
British Telecom bars Huawei's 5G kit from core of network - zerogvt
https://www.bbc.com/news/technology-46453425
======
londons_explore
Considering that one can purchase a zero day exploit in pretty much any piece
of network equipment for ~$50k, I don't see how these 'national security'
claims hold up.

For a government who wants to spy, the difference between inserting your own
exploit in a piece of equipment and paying $50k to find an existing exploit is
insignificant.

Using an existing exploit is preferable anyway, because then it's harder to
trace the origins of the exploit back to you.

~~~
zby
It is always better to have more options - but it is also a matter of trust -
how much can you trust a bought zero day? Especially when your opponent is the
UK state.

~~~
wallace_f
Trust? In terms of competency of the exploit?

I've wondered how the security experts privately regard nation state security
personnel and teams? For example, no government was competing to employ
Barnaby Jack. And of course government is notorious for inefficiency and
incompetence when producing goods and services.

Of course nation states also have enormous advantages over any other
individual or group.

------
berti
Recently we had a situation in New Zealand where a large telco announced
Huawei would provide their 5G kit for the entire network, then days later had
to retract because the national intelligence agency barred the deal [0].

[0]
[https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&...](https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12167798)

~~~
dis-sys
Many are asking the same legitimate question - what is the point keeping the
free trade agreement with NZ when Chinese products are being treated like
that.

~~~
zaphirplane
Who are the many? One side says the equipment isn’t secure, that isn’t related
to free trade. I suppose a lot of countries selling asbestos and aerosol are
upset

~~~
dis-sys
> Who are the many?

are you assuming that there are not many hardliners in China?

> One side says the equipment isn’t secure

after so many years with so many Huawei equipments used in the west, when all
kinds of security experts and law enforcements officials all have 24/7 access
to those devices, when the state of the art analysis tools and procedures are
all available to them, any actual backdoor intentionally placed by Huawei got
busted?

~~~
zaphirplane
You are making the assumption that a backdoor needs to be active now, not a
sleeper backdoor that is a activated on a trigger

What about future firmware upgrade or hardware replacement that isn’t vetted
today. What triggered all this was BT found the equipment was too chatty

~~~
dis-sys
> What about future firmware upgrade or hardware replacement that isn’t vetted
> today.

same question for all Cisco/IBM/HP/Apple devices used in countries not that
close to the US/UK. should they use the same cheap excuses to ban all those
devices? or maybe the standard is simply different here?

> What triggered all this was BT found the equipment was too chatty

please define the term chatty and what is the acceptable threshold? or maybe
get the best expert to look into it and present the smoking gun evidence to
the world to actually prove something with solid evidence?

before that, what you mentioned above is nothing but fear mongering.

------
lukebennett
Not directly related to the story, but just for info - "British Telecom" is an
incorrect name (it's not used in the BBC article). The company renamed from
that to BT in 1991.

~~~
porpoisely
Didn't British Petroleum do the same thing? Now they are exclusively known as
BP.

~~~
juanuys
I was reminded of this when Obama still referred to BP as British Petroleum
during the oil spill:

[https://www.bbc.co.uk/news/10303619](https://www.bbc.co.uk/news/10303619)

------
xrayzerone
> Huawei denies having any ties to the Chinese government beyond those of
> being a law-abiding taxpayer.

I find it interesting that these kinds of verbal games are continually played
out in the public eye despite everyone involved knowing exactly what's going
on. And that goes for all APT / nation-state actors.

~~~
dhx
Australia has effectively banned Huawei since 2012 (NBN participation ban).
Therefore, there is plenty of discourse and information from Australia about
technology sovereignty.

The article at [1] directly addresses the claim:

> Huawei denies having any ties to the Chinese government beyond those of
> being a law-abiding taxpayer.

Articles at [2] also provide more in-depth analysis.

[1] [https://www.aspistrategist.org.au/huawei-and-the-
ambiguity-o...](https://www.aspistrategist.org.au/huawei-and-the-ambiguity-of-
chinas-intelligence-and-counter-espionage-laws/)

[2] [https://www.aspi.org.au/report/huawei-and-
australias-5g-netw...](https://www.aspi.org.au/report/huawei-and-
australias-5g-network)

~~~
ShorsHammer
The irony here in that Australia just passed laws requiring local vendors to
put in backdoors at the governments request, not just for national security
but also in regards to "national economic well-being" aka industrial
espionage.

------
Theodores
The problem is that Huawei kit does not have GCHQ/NSA backdoor capabilities.
Hence it has to be banished.

The story has not changed since five years ago:

[https://www.theregister.co.uk/2014/04/25/huawei_responds_to_...](https://www.theregister.co.uk/2014/04/25/huawei_responds_to_spying_allegations/)

It would be commercial suicide for Huawei to have backdoored their export
products. For the Chinese domestic market they may have 'Great Firewall'
extras to them but for export products it simply makes no business sense.

There is zero evidence in the public domain to support the hysterical
allegations of the crazy folks in our domestic military-industrial-espionage
complex.

In former times there was this quaint notion of innocent until proven guilty.
It is time we grow up a bit and stop slandering our Chinese friends.
Xenophobia has never helped.

Edit: Instead of downvoting, please explain the flaws in my comment, whether
they be based on unsubstantiated claims, tone of voice or just personal
grudge. Thank-you.

~~~
unmole
> The problem is that Huawei kit does not have GCHQ/NSA backdoor capabilities.
> Hence it has to be banished.

GCHQ/NSA don't need to add their own backdoor capabilities. Huawei gear ships
with support for what is refered to as _Lawful Interception._ [0]

I agree with the rest of your comment and I said something similar myself a
few days ago[1]. But the idea of Huawei being barred by a British carrier
because of GCHQ not being able to snoop on it is absurd.

Full disclosure: I am a Huawei employee.

0:
[http://support.huawei.com/enterprise/en/doc/EDOC0100412586?s...](http://support.huawei.com/enterprise/en/doc/EDOC0100412586?section=j00b)

1:
[https://news.ycombinator.com/item?id=18514607](https://news.ycombinator.com/item?id=18514607)

~~~
Theodores
I like the Huawei employees I have met in Surrey, it does seem a pity that
their world is being ruined by the brainfarts of politicians and those spooks
that told so many lies about Iraq and every other war.

------
pjc50
So _something_ has changed, because there used to be a weird little
collaboration/supervision operation going on between BT, Huawei, and UK
Intelligence at Martlesham Heath.

[https://www.eadt.co.uk/business/martlesham-heath-huawei-
pled...](https://www.eadt.co.uk/business/martlesham-heath-huawei-pledges-to-
invest-370m-in-superfast-5g-mobile-network-1-2972789)

~~~
3chelon
Not often I find my local rag referenced in HN, but I'm intrigued... where in
the article does it mention UK intelligence? Martlesham is BT's R&D facility.

~~~
pjc50
It doesn't. I doubt it would be legal for them to mention things covered by
the Official Secrets Act. Remember that GCHQ was "officially invisible" for
_years_ despite being a hugely visible building and major Coventry employer.
The Martlesham Heath connection is less conspicuous but something I've had
people in the know hint at.

~~~
noir_lord
> I doubt it would be legal for them to mention things covered by the Official
> Secrets Act.

Official Secrets act only applies to people who signed it.

A journalist would have to be insane to sign the official secrets act as it is
hilariously broad.

If you don't sign it then you can print (almost) whatever you want.

Even the much vaunted "D-Notices" are not mandatory, it's an informal
agreement between the press and the government that occasionally the
government will ask them not to print something and the press will (mostly)
trust them, it seems to work fairly well, one thing I've wondered is that
because the D-Notices are voluntary rather than mandatory the government can't
abuse them the way they could if they where mandatory (since if they did the
press would stop ignoring them).

~~~
berkut
> Official Secrets act only applies to people who signed it.

No it doesn't. It's a law, not a contract. They only get you to sign to it in
order to remind you of the fact you're bound by it.

~~~
noir_lord
Sorry you are wrong.

They have to either sign it _or_ be notified that they are covered under it
generally by employment contract that you sign.

Without either of those you are not bound by it.

> It is not necessary for a person to have signed the Official Secrets Act in
> order to be bound by it. The 1989 Act states that a person can be "notified"
> that he or she is bound by it; and Government employees will usually be
> informed via their contract of employment if they must observe the Act. [1]

[1]
[https://researchbriefings.parliament.uk/ResearchBriefing/Sum...](https://researchbriefings.parliament.uk/ResearchBriefing/Summary/CBP-7422)

Since I've never signed it nor a contract notifying me that I'm bound by it,
I'm _not_ bound by it nor would a journalist be.

This is how you end up in the somewhat funny situation of a government
employee not been able to confirm something because they are covered but the
person asking for confirmation not been.

------
setquk
Edit: UK outage vendor confirmed as Ericsson:
[https://uk.reuters.com/article/us-o2telefonica-
outages/erics...](https://uk.reuters.com/article/us-o2telefonica-
outages/ericsson-software-glitch-hits-mobile-services-in-britain-and-japan-
idUKKBN1O51I2)

Old paranoia filled post left below for reference. Thanks to saaaaaam for
pointing the above link out.

\----

There's something going on here, political or technical.

O2/Telefonica subcontracted out a lot of their core to Huawei in 2012 [1].
Literally today, after their CFO was arrested in Canada [2], we've been hit
with a massive telecoms outage here in the UK which has taken out data / SMS.
O2 have stated that it's due to one of their technology provider's software
[3].

Edit: Giffgaff (virtual provider) have also stated that this is a global
problem which is even more worrying [4]

I hope this is a coincidence.

We've had data down here in UK from 0500 to 14:00 so far...

China stock is falling, this happened, Huawei already have a somewhat iffy
reputation and now BT is throwing out news about jumping ship from them
suddenly.

[1] [http://telecoms.com/44197/huawei-wins-managed-services-
deal-...](http://telecoms.com/44197/huawei-wins-managed-services-deal-
with-o2-uk/)

[2]
[https://www.bbc.co.uk/news/business-46465768](https://www.bbc.co.uk/news/business-46465768)

[3]
[https://twitter.com/O2/status/1070612301110226944](https://twitter.com/O2/status/1070612301110226944)

[4]
[https://twitter.com/giffgaff/status/1070674248606339072](https://twitter.com/giffgaff/status/1070674248606339072)

~~~
izacus
The outage was apparently caused by Ericssons software:
[https://www.theguardian.com/business/2018/dec/06/o2-customer...](https://www.theguardian.com/business/2018/dec/06/o2-customers-
unable-to-get-online) \- our domestic, trustworthy and great company.

But it's sad to see that Chinese scaremongering propaganda is so effective
even on educated people.

~~~
Sabinus
The Chinese equipment isn't being rejected because it can fail. It's because
Chinese companies aren't as separate from the government as in the West. And
they don't trust China of course.

------
kennydude
> still plans to use the Chinese company's phone mast antennas and other
> products deemed not to be at the "core" of the service.

So apparently phone masts aren't "core" to a _phone network_?

~~~
noselasd
It likely refers to the technical definition of the core of a telco network,
see e.g. the evolved packet core part of a 4g/lte network
[https://i.ytimg.com/vi/6dt9xVMvtB8/maxresdefault.jpg](https://i.ytimg.com/vi/6dt9xVMvtB8/maxresdefault.jpg)
, of which the eNodeb's ("phone masts") are not part of.

At least for 4g some layers of the control plane and all the user plane data
are encrypted when passed through the eNodeb's. Albeit an eNodeb can probably
do a lot of nefarious things if it wants to.

Or they mean literally just the phone masts and antennas - which are just
inert components.

~~~
kennydude
That makes more sense. Cheers :)

------
infinity0
> However, critics point out that its founder, Ren Zhengfei, was a former
> engineer in the country's army and joined the Communist Party in 1978. There
> are also questions about how independent of state influence any large
> Chinese company can be.

Is this really the best they can come up with? I've never heard any more
specific accusations, in any media. Sounds pretty racist.

(I have seen specific accusations that Huawei is violating sanctions, but that
is a separate concern from national security in infrastructure.)

~~~
ancorevard
Corporate espionage and military intelligence are not clearly separated in
China, and this is due to the culture and values of the Chinese Communist
Party. This is seen as the same thing, advancing towards the same goal.

This is arguable less of the case in other countries, which is why people in
other countries don't understand what is going on right now (i.e. why Huawei
is seen as a security threat). The concern is, if you in the future cross the
will of the Chinese Communist Party, your national infrastructure may
suddenly...behave differently.

~~~
infinity0
> Corporate espionage and military intelligence are not clearly separated in
> China, and this is due to the culture and values of the Chinese Communist
> Party.

Any _specific_ examples or accusations????

~~~
scarejunba
It’s mostly science fiction at this point. You’ll only get vague comments at
best. It may well be true, but the people you’re talking to don’t know.

Always remember: you’re almost certainly talking to a software engineer with
an active imagination using Wikipedia to selectively back up their stories.

~~~
scarcely
They always make sure to put a TON of "citations” in their comments too lmao.

------
lostmsu
Seems like they started fight with Huawei via non-market means. Does it mean
its actually a successful hardware company, threatening Apple/Samsung
dominance?

As for fears, they could mandate open source with reproducible builds for all
security critical infrastructure hardware.

~~~
dunpeal
Pretty sure Huawei is getting targeted for a reason, and not just because it's
a "successful hardware company".

Neither the US nor the UK have any interest in protecting Samsung from
competition.

My guess is that there's been some discoveries related to how aggressively
Huawei is spying.

------
zby
"Backdoor in event-stream library dependency"
[https://news.ycombinator.com/item?id=18534392](https://news.ycombinator.com/item?id=18534392)

[https://www.theguardian.com/news/2018/nov/29/why-we-
stopped-...](https://www.theguardian.com/news/2018/nov/29/why-we-stopped-
trusting-elites-the-new-populism)?

Trust!

