Hamartia Antidote
ELITE MEMBER
- Nov 17, 2013
- 35,581
- 30
- Country
- Location
Things are getting real...
https://www.forbes.com/sites/zakdof...ial-backdoors-found-in-55-of-its-devices/amp/
When it comes to the provision of 5G equipment, Nokia and Ericsson are seen as the major beneficiaries of Huawei’s blacklisting by the U.S. government, just as Samsung and Apple should benefit on the smartphone front. Now Nokia has come out and applied further pressure to the underfire Shenzhen manufacturer, warning on the security risks with Huawei’s technology and slamming unfair Chinese business practices of the past.
“It’s fairness returning to the market,” Nokia’s chief technology officer Marcus Weldon told the BBC. ”We were disadvantaged in the past relative to the practices that the Chinese were allowed to have in terms of funding mechanisms.” In addition to alleged links to the Chinese state opening up security concerns, there have long been accusations of state subsidies, soft loans and access to large procurements in the home Chinese market for Huawei and stablemate ZTE.
On the security front, Weldon referred to analysis suggesting Huawei equipment was far more likely to have vulnerabilities than technology from Nokia or Ericsson. “We read those reports and we think okay, we’re doing a much better job than they are,” Weldon said, describing Huawei’s failings as serious and claiming Nokia’s alternatives to be a safer bet. “Some of it seems to be just sloppiness, honestly, that they haven’t patched things, they haven’t upgraded. But some of it is real obfuscation, where they make it look like they have the secure version when they don’t.”
A week ago, Bloomberg reported on the opportunity Huawei’s troubles represented for Nokia and Ericsson, writing that “publicly, executives from Nokia and Ericsson have been careful not to come off as critical of Huawei. Both manufacture in China and sell gear to Chinese phone carriers, and Nokia has a big research and development presence there.”
Clearly, that has now changed.
The comments from Nokia’s CTO came in light of research from Finite State, which published a scathing report claiming that “Huawei devices quantitatively pose a high risk to their users. In virtually all categories we examined, Huawei devices were found to be less secure than those from other vendors making similar devices.”
And this included the potential backdoors that lie at the heart of the U.S. government’s security case against the Chinese company. “Out of all the firmware images analyzed, 55% had at least one potential backdoor,” Finite State found. “These backdoor access vulnerabilities allow an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log into the device.”
“Overall, despite Huawei’s claims about prioritizing security, the security of their devices appears to lag behind the rest of the industry. Through analysis of firmware changes over time, this study shows that the security posture of these devices is not improving over time—and in at least one case we observed, it actually decreased. This weak security posture, coupled with a lack of improvement over time, obviously increases security risks associated with the use of Huawei devices.”
Responding to the report, a Huawei spokesperson said “we are currently not in a position to comment on the objectiveness and integrity of the report. Huawei welcomes any fact-based and well-intentioned suggestions that help ensure network stability. The more people who oversee and check Huawei’s products, the more likely we are to accurately identify potential issues, making our products more secure. Huawei takes cyber security very seriously and has made it our top priority.”
On the subject of potential backdoors, the spokesperson told me that “we have not and will never implant backdoors. In addition, we will never allow anyone to do so in our equipment. Cybersecurity is a technical issue that should be addressed through technical means. We will carefully analyze the report, and proactively and openly engage with the relevant parties regarding it. We welcome in-depth communication between Finite State and Huawei’s in-house security experts.”
Despite the U.S. blacklisting and continued security speculation, Huawei’s 5G business appears to be in strong shape. This week, the company claimed to be leading its rivals with more than 50 5G contracts secured outside of China and more than 150,000 base stations sold in the process—however, CNN has reportedthat Nokia is now winning more 5G customers than Huawei.
The Chinese company has also reported this week that sales of its flagship P30 smartphones hit 10 million units in 85 days, faster than the predecessor P20 managed and a quarterly sales record. Even so, the company has acknowledged that the U.S. action will wipe $30 billion from its revenue line in 2019, reversing a decade of uninterrupted growth.
Nokia’s CTO was commenting ahead of the U.K. battleground between Washington and Huawei reigniting once a new prime minister is installed next month. There is widespread speculation that the decision made by Theresa May to allow Huawei into parts of the U.K. network may be reversed to line up with the U.S. position.
