
US says it can prove Huawei has backdoor access to mobile-phone networks - ssully
https://arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/
======
AdmiralAsshat
> Telecom-equipment makers who sell products to carriers "are required by law
> to build into their hardware ways for authorities to access the networks for
> lawful purposes," but they "are also required to build equipment in such a
> way that the manufacturer can't get access without the consent of the
> network operator," the Journal wrote.

I love this quote. The US is essentially complaining that Huawei has access to
the backdoor channels that _only_ the US government was supposed to have.

~~~
gruez
>The US is essentially complaining that Huawei has access to the backdoor
channels that only the US government was supposed to have.

How is surprising? The defining characteristic of a nation state is that it
has a monopoly on violence within its borders. Having a monopoly on
intercepting telecom traffic is a logical consequence of that. For other
countries though, yeah I'd prefer if neither China nor US have backdoor
access.

~~~
ancorevard
"I'd prefer if neither China nor US have backdoor access."

So would I, but having lived in both countries, one of the two governments is
decidedly more evil than the other.

~~~
dependenttypes
What is more dangerous for an American (or even European) citizen? The US or
China spying at them? Even if China is more evil in its domestic affairs a
western civilian has much more to fear from the US.

~~~
frequentnapper
>Even if China is more evil in its domestic affairs a western civilian has
much more to fear from the US.

Can you support this assertion?

~~~
AsyncAwait
Kim Dotcom, Julian Assange, Iraq, Iran etc.?

~~~
Mulpze15
FIFA executives. Even though I found it awesome.

[https://www.justice.gov/usao-edny/pr/nine-fifa-officials-
and...](https://www.justice.gov/usao-edny/pr/nine-fifa-officials-and-five-
corporate-executives-indicted-racketeering-conspiracy-and)

------
dustfinger
Note: The following might be considered off-topic. On the otherhand, there
might be something nefarious in the SMS network.

I found something strange that affects SMS in Canada. You can send the lower
case text "secure communication", but it will never be recieved by the
recipient. I am not sure if this behavior is reproducible outside of Canada.
It might be a software defect, or perhaps there is something capturing the
text and trying to interpret it as a command. The issue is more difficult to
reproduce if both the sender and recipient devices are iphone's due to the
default behavior of sending via iText.

I originally posted about this late last year [1]. I intend to investigate
this issue more deeply, but my time has been consumed by another more pressing
matter. The original HN post links to my blog post [2]. Originally I jumped to
the conclusion that it was a case of censorship, but I backtracked on that
because the issue is case sensitive. I would love confirmation if this is
reproducible in other countries.

[1]
[https://news.ycombinator.com/item?id=21593276](https://news.ycombinator.com/item?id=21593276)

[2] [https://bloggerbust.ca/post/text-messages-are-being-
censored...](https://bloggerbust.ca/post/text-messages-are-being-censored-in-
canada/)

~~~
smitop
On a related note, if you start an SMS with "!", then the leading exclamation
point will be stripped, and a delivery confirmation SMS will automatically be
sent (not sure if it's from the mobile network or the receiving phone). This
makes it possible to send zero-character SMSes.

~~~
franga2000
Huh, just tried it and the ! got through. Could be network- or encoding-
specific?

------
zmmmmm
> required by law to build into their hardware ways for authorities to access
> the networks for lawful purposes

A bit of a tangent but ...

How I hate this term "lawful purposes". It's a non-sequitor / dark pattern
deployed to confuse consumers into not understanding that they mean "spy on
you". "Lawful" just means compliant with the law. In other words, they are are
NOT saying "necessary to enforce the law" which is what they want you to
think. They are only saying, hey, we won't break the law when we use this
feature, aren't we great? Like breaking the law would ever be OK and as if
this disclaimer somehow adds any sort of reassurance. The implied logic is
"normally we would just break the law to access your data but in this special
case we'll follow it.

/tangent

~~~
sillysaurusx
Are you sure you’d want to live in a society that was incapable of spying on
you when they decided it was necessary?

(This argument hinges on that pesky word “necessary”. But it’s worth thinking
about which conditions you’d be ok with the state surveilling others, and who
exactly “others” refers to.)

~~~
A4ET8a8uTh0
Sadly, that is exactly how ideas like that promulgate. It won't affect me. It
will only affect the others, the undesirables, the trouble makers, and misc.
whippersnappers.

I know it will not affect me and people like me, because implemented rules
will ensure that.

My parents lived in a society you seem to yearn for. Hard pass.

------
crmrc114
NSA: Yeah, their spyware install totally broke our spyware install!!1!

Joking, but I honestly wonder- If the software is compiled in California...
and the hardware is made in China. You could have two implants in the same
gear. Now that's Thinking Green! Twice the government implants in one product.

~~~
SAI_Peregrinus
"US says it can prove Huawei has lawful intercept access to mobile-phone
networks" would be a better headline.

~~~
blattimwind
Because Huawei is a global law-enforcement agency and hence can claim lawful
interception on all equipment it sells? Doesn't make any sense.

~~~
dependenttypes
Is NSA a global law-enforcement agency? [https://arstechnica.com/tech-
policy/2014/05/photos-of-an-nsa...](https://arstechnica.com/tech-
policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-
implant/)

~~~
geggam
Completely depends on the abilities of the military which enforce the rule.

Violence tends to be the way nations define rules outside their own borders.

~~~
ieS7rpVU
Inside their own borders as well. States are creatures of violence. They are
created by violence and require continuous violence to remain in existence.

------
inviromentalist
Shouldn't moments like this be death blows?

I had totally thought after Apple and Microsoft were caught working on PRISM
Americans and corporations would be doing drastic steps to avoid their
communication being intercepted.

But for some reason that never happened.

------
CameronNemo
But can they prove it without revealing their own backdoors?

~~~
donclark
Or explaining why they allow those backdoors exist in the first place?

~~~
pmlnr
This is one of those "if X has access, so does everyone else" and rule makers
still don't seem to grasp it.

~~~
blattimwind
"Because I can log into my sshd, so can everyone else"...? We are not talking
about weak crypto here (though AFAIK 5G crypto is designed to be decidedly not
E2E), but rather access to the data processed by these systems. There is no
particular reason why granting e.g. the NSA access to a stream of CDRs would
immediately give others access.

~~~
franga2000
I don't think anyone is saying immediately, but these are long-lived fairly
static systems.

I'm going to assume that you probably update your server's SSHd at least semi-
regularly and that if SSH turns out to be broken 20 years down the line, you
will probably be switching to something better either manually or when you
eventually replace your hardware and reinstall the OS.

This kind of infrastructure is meant to last for decades. Imagine if the
original GSM contained a backdoor with the state-of-the-art crypto of the
time. Would it still hold up today? Hell, you don't have to imagine - a mid-
range smartphone these days can crack a lot of GSM traffic.

Besides that, there's also the problem that not only are these things usually
not done with state-of-the-art tech, but leaks happen all the time and it only
takes one mistake* for the privkeys to become known.

------
99_00
China's intelligence law requires people or companies to spy when asked.

>“request relevant organs, organisations, and citizens provide necessary
support, assistance, and cooperation”. According to Article 16, intelligence
officials “may enter relevant restricted areas and venues; may learn from and
question relevant institutions, organisations, and individuals; and may read
or collect relevant files, materials or items”

[https://www.canada.ca/en/security-intelligence-
service/corpo...](https://www.canada.ca/en/security-intelligence-
service/corporate/publications/china-and-the-age-of-strategic-rivalry/chinas-
intelligence-law-and-the-countrys-future-intelligence-competitions.html)

~~~
dependenttypes
Isn't this also pretty much the case with American companies? The only
difference is that they need a warrant (which should be pretty easy to get).

Anyway, there is a new bill trying to kill e2ee in America
[https://news.ycombinator.com/item?id=22202110](https://news.ycombinator.com/item?id=22202110)

~~~
kelnos
Yes and no.

There are some specific carve-outs for telecom companies that their networks
must have the ability to tap into specific traffic when a government agency
comes knocking with a warrant.

But, as you point out, backdoor-free e2e encryption is not _yet_ illegal, and
the US gov't can't force e.g. Apple to put a backdoor in iMessage or in iOS's
device encryption.

I expect that this is not the case in China; if the CCP tells a company to do
something, anything, to allow them to spy on their users, they do it, or they
get destroyed.

Bills like the EARN IT Act scare the hell out of me, but at least there's a
process by which it becomes law, and we can affect that process and
(hopefully) kill it. That's just not possible in China.

~~~
dependenttypes
> and we can affect that process

In theory, in the same sense that one could influence what CCP does by
becoming a member of it and rising through the ranks.

------
zyang
Is it Telnet?
[https://www.theregister.co.uk/2019/04/30/huawei_enterprise_r...](https://www.theregister.co.uk/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/)

------
aaron695
I love the delusions here that spy craft is worth more than commerce.

China risks one of their largest companies, knowing they will eventually get
caught, over one department in the US just puts out a statement they are
'spying' and everyone believes it without proof.

We don't actually live in a Hollywood movie.

"US officials said they have been aware of Huawei's backdoor access "since
observing it in 2009 in early 4G equipment," the Journal wrote."

So the USA admits it's allowed all these counties, many allies, be spied on?
Really? We are excepted to believe that?

I'm sure there's a technical 'thing' here. But whether they have fked up on
the USA side or the Chine side we can only know from the US actually saying
what this is. But then the US might lose it's 'Huawei is spying' attack on
Chinese commerce.

------
ngngngng
While we're on the subject, is Signal still the best way for me to communicate
privately? I've got all the people I communicate with daily using it now, and
I feel relatively confident that the communications are private. Are they?

~~~
crankylinuxuser
Given their demand to your phone number, along with social graph (phone list
and communication targets) I do not trust it to be secure and private.

It's probably secure against phone company snooping. But I wouldn't trust it
much past that.

~~~
walterbell
Wire.com E2E encryption does not require phone number or social graph. They
are also working to standardize the wire protocol via IETF MLS, with
cryptographers from multiple companies.

[https://datatracker.ietf.org/wg/mls/about/](https://datatracker.ietf.org/wg/mls/about/)

~~~
crankylinuxuser
Indeed.

I haven't gotten around to using Wire. But when I've needed secure, private,
and semianonymous messaging, I've used Tox.

------
syshum
Is that proof "conflicted with NSA backdoor"

------
pinkfoot
My guess is the proof the Germans were shown was a plan to tax their cars at
40%.

------
awinter-py
I don't hate that someone is investing in tools & research in this.

I'd certainly pay a 20% premium on my hardware for verifiable protection from
phone-home. I'd probably pay that premium for the manufacturer to _claim_ that
the device doesn't phone home.

Obv different situation for infrastructure hardware where the end-user (me)
isn't the same as the buyer (german telecoms, apparently). But I suspect some
of the verification / testing tools will be similar.

I'm happy these topics are getting press, whoever the players are.

------
fulldecent2
Original source.

Will somebody with access to WSJ please corroborate this quote in OP which is
attributed to WSJ?

> Telecom-equipment makers who sell products to carriers "are required by law
> to build into their hardware ways for authorities to access the networks for
> lawful purposes," but they "are also required to build equipment in such a
> way that the manufacturer can't get access without the consent of the
> network operator," the Journal wrote.

------
mech1234
A question to Europeans reading this-

If you had to assume that U.S. 5G equipment manufacturers would provide
backdoors to U.S. officials, and Chinese 5G equipment manufacturers would
provide backdoors to Chinese officials, and Europeans had to use one or the
other, which would you choose?

~~~
kube-system
The answer is you choose the one which is the closer ally. Which, given the
lack of US 5G manufacturers, is exactly the choice the US has already made.

~~~
owenmarshall
The closer ally is likely to have SIGINT sharing agreements with your
government.

FVEY exists so that the UK or Canada can legally spy on my communications and
turn that data over to my government - which couldn’t otherwise get it without
warrants and other pesky civil rights protections.

I think I’d rather take my chances with an adversarial government. I know
they’d be spying but their ability to act on it is far more limited.

~~~
Barracoon
Are you American? If so, that is a false statement. DODI 5240.1-R says "[DoD
components] Will not participate in or request any person or entity to
undertake any activities that are forbidden by E.O. 12333 or this issuance."
[1] The NSA, which has the SIGINT authority from EO 12333 [2], is a component
of the DoD. A non-DoD entity, such as FBI, Treasury, etc, would (a) not have a
foreign intelligence mission and would therefore go through normal court
procedures to obtain warrants to collect your communications or (b) would need
to coordinate through the executive agency (NSA in the case of SIGINT) to
request support for foreign communications, which brings us back to the
referenced DOD instruction requiring FISA approval.

1:
[https://dodsioo.defense.gov/Portals/46/DoDM%20%205240.01.pdf...](https://dodsioo.defense.gov/Portals/46/DoDM%20%205240.01.pdf?ver=2016-08-11-184834-887)

2: [https://www.archives.gov/federal-
register/codification/execu...](https://www.archives.gov/federal-
register/codification/executive-order/12333.html)

~~~
eternalny1
Snowden showed they were sharing nudes of ex-girlfriend in TAO.

How well do you think the FISA warrant process is going in reality?

~~~
kube-system
The scenario you mention is an illegal anecdotal failure of the system to work
as intended.

If we're still comparing the US and China, I'd say it's working a great deal
better than whatever system is currently (not) protecting Uighurs from
systematic unjust search and seizure.

~~~
CWuestefeld
That it's illegal doesn't mean that we should pretend that it's not happening.

Moreover, there's much more than anecdotal evidence. The recently-released
report on the Trump investigation proves this. Even if you hate Trump, there's
no getting around the fact that the FBI completely abused the FISA court
system, getting warrants by lying and misleading the court. This is a systemic
problem.

~~~
kube-system
I never said we should pretend it's not happening. I'm saying that even
bringing that up as a point of comparison with China is silly.

~~~
CWuestefeld
I don't understand how it's relevant to point out that US government actions
are illegal. The fact is that it's really happening, so in point of fact, the
US is not categorically different from China. The difference, if any, is
solely one of degree.

~~~
kube-system
It being illegal is relevant because it is _at least_ considered wrong to do.
The degree of difference in what is considered acceptable (and also what is
happening) between the two is so staggeringly different it isn't even
comparable.

~~~
CWuestefeld
I will continue to disagree, until you can show me that someone is being
punished for the illegal actions, and that further steps are being taken to
prevent such transgressions in the future.

Today in America it is _de facto_ legal for law enforcement to do this stuff.
The fact that a piece of paper somewhere might say otherwise has no bearing on
what's actually happening.

~~~
kube-system
> 325 times between 2013 and 2015, cops and employees who misused databases
> “were fired, suspended or resigned.”

[https://www.computerworld.com/article/3124641/cops-run-
unaut...](https://www.computerworld.com/article/3124641/cops-run-unauthorized-
searches-on-confidential-databases-for-revenge-stalking.html)

> The act imposes some new limits on the bulk collection of telecommunication
> metadata on U.S. citizens by American intelligence agencies

[https://en.wikipedia.org/wiki/USA_Freedom_Act](https://en.wikipedia.org/wiki/USA_Freedom_Act)

And shortly thereafter:

> The National Security Agency (NSA) has formally recommended that the White
> House drop the phone surveillance program that collects information about
> millions of US phone calls and text messages. The Wall Street Journal
> reports that people familiar with the matter say the logistical and legal
> burdens of maintaining the program outweigh any intelligence benefits it
> brings.

[https://www.engadget.com/2019/04/25/nsa-drop-massive-
phone-s...](https://www.engadget.com/2019/04/25/nsa-drop-massive-phone-
surveillance-spying)

Sure, the US isn't perfect.

But I'm still very certain that I trust China's approach to data privacy a
little less, since they currently do all of the following to happen, without
suspicion of a crime:

* mass collection of blood and hair DNA samples for citizens living in minority regions

* literal government occupation of people's homes to take photos and collect information

* installing government cameras inside of peoples homes

* using that information to track, detain, and send ~1 million minorities to re-education camps without being charged or accused of a crime... where they are subjected to forced sterilization and torture.

[https://www.hrw.org/news/2018/05/13/china-visiting-
officials...](https://www.hrw.org/news/2018/05/13/china-visiting-officials-
occupy-homes-muslim-region)

[https://www.nytimes.com/2018/09/08/world/asia/china-
uighur-m...](https://www.nytimes.com/2018/09/08/world/asia/china-uighur-
muslim-detention-camp.html)

[https://www.rfa.org/english/news/uyghur/abuse-10302019142433...](https://www.rfa.org/english/news/uyghur/abuse-10302019142433.html)

The institutional attitudes to privacy are simply not comparable to the US. US
authorities are not nonchalant enough about privacy that they think anything
close to that that is remotely acceptable in the US.

~~~
CWuestefeld
You do make some good points there, but ultimately I don't buy it. The key
thing is your citation of punishments for cops who "misused databases".

This isn't actually what's at issue here. The existence of law enforcement
databases is a very different thing than the facility for spying on
communications. And I still see no evidence that anyone has been punished for
that, or that any active measures have been taken to protect abuses of _those_
programs.

------
aussieguy1234
The US probably does want to reveal the backdoor because its likely they are
exploiting it themselves.

If they reveal the backdoor and Huawei closes or replaces it, they'll be
locked out

------
DaniloDias
1 thought for all MNOs and their vulnerability management programs:

Most of your infrastructure has multiple interfaces. Bearer. OAM, Backup, etc.

If your vulnerability scanning program only scans Bearer interfaces, you are
fucking up. You can spin up vulnerable services on only one interface. If you
don't scan ALL interfaces, you don't know all your entry points.

If you work for an MNO and are reading this, you should take action after
reading this content.

------
justlexi93
This isn't necessarily about access to the calls themselves. It could be about
being about to retrieve network configuration information, call history,
maintenance logs, and being able to alter the configuration of the network.
The article isn't specific enough.

In other words, do they just want to intercept calls, or steal customer
information, or crash the network?

------
sudoaza
Proof or GTFO

------
eqvinox
Let's see that proof. Then we can talk.

------
DoctorOetker
if the US (a tax payer funded operation) has proof it should simply share it,
not posture about it.

------
guug
People will still continue to use Huawei gear unless tangible evidence is
presented. The US government has been caught far too many times with its pants
down to be trusted.

------
bcrl
It Would Be Nice(tm) if SS7 was removed from the PSTN... Who needs backdoors
into networks when SS7 peers are trusted implicitly.

------
hatenberg
End to end encryption would be a good fix. Oh wait...

------
thdrdt
From yesterday:

How the CIA used Crypto AG encryption devices to spy on countries for decades

[https://news.ycombinator.com/item?id=22297963](https://news.ycombinator.com/item?id=22297963)

------
blackrock
Wasn’t that Apple “goto fail;” technically a zero-day back door as well?

You had to initiate some specific knock sequence to trigger it.

Did they find something like this in their source code?

------
Wheaties466
I like to post this whenever huawei backdoor gets mentioned.

RDG is the author of masscan

[https://blog.erratasec.com/2014/03/we-may-have-witnessed-
nsa...](https://blog.erratasec.com/2014/03/we-may-have-witnessed-nsa-
shotgiant-tao.html)

tl;dr they watched someone login with a huawei tech support account from
mainland china.

------
ChrisSD
Reminder: US intelligence lies. They are not unique in this but it's worth
repeating.

They might be right about Huawei or they might not, either way saying "we
totally have proof!" without providing proof is effectively meaningless.

~~~
ASalazarMX
If they had proof they would have showed it already. Nothing would help their
rhetoric more than cold hard facts.

If they haven't done it, it means: a) there isn't any backdoor, or b) exposing
their backdoors would expose their own backdoors.

I'm betting on b.

~~~
ApolloFortyNine
c. They have sources saying as such but have not discovered the backdoor
itself.

d. Admitting how they found the backdoor would reveal other issues (a source
in the pipeline, or their own backdoor in something Huawei made use of).

And probably e-z too.

~~~
LoveKebab
Yeah exactly - providing proof publicly could in fact burn the sources/methods
used to get that proof.

------
avocado4
Says the new account with a bunch of digits in the name.

~~~
ETHisso2017
Assume good faith

------
SubiculumCode
I'm usually impressed with HN comments, but this thread is currently dominated
by insubstantiated conspiratorial mongering against American institutions.

~~~
alasdair_
The problem is of those institutions own making. Many Americans lost their
lives hunting for Saddam’s WMDs - something that was fabricated by said
institutions.

“Trust us” is no longer something we can blindly accept.

~~~
SubiculumCode
To be clear, I was not commenting on skepticism, but on making accusations of
lying without evidence.

