I have to ask a dumb question here. Lets say that a piece of equipment was installed, with a secret backdoor chip to send data to another country. Surely the unexpected network flow would be detected outbound and investigated? I mean, if my firewall detects outbound traffic to weirdness.com, its going to stop it and alert, because weirdness is not in the predefined envelope of expected places to send things to.
Exfiltration can be masked in any channel with a signal. So the exfiltration can be hard to detect when it is only sending a bit every 23 minutes for example. Longer time is harder to trace. Think of very intelligent algorithms using multiple channels for exfiltration.
If it only sends a bit every 23 minutes, the bitrate will be so low that nothing of interest can be sent.
These sorts of vague accusations have been made against Huawei for several years now, but to date, no one has ever produced a shred of evidence that Huawei installs backdoors on its telecommunications equipment. Huawei devices are installed all over the place, and it's not as if there's been a lack of scrutiny. In the UK, Huawei even submitted to regular audits by British intelligence, and nothing was ever found. Every claim that's been made has turned out to be along the lines of, "We discovered that Huawei uses industry-standard tools to update firmware on its devices, and the network operators have the ability to oversee the updates."
The accusations are pure assertions, backed up by a general suspicion of everything Chinese. This really began with Trump, and it's been sad to watch Western countries fall ever deeper into paranoia and hatred towards China. It's Yellow Peril v2.0.
> The accusations are pure assertions, backed up by a general suspicion of everything Chinese.
> This really began with Trump, and it's been sad to watch Western countries fall ever deeper into paranoia and hatred towards China. It's Yellow Peril v2.0.
Canadians have been skeptical of Huawei since at least 2012.
I think it's a reasonable security posture to treat technology from a country you don't trust with suspicion. Especially when they have long history of hostile espionage.
If you don't want to use stuffs from a country you viewed as adversary in your infra, government, army etc. that's totally reasonable, but just man up and say that out loud. Having these vague accusations thrown around like "Huawei phone is spying on you, and so is other Chinese brands like Xiaomi, so don't use them" is honestly just insulting as a customer when there's not a single shred of concrete evidence that something nefarious is going on.
> you don't want to use stuffs from a country you viewed as adversary in your infra, government, army etc. that's totally reasonable, but just man up and say that out loud. Having these vague accusations thrown around like "Huawei phone is spying on you, and so is other Chinese brands like Xiaomi, so don't use them" is honestly just insulting as a customer when there's not a single shred of concrete evidence that something nefarious is going on.
People are saying both of those things, for the same reason. Do you not think that having unprecedented access to the data of civilians poses a risk to national security?
Modern technology (smart phones, apps, websites, etc.) collects a terrifying amount of information on people. It also exerts a tremendous amount of influence, be it Facebook or China.
I also think that writing off the concern as "vague accusations" misses the point. As the current top comment points out[0], it's nearly impossible to verify what a device is doing. And even if you were to somehow do a complete software audit, malicious behaviour could be patched in at any time in the future.
> I also think that writing off the concern as "vague accusations" misses the point. As the current top comment points out[0], it's nearly impossible to verify what a device is doing.
This is not an excuse to make accusations without any evidence. At some point, the people making these accusations have a responsibility to either show evidence for their claims or to stop making them.
Huawei chips are installed all over the place, and foreign governments (namely, the US and its allies) are intensely interested in what Huawei is doing. We even know from Snowden that the NSA hacked into Huawei's internal networks and read sensitive communications between executives.[1] If Huawei is actually surreptitiously intercepting and sending foreign communications back to China, there should be evidence of that. Just saying that anything is hypothetically possible doesn't cut it.
I feel I must be missing something big.