we really should not be putting huawei kit into the backbone, there
might be backdoors where they can spy on our traffic


well, so much for that


I've always wondered about that....would you know that the Huawei is
leaking data?

A local clec here in Canada just teamed up with this company to
provide cell service to the north:



I've always wondered about that....would you know that the Huawei is
leaking data?

yes. they have a contract to leak it to the NSA


Do you think Huawei has a magic ability to transmit data without you noticing?

If you don't want to use Hauwei because they stole code or did other nasty things, I'm right there with you. If you believe a router can somehow magically duplicate info and transport it back to China (ignoring CT/CU's inability to have congestion free links), I think you are confused.

the puddle on the floor isn't a giveaway?

I always found it dubious that public sector can drop them from tender
citing publicly about spying, when AFAIK Huawei hasn't never actually been
to court about it much less found guilty of it.

It's convenient way to devaluate one competitor. I'm just not sure if it's
actually legal in $my_locale to invent reasons to exclude vendor in public
sector RFQs.

Le 13/06/2013 18:22, Randy Bush a �crit :

I've always wondered about that....would you know that the Huawei is
leaking data?

yes. they have a contract to leak it to the NSA



Yeah, I can't imagine there is any real magic there...mystical protocol not
seen over transport.

Er, um, there are more ways to spy than virtual wires back to the mothership...


That was exact statement from the DoD, prior to them finding out they had a bunch of Chinese fake gear with real back doors built in. I can appreciate a difference of opinion, but anyone would installs the PRC's cellular solution is a fool. Never mind security, they just simply don't work. There are several of those Chinese network equipment manufacturers.. Tegra comes to mind too..

As a footnote, the Iranian government would have thought you were bat shit crazy if you told them there was a secret set of programs running on their centrifuge SCADA network, which was completely true. You don't need to relay data out to cause harm or watch over something, you simply have to visit more. :wink:

This paper may be relevant to the topic at hand (h/t to Rob Slade):


  This paper is a short summary of the first real world detection
  of a backdoor in a military grade FPGA. Using an innovative
  patented technique we were able to detect and analyse in the
  first documented case of its kind, a backdoor inserted into the
  Actel/Microsemi ProASIC3 chips. The backdoor was found to exist
  on the silicon itself, it was not present in any firmware loaded
  onto the chip. Using Pipeline Emission Analysis (PEA), a
  technique pioneered by our sponsor, we were able to extract
  the secret key to activate the backdoor. This way an attacker
  can disable all the security on the chip, reprogram crypto and
  access keys, modify low-level silicon features, access unencrypted
  configuration bitstream or permanently damage the device. Clearly
  this means the device is wide open to intellectual property theft,
  fraud, re-programming as well as reverse engineering of the design
  which allows the introduction of a new backdoor or Trojan. Most
  concerning, it is not possible to patch the backdoor in chips
  already deployed, meaning those using this family of chips have
  to accept the fact it can be easily compromised or it will have
  to be physically replaced after a redesign of the silicon itself.

Unfortunately, it doesn't appear possible to download this paper without
signing up for scribd. Perhaps it's available elsewhere without such
onerous requirements.


Extraordinary claims require extra ordinary proof.


Compromised NICs can leak info through side channels (timing) but
it's too low bandwidth. For end user devices with backdoors
(remote vulnerabilities are like sloppy backdoors) you could
get away with 'it's just part of a botnet', perhaps.

Thanks for the pointers; most enlightening. (And I say that even
before coffee has taken full effect. I'll re-read once it has.)

However, and perhaps I should have explained this in my original message,
whether or not this was an oops! of leftover debugging, whether or not
the Chinese actually did this, whether or not the chip meets military
operational temperature requirements, etc., are all secondary to the
point I was (poorly) trying to make. Let me try again.

(1) There is often a presumption, when, let's say, a particularly
sophisticated piece of malware is analyzed, or a large botnet is detected,
or a security hole is uncovered in a piece of software, that it's the
worst one -- because it's the worst one *publicly known to date*.

But that's wishful thinking. There's probably a nastier piece of malware
out there. There's probably a larger botnet. There's probably a bigger
security hole in that piece of software. Whatever the severity
distribution of these is (and I don't think that's knowable) it would
be amazing if we just happened to hit on the one that's at the extreme
end of the curve.

Reality is usually not that convenient.

Thus however bad these things are, and we can certainly debate that (and
we have) (and we will), there's probably something worse that we're not
debating because we don't know about it.

(2) As Bruce Schneier has observed, attacks always get better. So even
if, against the odds, we happen to be lucky enough to be looking at
something that really, really is at the far end of the severity
distribution -- tomorrow there will be something worse.


And the scope can be pretty big... Oh, look! This VZW 4G hockey puck was
made by... ZTE. And it has a GPS receiver in it.

-- jra