Hacker News new | past | comments | ask | show | jobs | submit login

People with technical knowledge at this point shouldn't doubt this perspective anymore. No evidence of wrong doing was published, and the claim of the possibility of the Chinese government making Huawei do their bidding at some point, is no different from what other governments have been doing, including the U.S. (and getting caught in the wrong doing).

There's no shame in the hypocresy. It's a blatant attempt to damage Huawei.

I have no sympathy for what the Chinese government does to subdue everyone under their power, but the Americans seem to have been historically better at playing the victim and getting away with it while still managing to curtail on others.

I don't disagree with the general realpolitik you describe, but it's not clear that damaging Huawei isn't damaging the USA as well. American companies supply Huawei, and their business is being harmed; and American consumers buy Huawei equipment -- if Huawei is excluded from the US market then presumably that may have an inflationary impact on substitutes, so American consumers will be paying more for certain goods.

Wouldn't this also have been considered as part of the decision to ban Huawei? And yet the administration proceeded anyway.

That doesn't make sense to me. Especially given the GHCQ's break down of Huawei gear finding that Huawei can't even do version control right (they had revisions of firmware with the same version id for the same hardware with different build characteristics), and magically reintroducing vulnerabilities from 2006. Personally I feel that Huawei gear would be ripe for exploitation and then misdirection.

I don't get why people are so hung up on proof though. There doesn't have to be proof. No one who I've talked to in the networking industry cares about proof (this includes myself). Hell China already bans companies at will. The only thing that matters is enough of a non-zero chance of Huawei releasing malicious firmware updates to select targets in the future. Judging by their inability to have firmware revisions that completely match in functionality who knows if they're already doing so at a smaller scale.

> I don't get why people are so hung up on proof though.

The reason you look for proof is not that it gives you 100% security. It is the process of finding proof that helps us understand how secure a product is and what vulnerabilities need to be addressed. GHCQ's through examination of Huawei devices found problems with version control, and Huawei promised to fix those problems. This is how security could improve.

I think you also vastly underestimated how difficult it is to do version control for hardware due to extremely complex supply chain. If you examine products from any other brand, the situation is likely to be worse. I'm not suggesting Huawei's problems are acceptable. However, it is a misguided approach to decide which products are secure purely based on national origin rather technical merits.

I don't think anything ever gives 100% security. I was simply talking about people thinking proof is needed for justification of the ban.

Anyone using factory shipped firmware for the entire life cycle of a device is negligent. I don't think I've had firmware functionality mismatches with Cisco/Juniper/Arista/etc gear especially since we track hashes and store images locally.

You don't simply leave a gate open because the attacker can scale the walls. I don't see any reason to make it easier for the Chinese government to implant itself in our networking infrastructure. Being able to directly provide and modify Huawei's firmware sans resistance allows them far greater flexibility than what they would have attempting to compromise <insert_us_vendor>'s development resources (not that it's impossible, not even remotely saying that).

These also sound like the sort of problems that could be solved without a global sales ban, people seem to really like the Hand of the Market for stuff like this when it's not down nationalist lines.

This isn't why they were banned. They were banned for conducting corrupt espionage, violating the Iran sanctions, and lying about it to federal authorities.

I don't think GCHQ is a reliable source, but from what they have reported here, they paint a very realistic picture on your average tech company.

I don't like the idea of having important infrastructure like this in the hands of any foreign manufacturer. Not while there is indeed evidence that government try to enforce backdoors in tech equipment.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact