Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)GCSB declines Spark’s proposal to use Huawei 5G equipment
View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 8 | 9 | 10 | 11 | 12 | 13 | 14
BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2189615 1-Mar-2019 20:28
Send private message

ResponseMediaNZ:

 

elpenguino:

 

No, this: http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205.html

 


So you are talking about a news article from 2013.. I would put money on the fact that they were using the technology I mentioned. 

Also would be vendor agnostic - because as you say it's being intercepted between the handset and cell site

Unsure what your point is about this being related to Huawei 5G equipment

 

 

The main issue is mobile encryption has changed *significantly* from A3/5 SIM (2) to Milenage uSIM (3/4g) over the years where they changed the crypto significantly to the point that the over the air methods don't really apply. And anyone doing anything sensitive would just encrypt the conversation over the top with apps like Signal/Whatsapp etc.

 

And the merkel hacking was all based on the NSA capturing the data over the air using high gain antennas and then decrypting it offline afterwards. The funny thing is when you have the disposal of the entire US Government behind you and have a single targeted asset.

 

Vs Huawei *intentionally* building sniffing hardware into each and every base station they build and crossing their fingers that no one ever opens it up and has a look inside.

 

There is far FAR "easier" attack vectors that spies on either side would use (like a spy staff member* or the local government putting pressure on the telco**) any day before doing something as completely foolish that would mean the certain end of Huawei EVER being able to sell equipment into first world countries EVER again.

 

*I say easier with a pinch of salt as a rogue member of staff would have a difficult time not being caught unless it was a team of people.

 

** Similarly if the government put pressure on the Telco. Thankfully we don't live in a dictatorship and if the NZ Government tried anything like that the Telco's would kick up a major stink in public. All Lawful Intercept (LI) have laws around what happens and the actual interception is performed by the Telco and then pumped to the agency via private circuits.



vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #2190144 3-Mar-2019 09:51
Send private message

tripper1000:

 

There are several reasons why technology is more trustworthy from/with the USA than China.

 

 

You should probably pay more attention to the Equation Group and their infrastructure 'patches'.

tripper1000
1648 posts

Uber Geek
+1 received by user: 1176


  #2190514 4-Mar-2019 09:00
Send private message

You guys are thinking too far down in the weeds and inside the box - IE someone eavesdropping on your communications. You are thinking inside the capabilities of the existing and properly working hardware.

 

The threat can be turning foreign cell networks into an extension of the Chinese intelligence gathering machine ie simply extending their ability to track everyone inside china, to also tracking everyone out of Chine - eg a Chinese democracy activist (or anyone/everyone else)  by their IMEI as they visit NZ, Australia or other sympathetic countries.

 

On a defence level, it can simply switching the entire network off prior to a military attack.

 

Spy agency's have been loading custom firmware on victims phones since the days of the Nokia and Ericsson (with smart phones, this has gotten easier to do). Think about the possibilities (or lack of restrictions) if you can modify at will both the handset and the cell network. Over the air-updates take on a whole new meaning. A backdoor could be built in that facilitates a reverse over the air update from a handset to a cell network. The mind boggles.

 

 



BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2190553 4-Mar-2019 09:56
Send private message

tripper1000:

 

You guys are thinking too far down in the weeds and inside the box - IE someone eavesdropping on your communications. You are thinking inside the capabilities of the existing and properly working hardware.

 

The threat can be turning foreign cell networks into an extension of the Chinese intelligence gathering machine ie simply extending their ability to track everyone inside china, to also tracking everyone out of Chine - eg a Chinese democracy activist (or anyone/everyone else)  by their IMEI as they visit NZ, Australia or other sympathetic countries.

 

 

If this happened and Huawei were found out they would be toast and they would be ripped out of the network and no one from any first world country, or even government funding from first world countries to developing countries to deploy *any* Huawei gear (Mobile, Broadband, Home Router, Mobile phones etc). Aka assured destruction of Huawei outside China and it's dependent allies (NK, HK etc).

 

tripper1000: On a defence level, it can simply switching the entire network off prior to a military attack.

 

See above

 

tripper1000:  Spy agency's have been loading custom firmware on victims phones since the days of the Nokia and Ericsson (with smart phones, this has gotten easier to do). Think about the possibilities (or lack of restrictions) if you can modify at will both the handset and the cell network. Over the air-updates take on a whole new meaning. A backdoor could be built in that facilitates a reverse over the air update from a handset to a cell network. The mind boggles.

 

See above.

 

The argument is the equipment to be able to MITM/Snoop/Whatever targeted IMEI's is pre manufactured into each eNodeB with sufficient CPU power to do this super sneaky LI features laying dormant ready to be activated "at any time" and then exfiltrate that data without being noticed by the Telco. Or suggesting that executing the "kill switch" to shut down the mobile network wouldn't have any long term impact on the equipment being purchased in the future.

 

These sorts of attacks depend on the target (IE the Telco) being unaware of the malicious actors intent (IE Huawei with the assistance of the Chinese spy agency). Also tends to depend on the assumption that the elements will *never* be opened up and physically inspected and detailed technical specifications were not requested by the Telco on behalf of domestic spy agencies.

 

Huawei being an arm of the Chinese Spy agency has been a topic discussion since Huawei came on the scene as a global telco hardware provider so are under an even higher degree of scrutiny than manufacturers such as Erisson, Nokia/Alcatel/Lucent, Cisco and others.

 

I think that scrutiny is justified but there has not to my knowledge ever been even the slightest sniff of any coordinated conspiracy from Huawei and if there has it has never been made public. I know if there was provable facts there would be an extremely high chance that any information like that would leak out via various channels.

 

Just look at the whole Supermicro story and in my view that is a drop in the ocean in comparison to if Huawei were found out to have a backdoor in their gear.

 

To me even the suggestion that there would be sufficient *additional* hardware capable either additional chips or embedded into an existing die(s) to support the necessary CPU & Storage required to perform LI plus the exfiltration included in *every* eNodeB laying dormant for no additional cost per node to do the necessary job that WOULDN'T be found is just a nonsense.

Torque
379 posts

Ultimate Geek
+1 received by user: 23


  #2190580 4-Mar-2019 10:20
Send private message

Stingray devices are a product, not a technology. 

Batman
Mad Scientist
30014 posts

Uber Geek
+1 received by user: 6217

Trusted
Lifetime subscriber

  #2190622 4-Mar-2019 11:29
Send private message

tripper1000:

 

You guys are thinking too far down in the weeds and inside the box - IE someone eavesdropping on your communications. You are thinking inside the capabilities of the existing and properly working hardware.

 

The threat can be turning foreign cell networks into an extension of the Chinese intelligence gathering machine ie simply extending their ability to track everyone inside china, to also tracking everyone out of Chine - eg a Chinese democracy activist (or anyone/everyone else)  by their IMEI as they visit NZ, Australia or other sympathetic countries.

 

On a defence level, it can simply switching the entire network off prior to a military attack.

 

Spy agency's have been loading custom firmware on victims phones since the days of the Nokia and Ericsson (with smart phones, this has gotten easier to do). Think about the possibilities (or lack of restrictions) if you can modify at will both the handset and the cell network. Over the air-updates take on a whole new meaning. A backdoor could be built in that facilitates a reverse over the air update from a handset to a cell network. The mind boggles.

 

 

 

 

You missed out one more - Maybe they just want to expand their social credit system to the wider planet population. Think of it like a big Chinese (or Russian, or American) "Facebook".

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #2190629 4-Mar-2019 11:38
Send private message

appl

 

Just look at the whole Supermicro story and in my view that is a drop in the ocean in comparison to if Huawei were found out to have a backdoor in their gear.

 

To me even the suggestion that there would be sufficient *additional* hardware capable either additional chips or embedded into an existing die(s) to support the necessary CPU & Storage required to perform LI plus the exfiltration included in *every* eNodeB laying dormant for no additional cost per node to do the necessary job that WOULDN'T be found is just a nonsense.

