Hacker News new | past | comments | ask | show | jobs | submit login
Huawei Backdoors Explanation, Explained (erratasec.com)
73 points by known 8 months ago | hide | past | favorite | 19 comments

Not huawei but I have worked with networking gear from china and other countries (cloud scale) that has similar backdoors. Basically an account where a whitelisted ip can use to ssh to the device. It was basically a "support" account. If you have a critical problem you get on the phone with their engineers and have them help you troubleshoot with the backdoor access. Of course no one calls it a backdoor,more like a side door for support.

I suspect that's what they're talking about here. I also suspect a much more clever actual backdoor in their products. People think a backdoor is something that gives direct shell access,but in reality compromising data integrity or compromising something else so that the attacker can access it easily or a one way "back window" where the device or other devices are taken offline is also a "backdoor".

Huawei is distracting from concerns of actual backdoor. They can easily say "would you consider windows auto-updates a backdoor? How about windows remote assistance?" ,they're basically misdirecting to a defensible side door by calling it a backdoor.

Not to dimimish your main point, but I do actually consider Windows Update to have some similarities to a back door.

It was abused by Microsoft to push unwanted telemetry and advertisements to mostly unsuspecting users of Windows 7.

Sure, that does not diminish my main point at all. For public opinion "MS does it too" is enough of a defense.

Except all of Microsoft updates are meticulously reviewed by security teams around the world and would find any backdoors being installed, activated or manipulated.

Reply to the parent commenter. I never disputed that. But since you replied to me: MS never allowed external security teams to audit its auto-update infrastructure. Can they not deploy any software with auto update? Until recently,their crypto api had a bug (backdoor? Lol) that allowed forging signatures for auto updates...so.. I don't see your point. Much like huawei, the speculation is that these types of backdoors will be used in times of war or severe political tension.

US Government has audited Microsoft's infrastructure.

What’s the mechanism that prevents MS from serving malicious updates to a specific subset of users?

> I also suspect a much more clever actual backdoor in their products.

Not sure why they’d even need that, this stuff is buggy as shit as is.

Maybe I was expecting a technical overview or reverse engineering of how their backdoors work, but really the article was non-technical. If I understand correctly, it can be summarized as: The WSJ made a claim that Huawei was using a backdoor into a backdoor, so that Chinese intelligence would have access to their devices globally. However, the claims were unsubstantiated and attributed to anonymous U.S. officials. Then, Huawei made a video clarifying what backdoors are, stating that a "backdoor" which is used by law enforcement is really a "frontdoor".

I thought that blog post on explaining the explaining was very misleading, what am I missing? He or she says that if the us related leaker about Huawei was legit, they allow use of their name. But maybe it's a secret that say the us govt figured out that there really is a back door there? There is too much meta here. Yes, the us has been claiming that we can't trust Huawei. But keeping what the us knows unclear can be to our advantage.

I agree, I have no clue what point the author's trying to make here. After criticizing the WSJ's reporting and heavily implying it's reporting is inaccurate, even going so far as to suggest the WSJ article is unethically false and labeling it "fake news", the author then goes on to confirm the key accusations in the WSJ article but reframes them in a way that minimizes their significance. The author goes on to building a straw-man argument that all telco manufacturers/operators do similar things for law enforcement so we shouldn't be concerned about Huawei's practices but then goes through some mental gymnastics explaining China's authoritarian government surveillance and intel operations are sanctioned by Chinese law so Huawei aiding the Chinese government is no different than a US telco honoring a request from law enforcement. This article is disingenuous at best and comes off as blatant astroturfing. It's also interesting to note, the author mentions working directly with Huawei engineers in the article.

> I have no clue what point the author's trying to make here

You mean, you don't know the agenda. The "point" was data, namely: - the Washington game that leads to unreliable journalism - the fact that all Huawei's competitors have the same law enforcement backdoors, the same support contracts, and there's no evidence or even accusation that Huawei is doing anything different - my own personal experience watching Huawei support engineers using their "backdoor" "sidedoor" "frontdoor" access to gain intelligence information.

> implying it's reporting is inaccurate

Unreliable, not really inaccurate. It's clearly bad journalism violating clearly expressed ethical standards. That doesn't mean it's wrong, it doesn't mean the government official's accusations are false. It instead means that we can't rely upon them.

> straw-man argument that all telco manufacturers/operators do similar things for law enforcement so we shouldn't be concerned about Huawei's practices

I'm not sure you read the article. I make it clear that we should be concerned about Huawei even if their hardware, software, and support access are no different than any other vendors, because the Chinese government can lean on them in ways democratic governments cannot lean on their own vendors.

> comes off as blatant astroturfing

One of us does not understand "astroturfing". This is clearly an anti-Huawei piece that nonetheless tries to understand things from Huawei's point of view. I haven't worked with Huawei's engineers, I was working on a mobile companies systems when I saw Hauewei's support people log in via their VPN and gather national intelligence information.

The point is that everything can be true: Huawei can in fact be no different any competitor, doing at least as good a job preventing backdoors, and yet still be a national security threat due to backdoors. I believe it's good policy to forbid Huawei equipment in 5G deployments even if I doubt they have any special technical backdoors.

>"because the Chinese government can lean on them in ways democratic governments cannot lean on their own vendors." //

In comparison with USA this is where you lost me, aren't NSA's national security letters just as much a way for the government, or whoever has weight at the NSA, to access so-called front-doors? Depending how you define democratic the NSA can "lean on vendors in ways democratic governments cannot". And you intimate that access "from China" might equally be being done on behalf of USA's secret agencies.

That's fine if you trust USA, and it's leadership (covert and public).

To me, in the UK, when USA are saying "don't use Huawei" the reason that seems to be most likely is 1) financial, 2) because then we would potentially be subject to Huawei's backdoors instead of USA's backdoors. And as a citizen I'm pretty certain Five-Eyes/GCHQ have every tiny bit of meta-data about my tech use for the last year: so China can know who I call and when too, giving up that as well in exchange for reliable 5G seems like it's not really losing me much.

Seems in the UK we're more at risk from USA's financial meddling than from China's?

Yeah the article didn't really present anything very useful. What I took away from it was that the U.S. government claims of potential malicious backdoors in Huawei's devices are unproven, but plausible. I think we all were already thinking this though.

That assertion doesn't make sense to me either. If the intelligence was obtained via espionage, I don't think the individual or agency would be rushing to put their name on it. "Leaking" it accomplishes the political goal with less risk to personnel or methods.

If it was a secret then why would the US govt have the massive publicity and lobbying campaign centered around it.

Officials can and do cite intelligence without anonymity with some regularity.

These discrepancies are circumstancial evidence against the backdoor story being factual.

(Whose advantage do you mean?)

To be slightly snarky, Rob is arguing two points here:

* The WSJ allegations--that Huawei has allowed unauthorized use of its lawful intercept capabilities by Chinese intelligence--are anonymous and therefore unreliable.

* Rob personally knows (based on his own experience, omitting any details that would enable us to validate the story)that Huawei has allowed unauthorized use of its lawful intercept capabilities.

...er, what?

In a less contrarian framing, this could be rewritten as, "The WSJ article is accurate, and I'm even willing to put my name on the public record as having seen similar things."

It's fashionable these days to criticize anonymous sourcing--and, hey, I agree a reader should be cautious about such things--but this has to be the first time I've seen someone criticize an anonymously sourced article while explicitly validating its claims.

Don't care what they call it.

There is something very, very disturbing here, sort of like a "(legal) disturbance in the (legal) force", to join a Star Wars quote with Law...

Let me explain.

First, let me get across that I am neither for nor against Huawei, neither for nor against The Wall Street Journal, neither for nor against this article/video nor the claims made in it.

My first problem, if I have a problem, begins with human language...

You see, we can call something a "front door", we can call something a "back door". We can say that "front doors" are used lawfully, by law enforcement (or others), for the purpose of "lawful interception". And we can say that there are "back doors" (generally associated with illegal, unlawful activity -- but this may not be the case in all circumstances), and that there are "maintenance doors", that workers use.

But the problem is, this use of language dumbs down our conversation.

A simpler view of the universe would say that there are methods which can be used to access data, and that actors employing such methods are either authorized or not authorized.

In other words, you have "access method", and "authorized" or "unauthorized".

That's it.

Authorized is you have permission to use it.

Unauthorized is you don't.

That would be the simplest view of things.

But this is not what's disturbing...

You see, there's a fairly deep legal question in relation to this...

To understand it, let's suppose I was a manufacturer of network equipment. And let's suppose I was coerced by a government (U.S., Chinese, Other Government), by whatever means (legal, sanctions, threat of violence, threat of loss of commerce, ?) to add a backdoor/front-door/access method (call it what you will) to the network equipment, for this government's law enforcement community.


So now that backdoor/front-door/access method (again, call it what you will) -- is there and all.

Now, here's the legal question...

If it's there, by virtue of it being there, by virtue of the government actor knowing how to use it as a means of access, is the government (foreign or domestic) then legally authorized (do they have permission) to use it?


In other words, if I, as a network equipment producer, then sell my backdoored/front-doored/access method enabled product to a service provider -- do the legal rights for that backdoored/front-doored/access method -- go to the service provider, who must again explicitly grant them to the government (again, foreign or domestic) in order for them to use that backdoored/front-doored/access method, and still be authorized?

To make the story short, authorized access, (from a legal point of view), is not just one, but a series of contracts and contractual agreements (and the interpretation of those contracts!) made between many parties, including, but not limited to the manufacturer, the service provider, and the users to whom service is provided to.

In other words -- there's no easy answer!

The devil is in the details!

Even a Lawyer could not answer this question... it would have to be determined by the Courts, and then it could go many ways, depending on the number of actors involved, the contractual agreements between them, and the legal arguments raised...

We have FISA Court -- but even FISA is not a blanket authorization in the presence of other contracts! (FISA might be a blanket presumed authorization if no other contracts were present, but generally speaking, that won't be the case...)

In other words, two cases involving a lawful intercept from two different equipment manufacturers could go two seperate ways in the courts!

A legal mess, to be sure...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact