I haven't seen much about the 'hacks' taking place. Are investigators seeing actual backdoors? Or just poor code being exploited in the wild? If it's the latter then the US could be accused of the same with Cisco in the early 2000's as exposed by FX.
Full disclosure: I am a Huawei employee, take everthing I say with an appropriate amount of salt.
It would be suicidal for Huawei to ship any eqipment to Western carriers with actual backdoors. European governments usually require through audit of the code that runs their networks and vendors are required to have reproducable builds for the same. The UK government for instance has the Huawei Cyber Security Evaluation Centre[1] responsible for vetting the Huawei equipment that gets used by British carriers. Like TFA says, "The U.K. government said in July it found shortcomings in the process." They did't find any backdoors or any actual vunerebilities but did report "variable engineering quality". Like any large and complex codebase produced by thousands of engineers, parts of the code may be downright ugly but that does not make it malicious.
Anyways, the CSEC report did have its intended effect and now significant resources are being expended to refactor legacy code. Nothing motivates management like a possible loss of revenue from bad PR ;)
Then again the NSA hacked into Huawei HQ[2] so they might know something that others don't. Speaking of which, how is the search for WMDs in Iraq coming along?
I agree on the variable engineering quality; something endemic to any company with more than 1 engineer. It would also be important to consider a well placed bribe or spy could maliciously change code at multiple points in the process.
Largely the allegations against Huawei could be leveled against any company, thus it feels like a competitor has hired enough lobbyist firms in DC to create the FUD necessary to sanction specifically Huawei.
This is not the first time. Huawei was banned from supplying for India's National Broadband Network in 2012, and has again been banned from supplying for India's 5G revamp.
Not all employees would be in on the espionage attempts either. It'd have to be a very limited circle that knows about it.
That is bordering on fake news. Huawei was not part of the inital group of companies invited by DoT. I have no idea why Huawei was exculed earlier and then invited later.[1] Bu then again, that's Indian babudom for you.
> Not all employees would be in on the espionage attempts either. It'd have to be a very limited circle that knows about it.
My point was entirely about what would be in any company's rational self-interest and the findings of Western countries that evaluate Huawei equipment. Honestly, I wish the Indian governemnt would do something similar with all vendors.
I buy Huawei gear and dislike my government attempting to limit my free market choices. Cisco was (is) just as vulnerable, people just don't talk about it because they have so many lawyers. https://artkond.com/2017/04/10/cisco-catalyst-remote-code-ex...
Free market choices in this case have hidden costs. Huawei was selling hardware with user manuals from cisco because they were exact copies. When IP is stolen, countries lose incentive to invest in R&D. Note almost every major Bell-labs era research center has been shut down or dramatically weakend, the most recent being Dow/Dupont.
That is true and a good point. But when you think about it, with a large enough budget you could create hardware backdoors in microprocessors in the manufacturing plant without the chip designer ever knowing about it.
Then you're in a weird world, where a flagship smartphone has backdoors created by Samsung, Google, three different governments and the weird guy that worked with the chip design in team #7.
It interestingly starts off with a disclaimer about working for Huawei that could indicate that they're going to speak against their parent company, and then just defends them completely and says that because of the American/Iraqi WMD fiasco about 20 years ago their company is above-board (how this is related or provides some sort of defense is beyond me). It's certainly devoid of all of the criticism of Huawei and cherry-picks a single audit of their code.
Taken with an appropriate amount of salt indeed... a metric ton.
What's the difference? I'd imagine that any mediocre and above intelligence agency would be smart enough to make it look like the backdoor was "just a random bug".
If they are giving the bug the name "CN_rear_entrance" or anything like it, or talk about how it can be used in code comments, I would say they are a worse than mediocre intelligence agency.