 

 

The Bloomberg story has been debunked iirc - bloomberg were not able to provide any evidence and I think law suits were being bounced around.

 

The fundamental problem with the idea is that servers do not sit in exposed environments and traffic in and out is both restricted and inspected. Any system trying to phone home would stick out like a sore thumb.

 

5G on the other hand is quite different. There seems to be two issues getting muddles, first is the distrust of China, and the second is the challenges 5G in general brings to infrastructure security. I think there is a 3rd underlying issue not discussed - and that is LEAs ability to exploit current infrastructure for their surveillance activities (could you imagine the FBI requesting a back door from Huawei?).

tripper1000
1648 posts

Uber Geek
+1 received by user: 1176


  #2196527 12-Mar-2019 13:58
Send private message

BarTender:

 

tripper1000: You guys are thinking too far down in the weeds and inside the box - IE someone eavesdropping on your communications. You are thinking inside the capabilities of the existing and properly working hardware.

 

The threat can be turning foreign cell networks into an extension of the Chinese intelligence gathering machine ie simply extending their ability to track everyone inside china, to also tracking everyone out of Chine - eg a Chinese democracy activist (or anyone/everyone else)  by their IMEI as they visit NZ, Australia or other sympathetic countries.

 

 If this happened and Huawei were found out they would be toast and they would be ripped out of the network and no one from any first world country, or even government funding from first world countries to developing countries to deploy *any* Huawei gear (Mobile, Broadband, Home Router, Mobile phones etc). Aka assured destruction of Huawei outside China and it's dependent allies (NK, HK etc).

 

Don't fall into the trap of applying Western business ethos to an Eastern Company. One of the challenges of doing business with Chinese companies is that they don't give a thought about repeat business. They don't consider that fact that if they harm you today or rip you off today, you won't buy anything from them tomorrow. It is all about getting rich today. They have few scruples and are pretty much expected to try and rip off Chinese people, and it is even more OK to rip off foreigners.  

 

Another reason to avoid Huawei and a good example of their lack of ethics is the current case where they are accused of breaking the UN sanctions and supplying gear to Iran. If they have no regard for UN rules, how much regard do you think they are likely to truly have for you and our country?

gzt

gzt
18687 posts

Uber Geek
+1 received by user: 7827

Lifetime subscriber

  #2196532 12-Mar-2019 14:05
Send private message

tripper1000: Another reason to avoid Huawei and a good example of their lack of ethics is the current case where they are accused of breaking the UN sanctions and supplying gear to Iran. If they have no regard for UN rules, how much regard do you think they are likely to truly have for you and our country?


Do you mean US/USA sanctions? I'm not aware of any United Nations sanctions on Iran on telecommunications equipment.

wellygary
8813 posts

Uber Geek
+1 received by user: 5297


  #2196538 12-Mar-2019 14:21
Send private message

tripper1000:

 

Don't fall into the trap of applying Western business ethos to an Eastern Company. One of the challenges of doing business with Chinese companies is that they don't give a thought about repeat business. They don't consider that fact that if they harm you today or rip you off today, you won't buy anything from them tomorrow. It is all about getting rich today. They have few scruples and are pretty much expected to try and rip off Chinese people, and it is even more OK to rip off foreigners.  

 

 

Trust and customer relationships in China ( and in many other Asia Cultures) are heavily influenced by Guanxi,

 

The relationships you have just described have very little Ganqing.

 

This is why western companies spend considerable time and effort to form relationships in China, so that interactions are at a "closer" level....

BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2196546 12-Mar-2019 14:40
Send private message

tripper1000:

 

BarTender:

 

tripper1000: You guys are thinking too far down in the weeds and inside the box - IE someone eavesdropping on your communications. You are thinking inside the capabilities of the existing and properly working hardware.