“We need clear political leadership,” British MP Bob Seely said this week, ahead of the two candidates—Boris Johnson and Jeremy Hunt—being pressed on the issue. “I want the candidates to assert the importance of our own western values, the importance of open and free societies and to exclude Huawei.”
https://www.forbes.com/sites/zakdof...ial-backdoors-found-in-55-of-its-devices/amp/
When it comes to the provision of 5G equipment, Nokia and Ericsson are seen as the major beneficiaries of Huawei’s blacklisting by the U.S. government, just as Samsung and Apple should benefit on the smartphone front. Now Nokia has come out and applied further pressure to the underfire Shenzhen manufacturer, warning on the security risks with Huawei’s technology and slamming unfair Chinese business practices of the past.
“It’s fairness returning to the market,” Nokia’s chief technology officer Marcus Weldon told the BBC. ”We were disadvantaged in the past relative to the practices that the Chinese were allowed to have in terms of funding mechanisms.” In addition to alleged links to the Chinese state opening up security concerns, there have long been accusations of state subsidies, soft loans and access to large procurements in the home Chinese market for Huawei and stablemate ZTE.
On the security front, Weldon referred to analysis suggesting Huawei equipment was far more likely to have vulnerabilities than technology from Nokia or Ericsson. “We read those reports and we think okay, we’re doing a much better job than they are,” Weldon said, describing Huawei’s failings as serious and claiming Nokia’s alternatives to be a safer bet. “Some of it seems to be just sloppiness, honestly, that they haven’t patched things, they haven’t upgraded. But some of it is real obfuscation, where they make it look like they have the secure version when they don’t.”
A week ago, Bloomberg reported on the opportunity Huawei’s troubles represented for Nokia and Ericsson, writing that “publicly, executives from Nokia and Ericsson have been careful not to come off as critical of Huawei. Both manufacture in China and sell gear to Chinese phone carriers, and Nokia has a big research and development presence there.”
Clearly, that has now changed.
The comments from Nokia’s CTO came in light of research from Finite State, which published a scathing report claiming that “Huawei devices quantitatively pose a high risk to their users. In virtually all categories we examined, Huawei devices were found to be less secure than those from other vendors making similar devices.”
And this included the potential backdoors that lie at the heart of the U.S. government’s security case against the Chinese company. “Out of all the firmware images analyzed, 55% had at least one potential backdoor,” Finite State found. “These backdoor access vulnerabilities allow an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log into the device.”
“Overall, despite Huawei’s claims about prioritizing security, the security of their devices appears to lag behind the rest of the industry. Through analysis of firmware changes over time, this study shows that the security posture of these devices is not improving over time—and in at least one case we observed, it actually decreased. This weak security posture, coupled with a lack of improvement over time, obviously increases security risks associated with the use of Huawei devices.”
Responding to the report, a Huawei spokesperson said “we are currently not in a position to comment on the objectiveness and integrity of the report. Huawei welcomes any fact-based and well-intentioned suggestions that help ensure network stability. The more people who oversee and check Huawei’s products, the more likely we are to accurately identify potential issues, making our products more secure. Huawei takes cyber security very seriously and has made it our top priority.”
On the subject of potential backdoors, the spokesperson told me that “we have not and will never implant backdoors. In addition, we will never allow anyone to do so in our equipment. Cybersecurity is a technical issue that should be addressed through technical means. We will carefully analyze the report, and proactively and openly engage with the relevant parties regarding it. We welcome in-depth communication between Finite State and Huawei’s in-house security experts.”
Despite the U.S. blacklisting and continued security speculation, Huawei’s 5G business appears to be in strong shape. This week, the company claimed to be leading its rivals with more than 50 5G contracts secured outside of China and more than 150,000 base stations sold in the process—however, CNN has reportedthat Nokia is now winning more 5G customers than Huawei.
The Chinese company has also reported this week that sales of its flagship P30 smartphones hit 10 million units in 85 days, faster than the predecessor P20 managed and a quarterly sales record. Even so, the company has acknowledged that the U.S. action will wipe $30 billion from its revenue line in 2019, reversing a decade of uninterrupted growth.
Nokia’s CTO was commenting ahead of the U.K. battleground between Washington and Huawei reigniting once a new prime minister is installed next month. There is widespread speculation that the decision made by Theresa May to allow Huawei into parts of the U.K. network may be reversed to line up with the U.S. position.
“We need clear political leadership,” British MP Bob Seely said this week, ahead of the two candidates—Boris Johnson and Jeremy Hunt—being pressed on the issue. “I want the candidates to assert the importance of our own western values, the importance of open and free societies and to exclude Huawei.”
