software makers and governments that makes it clear that the companies involved in this are not supposed to use the backdoors themselves... I don't say that this is fair to anyone, but this is how things go. See why Telegram is banned in a few countries such as Russia and Iran currently...

[54125485]

Will end to end encryption solve any spying problems?

[Codrut Nistor]

Good question, but probably not...

[_MT_]

So, at the beginning, you claim they have been caught red handed, they have been spying, but then the article says they have the ability? What's this? There is a big difference between having the ability and being caught doing it. Do you really have to treat us like we're idiots with those headlines?

The manufacturer who put a backdoor in their product always has the ability to use it. Because they put it there. And often, that's exactly how it works. The manufacturer keeps control over the backdoor and the government/ law enforcement has to ask them for the data, hopefully with appropriate paperwork (like court order). Although there have been cases where the company was tricked into doing so, having no clue (at least they claimed so). And it's certainly possible for spooks to do so. Glaring problem being that, as far as I know, for example under US law, foreigners have few rights and protections compared to citizens. Your country might be awesome when it comes to privacy, but what happens when your data is handled by a US company? It would be an interesting read how exactly it works with US companies and non-US customers. It's a pretty safe bet that pretty much all US gear is backdoored as well (including things like access control systems used at critical facilities, not just computers or networking gear). It's just a question whether we trust US more than China. And how much we trust them. Maybe it's not as bad as I think but when you're relying on gear you can't really verify, you should consider the possibility and what it means, what impact it could have.

Will end to end encryption solve any spying problems?

Yes. Unless it has a weakness in implementation or has been backdoored as well. And don't forget, quantum computers are coming. We could have a quantum computer capable of cracking currently used encryption within a decade. If you're hiding something that's still going to be worth hiding in that timeframe, you should be switching to encryption resistant to quantum computers as we speak. Because data gets stored for later decryption. Cryptosystems have finite lifespan.

Realistically, unless you're a political activist or at least a politician, you don't really have to worry. The primary reason for a government to spy civilians (especially their own) is to ensure the regime stays in power. Corporations, on the other hand, want to make money. They're constantly looking into ways to monetize your private data.

If you make a hole in enryption there is a hole in the encryption. Every rat will crawl in. American rats, chinese rats, russian rats. Zee Germans will also get there.

If you're thinking of the same incident, I believe the beauty of that hole was that only the creator knew whether it really existed. The committee determined it was suspicious when it was submitted, that there is a way to craft the values such that you have a backdoor, but I believe it would be mathematically hard to find the backdoor. Only the author had it.

[Anonymous]

Why is the writer of this article assuming that it is now confirmed Huawei has been spying, when this is just another political news coming from US-based media representing the voice of the US government? As a tech journalist, you could've used wordings like 'reportedly' or 'The Wall Street Journal says' especially for a highly sensitive topic like this.

[Codrut Nistor]

So, at the beginning, you claim they have been caught red handed, they have been spying, but then the article says they have the ability? What's this? There is a big difference between having the ability and being caught doing it. Do you really have to treat us like we're idiots with those headlines?

You almost caught ME red-handed! However, if you paid attention a bit later in the article, the US _claims_ to have been caught the Chinese using the backdoor since 2009. If they have solid proof or not, that's another discussion.

Thank you very much for the time spent writing your comment. Excellent stuff.

[Codrut Nistor]

Why is the writer of this article assuming that it is now confirmed Huawei has been spying, when this is just another political news coming from US-based media representing the voice of the US government? As a tech journalist, you could've used wordings like 'reportedly' or 'The Wall Street Journal says' especially for a highly sensitive topic like this.

It's not just the US government, unfortunately. Huawei isn't that clean, either.

https://www.newser.com/story/269814/poland-we-caught-huawei-manager-spying-for-china.html
https://bgr.com/2019/08/14/huawei-spying-political-opposition-in-africa/

[drspychology]

Why is there a backdoor in the first place? I doubt that the american government has been more careful with the data than Huawei. This always feels like the pot calling the kettle black: Huawei gets banned for "allegedly" going through people's data, while the US government and US companies have been proven to use and sell personal data, yet they don't get punished? Also, I don't know how trustworthy data from a China-hating government is on this.

[_MT_]

A funny possibility is that the US government is whining because Huawei won't share access, making it more difficult for them to snoop around. :-)

You almost caught ME red-handed! However, if you paid attention a bit later in the article, the US _claims_ to have been caught the Chinese using the backdoor since 2009. If they have solid proof or not, that's another discussion.

It's unclear whether that means they noticed a backdoor or caught Huawei using it. I still think the headline and lead paragraph are inflated and sensationalist. I know it's the tone of this day and age, but I don't like it. I know facts might seem sometimes boring, but I like to see what I'm getting. If US government claims Huawei spied, then say US government claims Huawei spied. And not Huawei spied.

Thank you.

[_MT_]

If you're thinking of the same incident, I believe the beauty of that hole was that only the creator knew whether it really existed. The committee determined it was suspicious when it was submitted, that there is a way to craft the values such that you have a backdoor, but I believe it would be mathematically hard to find the backdoor. Only the author had it.

I would like to add that this is actually an important condition. The NSA has no interest in making US systems vulnerable to foreign attack. They're interested in holes where they're confident they're the only ones who can use them. Ideally, there is also a plausible deniability component, meaning it can't be proven it was intentional and can be passed off as a bug/ mistake if discovered.