"Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts."
Exactly my thought. US gov't even outsources to private contractors that then subcontract and outsource to China for electronic components including chips that can easily end up in our DOD systems. I wonder if this is more of a money or market thing being pushed by the Existing Oligopoly?
What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".
That's easy. And moreover, its a bigger threat. With a Huawei phone, the Chinese government has control over everything from the processor to the userspace software. With a small piece of silicon in a fab, the threat surface is much smaller; they'd have to sneak it in against Apple's will, past all of Apple's American-loyal QA.
In the software world, we tend to think about security as an absolute, because computer logic is absolute. In the real world, security is probabilities. How can you minimize the chance of breach while minimizing costs.
>What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".
If the 'threat' was real, that makes as much sense as hardening one door in your house, when you have 4 other doors because "you can't protect against every threat model".
No. It makes as much sense as securing the 4 doors because that's a relatively cost efficient way to implement basic security. But let's avoid strengthening all the walls with a titanium alloy to protect us when the threat brings a bulldozer to get in. That's expensive.
Asking Apple to manufacturer their phones outside of the US is a highly expensive action.
And the pictures of NSA employees opening parcels to modify the hardware before it gets shipped to certain targets immediatly comes to my mind.
That being said if you don’t control the software, modifying manually a handful of devices doesn’t scale. If you modify all of them the chance that you will be spotted is very high. If you control the software and it is encrypted / not readable, you can backdoor all devices of a whole country. So I can see how it is a step up in term of threat level.
Exactly my thought. US gov't even outsources to private contractors that then subcontract and outsource to China for electronic components including chips that can easily end up in our DOD systems. I wonder if this is more of a money or market thing being pushed by the Existing Oligopoly?
Something doesn't appear to add up completely?