Huawei To US Government: Please Investigate Us

from the nothing-to-hide dept

Interesting strategy from China's telco networking giant Huawei in dealing with security fears from the US government: it's asking the US government to do a full investigation of the company to satisfy itself that there's nothing questionable going on. Obviously part of the idea is a PR move, to show that the company has nothing to hide, but it's pretty rare to see a company so openly ask a government to investigate it. I guess it's Huawei's attempt to call the US government's grandstanding bluff.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    TechnoMage (profile), Feb 24th, 2011 @ 10:59pm

    US: "We don't trust that you aren't installing backdoor access into your hardware that you are selling us."

    China: "Trust us!!"

    US:(in an uncommonly wise decision)"Umm... No... We asked security people and they ALL said it was a bad idea."

    China:"Then come check us out... see how we don't do anything bad"

    China to themselves:"Thats right... check us out once... and approve our hardware for your system critical infrastructure... which the Internet has now become.. then we'll insert backdoors into hardware we sell you later that we can use to spy, sabotage, etc. on you..."

    As an aside... All they would have to do is use DRM techniques to hide "code"(instructions, but ehh...) in the hardware, and then have it start 'calling home' in 2 years. Not to equate all DRM with "Evil" China... But still imagine a hardware version of the Sony Root-kit on all the networkings switches installed at banks... or power pants...

    Where your hardware is manufactured is an important issue. iPhones are only made in China... They are not approved by DoD use.. but Android phones are... Ever wonder why?

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    TechnoMage (profile), Feb 24th, 2011 @ 11:02pm

    Re:

    "power pants"... interesting idea... but... "power plants"

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Christopher (profile), Feb 25th, 2011 @ 12:25am

    Re: Re:

    Do you really think that we wouldn't audit ALL of these things looking for backdoors?
    Hell, do you think that we don't do that with companies in the United States to make sure that there are not any backdoors?

    With all due respect, it seems that you are extremely distrustful of China without realizing that they ALREADY make many consumer-level computer goods that are used as military-grade at many places.

    China would NOT want the black eye from us finding out that they had put backdoors into the hardware and then have us remove all military hardware manufacturing from overseas and bring it back into the United States.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Jay (profile), Feb 25th, 2011 @ 12:53am

    Re: Re: Re:

    I don't think that's accurate...

    China is quickly becoming a superpower and it could be that this gesture is to lull the US somewhat.

    I'm not necessarily a conspiracy theorist, but I do have to wonder what they gain from this gesture. If the trust of the US to look the other way as China works to copy all of its technology for their own benefit is anything, I'd be very wary of something like this...

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    TechnoMage (profile), Feb 25th, 2011 @ 1:27am

    Re: Re: Re:

    I'll admit to not know a "ton" about EE, I know about CS (including computer architecture from CS perspective)

    but Let's examine the Pentium 1 CPU Some Facts
    - 273 pins
    - 3.1 million transistors

    Now, let's play a thought experiment...
    How many pins are active on the p1? lets say 145 pins(for the sake of nice numbers) that over half of the pins aren't used for logic , and that only 128 pins are used for any type of logic/flow control.

    Now.. It would take 2^(128) possible input combinations to test all possible inputs.

    Now.. Remember that ICs have memory in them... (let alone complex sequential logic sequential logic)

    Now.. 2^(128) different combinations to test... hmm sounds like cryptographically secure to me

    Now.. You have to try hundreds.. if not thousands.. of tests for each possible combination of each of these 2^(128) possible inputs...

    I'm not sure this is the way to try and test this... (Especially if they put DRM in the chip to stop you from figuring this out, which would mean you are trying to break copyright...{yeah yeah... gov't can do that, but you get my point})

    If you know how to do this, in some kinda of way that isn't exponential time... Then please let me know. Normal means to test for fault tolerances in IC isn't going to work b/c we aren't looking for "bad" data, where we know how the chip is designed, we are looking for backdoor access... which can be deeply buried in non-obvious logic areas.

    OHHH and do this for every chip on every device every time you buy a device.
    Perhaps I'm completely wrong... and the idea that "DRM"-like hardware being inserted into ICs but I don't think so.

    I have friends who live in China, I am not attacking China, hence the "evil" in my comment, sorry for omission of -sark-mark- *sigh...*

    And about the question of "Hell, do you think that we don't do that with companies in the United States to make sure that there are not any backdoors?" ... Um... Have we done this for MS Windows? Have we done this for... Sony Music CDs? Have we done this for...

    I somehow doubt that this is S.O.P. for electronics (NSA/DoD... MIGHT be the exception, but I doubt it)

    My original point was that we shouldn't trust production of system critical infrastructure to foreigners (no matter what country they come from). Due to it being too easy to inject some extra little "logic code" into ICs.(that doesn't even have to be on every device, one in a hundred is good enough for "bad" purposes)

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    DoxAvg, Feb 25th, 2011 @ 2:33am

    Re:

    Auditing is necessary but not sufficient if you have an adversarial vendor. Ken' Thompson's "On Trusting Trust" is the classic piece on the subject: http://oncampus.richmond.edu/~dszajda/classes/cs395_computer_security/papers/reflections_on_trusting _trust.pdf

    From a less theoretical point of view, check out the Underhanded C contest: http://underhanded.xcott.com/ It's a contest to demonstrate how you can write code that is _meant_ to be audited, yet still do the opposite of what it seems to do. I've been in the business for a while, and it still impressed the hell out of me.

    So - auditing can help, but it doesn't cut the muster. And, as has been pointed out, auditing today doesn't mean a lack of naughtiness tomorrow. Of course, sticking with US manufacturers doesn't mean that there aren't backdoors either...

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    The eejit (profile), Feb 25th, 2011 @ 3:35am

    Am I the only one who sees the irony in a Chinese company asking to be investigated by the US, given recent events?

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Chris in Utah (profile), Feb 25th, 2011 @ 3:46am

    Re: Re:

    New Mormon gear?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Feb 25th, 2011 @ 6:46am

    Re: Re: Re: Re:

    "China is quickly becoming a superpower"

    Yeah, if you don't know that they already are superpower, you're blind, or USian.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    xs (profile), Feb 25th, 2011 @ 7:13am

    Re:

    No. But I do find it ironic that politicians on one hand say Chinese firms are not to be trusted because there's this adversarial relationship between China and US, then turn around complain that China has put restrictions on US firms operating in China.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Travis, Feb 25th, 2011 @ 10:17am

    Re:

    Actually, you're wrong about the phones. The Army is set to approve the iPhone this month (may already have happened) for use with the Army level email systems. We have been told that Android likely won't be approved till May at the earliest. This is of course only valid for unclassified mail.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Feb 25th, 2011 @ 12:27pm

    China is the new Russia.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Feb 25th, 2011 @ 5:40pm

    Re:

    And the US is the new USSR, and the USSR is the new US; my, how the worm turns.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Qwerty Uio, Feb 26th, 2011 @ 12:25am

    Huawei lead are jerks

    Huawei should not be trusted, for many violations. First Huawei is not a public company because their finances are murky: they receive big gifts (~$10B) from the Chinese goverment to compete with oter telcos. This allows Huawei to buy market share by bidding below cost. These practices are ilegal but are not enforced. Second, Huawei copies everyting they consder will generate revenue.
    Since chinese govenrment gives a lot of money to Huawei, they dictate the Huawei strategy. This is of course to compete and take th eUS out of business, and in particular weaken Us military superiority by stressing the US economy by selling Huawei equipment in the US.
    Huawei does espionage, and they are hard to discover. They reverse engineer everything they can to compete.So why should US goverment trust them? There is no way we should. huawei treat its chinese employess in china like crap, so it is clearly doing business and keep cost low. However, chinese are very nationalistic andthey want to work for Huawei. Many Telco multinationals in china employ chinese engineers that then go to Huawei and transfer the intellectul property.
    Also consider that Huawei spend little money in R&D beacuse they copy everything. Under mandate form chinese goverment, Huawei wants to dominate the world by putting out of bussines Ericsson, NSN and Alcatel-Lucent using predatory practices. They are filfhy and do not deserve US goverment trust.
    In the long term it is foolinsh to let the chonese Telco equipment be sold to Verizon, AT&T an Sprint. If we have a war with China, our telecommunication infrastructure is completely compromized: wirless services (2/3/4G) and wireline services. Forget it, US carriers buying Huawei equipment is be a VERY stupid thing to do.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    bryan, Feb 26th, 2011 @ 10:01am

    huawei makes junk

    I am surprised that no one has brought up the fact that huawei builds total junk.

    I have worked for T-Mobile for 6 years and the huawei hardware has been the worst I have ever seen. Letting them build anything that is part of critical infrastructure is a HUGE mistake.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Matthew A. Sawtell (profile), Feb 28th, 2011 @ 10:05am

    Seen my share of "Quality Control Audits' over the years...

    When it comes to the subject, of "please audit us" - I tend to think about the myraid of ISO, QS, and other 'Quality Control' audits over the years I have worked. Frankly, Huawei is probably thinking this is going to be another 'Red Envelope' situation.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This