 

The threat can be turning foreign cell networks into an extension of the Chinese intelligence gathering machine ie simply extending their ability to track everyone inside china, to also tracking everyone out of Chine - eg a Chinese democracy activist (or anyone/everyone else)  by their IMEI as they visit NZ, Australia or other sympathetic countries.

 

 If this happened and Huawei were found out they would be toast and they would be ripped out of the network and no one from any first world country, or even government funding from first world countries to developing countries to deploy *any* Huawei gear (Mobile, Broadband, Home Router, Mobile phones etc). Aka assured destruction of Huawei outside China and it's dependent allies (NK, HK etc).

 

Don't fall into the trap of applying Western business ethos to an Eastern Company. One of the challenges of doing business with Chinese companies is that they don't give a thought about repeat business. They don't consider that fact that if they harm you today or rip you off today, you won't buy anything from them tomorrow. It is all about getting rich today. They have few scruples and are pretty much expected to try and rip off Chinese people, and it is even more OK to rip off foreigners.  

 

Another reason to avoid Huawei and a good example of their lack of ethics is the current case where they are accused of breaking the UN sanctions and supplying gear to Iran. If they have no regard for UN rules, how much regard do you think they are likely to truly have for you and our country?

 

 

Still haven't answered my principal premise of why Huawei wouldn't add it in. Since if they were every caught out they would NEVER recover. I have spoken at length with other people in the Telco industry and we all agreed that if a backdoor was ever discovered every single Telco would remove them no matter the cost. And Huawei would never be able to sell their gear ever again.

 

And if "the kill switch" which was the other conspiracy theory. Same thing applies.

 

Huawei would only ever have one chance to use their snooping / kill switch and you would need to do it on a large country since NZ is tiny and if it ever happened here then all the other countries would follow suit.

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #2196620 12-Mar-2019 16:39
Send private message

and people keep forgetting most of your pre-2000 cisco gear was made by huawei (as cisco's OEM)

grimwulf
121 posts

Master Geek
+1 received by user: 85


  #2197178 13-Mar-2019 11:33
Send private message

https://www.theregister.co.uk/2019/03/12/us_germany_huawei_5g_intelligence_cutoff/

 

Looks like the USA is starting to play hardball with regards to intel sharing.

 

I have zero doubts that there were similar conversations at high levels within the GCSB.

 

Interestingly, no reports of similar coercion of the UK however.

 

Increasingly, the message is - "choose a side" - there doesn't seem to be a "we'll be Switzerland" option.

tripper1000
1648 posts

Uber Geek
+1 received by user: 1176


  #2197211 13-Mar-2019 12:04
Send private message

vulcannz:

 

and people keep forgetting most of your pre-2000 cisco gear was made by huawei (as cisco's OEM) 

 

No exactly relevant to the debate - when Cisco is designing the gear and writing the firmware, it is pretty easy for Cisco to audit the final product and hard for the communist party to slip in Trojan hardware/software. When Huawei is designing it's own gear and writing its own firmware no one in the west is privy to the design process and would not be any the wiser if it contained unnecessary extras, back doors, zombie bots etc.  

BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2197228 13-Mar-2019 12:21
Send private message

tripper1000:

 

vulcannz:

 

and people keep forgetting most of your pre-2000 cisco gear was made by huawei (as cisco's OEM) 

 

No exactly relevant to the debate - when Cisco is designing the gear and writing the firmware, it is pretty easy for Cisco to audit the final product and hard for the communist party to slip in Trojan hardware/software. When Huawei is designing it's own gear and writing its own firmware no one in the west is privy to the design process and would not be any the wiser if it contained unnecessary extras, back doors, zombie bots etc.  

 

 

Still not answering my question which is Huawei would only have a single shot at doing this. Since after the trigger was pulled and news got out they had "extras" they would be toast. Permanently.

 

Are you seriously saying that Huawei would risk it's ENTIRE FUTURE under pressure from the Chinese Government to allow a backdoor into their product?

1 | ... | 8 | 9 | 10 | 11 | 12 | 13 | 14
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright