back to article German cybersecurity chief: Anyone have any evidence of Huawei naughtiness?

Germany's top cybersecurity official has said he hasn't seen any evidence for the espionage allegations against Huawei. Arne Schönbohm, president of the German Federal Office for Information Security (BSI), the nation's cyber-risk assessment agency in Bonn, told Der Spiegel that there is "currently no reliable evidence" of a …

  1. Will Godfrey Silver badge
    Big Brother

    Coming up next

    The US (and it's Australian satellite) ban all electronic goods from Germany in case they are compromised.

    1. Yet Another Anonymous coward Silver badge

      Re: Coming up next

      Don't the USA and Australia have laws requiring their electronics to be compromised and requiring people to lie about it ?

      1. Anonymous Coward
        Anonymous Coward

        Re: Coming up next

        and that is the sweet irony in all this.

  2. The Brave Sir Robin

    Maybe banned because there are no back-doors

    My suspicion is that Huawei kit is actually secure and there are no back-doors or spyware in it. No phoning home or anything dodgy going on at all. I strongly suspect they are banned in various countries precisely because of this. The governments on question can't spy on people using Huawei kit and thus don't want people using it. I'm more inclined to believe in Huawei's honesty over the US, Australian, UK and New Zealand governments any day.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe banned because there are no back-doors

      Exactly, the NSA have stolen their source code, and still can't provide any evidence, so that would indicate there is nothing going on. This does potentially point to the NSA not being able to breach the systems, and if that's the case, that would be great, but I don't think so, it is just probably just part of the anti-Chinese, make America great again industry rhetoric that is being thrown around by the white house.

      1. Michael Habel

        Re: Maybe banned because there are no back-doors

        Oh yes remind me again how much Berry's Admin just adored Huwaii again? I think some of you lefties have somehow lost sight of this. bit, hay #ORANGEMANBAD #AMIRIGHT ?!

        1. Hollerithevo

          Re: Maybe banned because there are no back-doors

          @Michael Habel

          Can you provide links to back up your claim, other than hashtags?

      2. Anonymous Coward
        Anonymous Coward

        Re: Maybe banned because there are no back-doors

        just part of the anti-Chinese, make America great again industry rhetoric that is being thrown around by the white house

        This seems to date back to before 2012, when a House of Representatives report alluded to the idea that Huawei were not to be trusted. That rather predates "make America great again" and mad nepotistic f*ckwits with tabby cat wigs.

    2. Youngone

      Re: Maybe banned because there are no back-doors

      I feel a bit sorry for my government (New Zealand) as our mobile network gear has been supplied by Huawei since at least 2006 (that I know of, maybe longer) without any problems but the policy changed recently so I'm assuming the US leaned on someone and nobody will ever find out, because "National Security".

      The problem being that China is our biggest trading partner, and will not be happy.

      The Chinese spy currently sitting in our Parliament will no doubt be reporting back too.

      1. Ken 16 Silver badge
        Paris Hilton

        Re: Maybe banned because there are no back-doors

        I thought he wasn't a spy, he was just a party member and PLA officer who trained spies?

    3. TReko Silver badge

      Re: Maybe banned because there are no back-doors

      The UK government actually runs something called the "Huawei Cyber Security Evaluation Centre".

      They've looked through all the source code and so far have found no back-doors, only bugs.

      You can even read Her Majesty's Government reports on it:

      https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/525761/huawei_cyber_security_evaluation_centre_oversight_board_2nd_annual_report_2016.pdf

    4. Anonymous Coward
      Anonymous Coward

      Re: Maybe banned because there are no back-doors

      It is likely to have MORE backdoors, not less. However, not all of these backdoors are there out of malice, a lot of them are out of stupidity.

      Based on interviewing a couple of people who wrote software for Huawei in their shop in Bangalore my take is that the attack surface in Huawei is gigantic - it is cannot be audited within a normal cost envelope (even with the billions they sponsor for "security centres").

      Disclaimer: my knowledge is indirect, derived from reading CVs and asking questions on an interview and applies only to their CPE devices. I cannot say anything about the big gear (the source for that does not really leave China).

      One of the CVs I reviewed at the time contained a description on re-implementing dnsmasq as a kernel module for "performance reasons". DNS and DHCP. In kernel. Written in Bangalore by a guy who did not properly understand the semantics of Linux kernel locking, network processing and memory allocation. Need I say more...

      1. Pier Reviewer

        Re: Maybe banned because there are no back-doors

        “...for "performance reasons". DNS and DHCP. In kernel.”

        Font parsing. In kernel. “For performance reasons”. Ring a bell? It’s not limited to Huawei. If you want to do something as fast as possible you have to avoid context switches. I’m not saying it’s sensible, but customers demand speed, and don’t say “security is paramount, fuck performance” so they get what they desire.

    5. wyatt

      Re: Maybe banned because there are no back-doors

      I made this comment as well, people thought I was bonkers but now they're starting to question the motives behind what's happening.

    6. Anonymous Coward
      Anonymous Coward

      Re: Maybe banned because there are no back-doors

      My suspicion is that Huawei kit is actually secure and there are no back-doors or spyware in it.

      I agree. I see strong similarities here with the allegations against Kaspersky which have always been suspiciously empty of actual evidence, and here too we are talking about a company that refuses to whitelist backdoors.

  3. Adam 1

    it's like RAAAAAIIINNN ....

    ... except actually ironic.

    One of the following statements explains why Huawei is banned from the Australian 5G networks. The other is part of the Assistance And Access Bill 2018 written by the same collection of muppets. To hold both positions simultaneously is an incredible feat of intellectual contortion. To holda straight face expousing it is nothing short of incredible.

    "the government considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference."

    "a notice may require a provider to facilitate access to information prior to or after an encryption method is employed"

    1. Michael H.F. Wilkinson Silver badge

      Re: it's like RAAAAAIIINNN ....

      Maybe these muppets are electronic monks, which can hold many contradictory beliefs without necessarily blowing a bank of illogic circuits

      Doffs hat to the late, great Douglas Adams

    2. David Nash
      Big Brother

      Re: it's like RAAAAAIIINNN ....

      It's perfectly consistent...they know that *they* require backdoors, so the assumption is that Huawei's Chinese governmental masters also require backdoors.

  4. Rustbucket

    What's the problem?

    Rather than spying I'd be concerned that the network hardware had a built-in kill switch, so in the event of a major hostility between China and the West, (and the rest) they could simply shut off your country's entire phone and internet system.

    Likewise when Huawei is providing the transmission gear at each end of your major submarine cable networks.

    As to reviewing the code in Huawei's equipment, I've previously read that a proper forensic review can take as much effort as it originally took to write the code. Remember that any malicious code is likely to be obfuscated to make it as difficult to spot as possible.

    1. Anonymous Coward
      Anonymous Coward

      Re: What's the problem?

      I understand you skepticism, however this is madness. Who should we trust now ?

      On one hand we have the Chinese who are doing their best to show they're doing nothing wrong and on the other, we have US and friends trying hard to hide their real motives.

      It is likely the whole world will split in two again like in the dark ages of world wide confrontations. Cold War 2.0 is booting in 3....2....1....

      1. Peter2 Silver badge

        Re: What's the problem?

        Even if you accept that a kill switch exists, in practice the chance of it being used is minimal. Think about it, if a kill switch did exist then what would happen if they used it?

        That would be the immediate end of ever selling any valuable bit of infrastructure from a Chinese company and everybody would be busy ripping out any and every bit of their equipment going.

        Ergo, if a kill switch did exist then it's use would be about as improbable as a nuclear weapon. Both are very powerful, but are in practice impossible to use without horrible retaliation. Hence (in my view) a kill switch would be pretty pointless.

        What would you want to do? Well, with a switch you'd probably want the ability to mirror port output and kick the output from the mirror to China, and with a mobile base station probably pretty similar, except with telephone calls. And self destruct that ability if it looks like you've been rumbled, leaving no sign that it existed. You wouldn't want a kill switch.

  5. Winkypop Silver badge
    Thumb Up

    Huawei the lads!

    No comment.

    I just wanted to use that title.

    1. Alister

      Re: Huawei the lads!

      For years I thought it was pronounced hoo-way, and it's only recently I've heard all the newscasters calling it wah-whey.

      I'm not sure which is closer to the Geordie...

      1. Anonymous Coward
        Anonymous Coward

        Re: Huawei the lads!

        I struggled to find a pronunciation until my mind added a question mark to give who-are-we?

    2. deadlockvictim

      Re: Huawei the lads!

      I came across once some lasses from Ireland who pronounced it, 'ho-a-ye' (as in 'how are you?') which I rather liked.

      1. Zog_but_not_the_first
        Trollface

        Re: Huawei the lads!

        @deadlockvictim

        Yes. Quite.

        Fnarr fnarr.

  6. John Smith 19 Gold badge
    Gimp

    Sooner or later people will have to choose. Systems no one can hack

    Or systems your government can hack. The dream of every data fetishist.

    And (once that is known) world + dog will be looking through their code for those deliberate holes to hack as well.

    The TLA's (and the political sock puppets de jour) will whine the usual 4 horsemen of the infocalypse BS.

    Rights. Everyone should have them and everyone's should be protected, even if you don't like them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sooner or later people will have to choose. Systems no one can hack

      Check "lawful intercept" - it's been a feature for listening in to voice/data communications since before I can remember (the 1970's for voice and maybe early 1990's for data?). The only things that potentially protected us at various times have been volumes of data involved and up-to-date cryptography at various times.

      Of course, this is only ever used with judicial oversight so we don't have to worry....

      1. Yes Me Silver badge
        Headmaster

        Re: Sooner or later people will have to choose. Systems no one can hack

        "lawful intercept" - it's been a feature for listening in to voice/data communications since before I can remember (the 1970's for voice and maybe early 1990's for data?)

        The 1970s? You're kidding. Phone tapping goes back to when the phone was invented, and the Brits were tapping international telegraph cables in the 19th century, and of course very famously during WW I. It's always been legal (because it wasn't illegal), even before those pesky warrants were necessary in some cases.

        I believe Queen Elizabeth I used to have her enemies' mail intercepted, quite lawfully.

  7. Anonymous Coward
    Anonymous Coward

    dominions, colonies, protectorates, mandates and other territories

    Five Eyes states Five Eyes states Five Eyes states Five Eyes states Five Eyes states

    the main problem with the five eyes management is that they were formed from steel in the heat of battle, excellent (NL) point of view here: https://electrospaces.blogspot.com/2016/11/data-sharing-systems-used-within-five.html

    text of BRUSA https://www.nsa.gov/news-features/declassified-documents/ukusa/assets/files/agreement_outline_5mar46.pdf (lots of British EMPIRE stuff!)

    CAN/AUS/NZ became tier-partners, after unbecoming Dominions of Empire, I suppose.

    but they 5-i still are on a 24/7/365.25 war footing, hence almost inevitably acting as an attractor to AC's above "cold-war2" meme. Recruit more women, talk to them over tea-break, train more PFY's for industry defence-in-depth against the РФ & CN - rotate them into critical infrastructure/banks/supermarkets, get some down-time, less of the antique EMPIRE & war mind-set, ta!

  8. Alister

    Typical Germans, asking for evidence. Evidence! I mean, come on.

    Don't they know rhetoric and false accusation is all you need nowadays?

    The UK government didn't mess about looking for evidence, did they? No, they did just what Uncle Sam said.

    1. amanfromMars 1 Silver badge

      The Greasy Pole that Leads All the Way to the Bottom and Nowhere Good and Everywhere Bad

      The abiding difficulty for SCADA Command and Control Systems, and you might like to realise that they be both practically and virtually the nature of all current elite executive power platforms and spoof generators, is that without the production and presentation of evidence which can be simply followed and easily understood is everything shared, either freely worldwide or privately in secret, is worthless and self-defeating/enlightening and subversive.

      It does have one pondering and wondering on the true state of human intelligence and the value to be put upon the services its present pedlars and pimps supply.

  9. sanmigueelbeer

    The Germans are terrified if they follow the Americans.

    Just a few weeks ago, BMW and Mercedes have released their sales report which reflects a drop in 30% sales in China, their largest market.

    If PRoC was capable of "arresting" two Canadians in retaliation, then what would happen if the Germans followed the Americans?

  10. Britt Johnston

    Sicherheit macht frei

    here two random statements, as text is required:

    Intelligence = Hackers sanctioned by a state administration

    Hackers = Intelligence not sanctioned by a state administration

    1. M7S

      Re: Sicherheit macht frei

      Hackers = Intelligence not sanctioned by YOUR state'S administration

      FTFY

  11. hairydog

    Seems to me that Huawei products upset the competition by outperforming other brands. So they seek to smear the brand in retaliation.

    It's not as if any other other major brands don't also have a hefty proportion of their innards made in China.

  12. Spanners
    Boffin

    Huawei - two syllables

    Syllable 1 - HWA

    Syllable 2 - WAY

    I note it is people from the USA and "ethnic English" people who have the most difficulty with the the first syllable.

    It is not - WA, HOOWA or even HEW. Just the H sound followed immediately by a WA sound.

    Of course if you speak Chinese as your first language without a western accent, feel free to correct this. If you have the RP speech impediment, maybe not.

    1. Anonymous Coward
      Anonymous Coward

      Re: Huawei - two syllables

      It doesn't matter. It really doesn't.

    2. Crisp

      Re: Huawei - two syllables

      I've been pronouncing it as "Steve".

      1. Anonymous Coward
        Anonymous Coward

        Re: Huawei - two syllables - I've been pronouncing it as "Steve".

        It was Bruce till the Australians rolled over for the NSA.

      2. Hollerithevo

        Re: Huawei - two syllables

        @Crisp.

        Clearly two syllables. Thus 'Stevie'.

    3. JohnFen

      Re: Huawei - two syllables

      I've had this explained a few times and have come to the conclusion that I'm inherently unable to pronounce it properly. I'll remember how to pronounce it for a while, then will forget and fall back to pronouncing it more or less like its spelled.

  13. Anonymous Coward
    Anonymous Coward

    I think they’d have a stronger argument using intellectual property theft. It’s probably been rewritten by now, but there were rumors of stolen Cisco code over a decade ago.

    IP theft is at least “real” and ongoing...

    I’d also like to see evidence of wrongdoing. I’m pretty numb to political rhetoric these days...

    1. Doctor Syntax Silver badge

      "there were rumors of stolen Cisco code over a decade ago."

      So maybe there is something in suspecions of back doors after all: https://www.theregister.co.uk/2015/09/15/compromised_cisco_routers/

  14. Anonymous Coward
    Anonymous Coward

    FTR it's not about security.

    Germany, if you're waiting for evidence, don't hold your breath.

    Your not part of 5 eyes and never will be. Thankfully.

  15. Doctor Syntax Silver badge

    Evidence-based policy; there's a novelty!

  16. Toilet Duk

    I'd rather have my phone report back to China than to the NSA and GCHQ, thanks.

  17. John Savard

    Evidence? You want evidence?

    There is no serious evidence that Huawei presents a threat?

    Huawei is physically located in the People's Republic of China. This country doesn't have an independent free press, free elections, and so on and so forth. Thus, being physically located in the People's Republic of China at the present time is evidence of a threat the same way being physically located in Germany during the 1933-1945 period is evidence of a threat. In both cases, the Government may do pretty much anything it likes, and demand anything it wants, from individuals on its territory.

    It's too late to close the barn door after the horse has left. One must eleminate all potential threats of a compromise to vital networks and systems. Of course, cell phones and communications equipment from Chinese-branded companies are not the only threat.

    Instead, anything (of a computerized nature) manufactured in mainland China, or containing any components from mainland China, is suspect. Which means every brand of cell phone, just about every consumer desktop or laptop that I've heard of. So from now on, we need to get our computer kit manufactured in places like Malaysia and Indonesia if we want relatively low costs. South Korea or Taiwan would be the next tier. Who knows, they might actually start making things in Japan or the United States again.

    1. Alister

      Re: Evidence? You want evidence?

      @John Savard

      I hope your tin-foil hat isn't made in China.

      You make McCarthyism look quite rational.

    2. Anonymous Coward
      Anonymous Coward

      Re: Evidence? You want evidence?

      That's not evidence of a threat, that's just evidence of a risk.

      Huawei sells more phones than Apple so when those phones start being made illegal, we can assume that some evidence will be presented to justify it. In the meantime, "trust us, we're the government" doesn't wash with most people as they have repeatedly proven how untrustworthy they are. And that they're not working for your benefit, but theirs.

      This whole issue is about whether western security services can compromise Huawei equipment, and legally eliminating non-US competition at a stroke. As a bonus, all the US lapdog countries will jostle with each other to do what Uncle Sam tells them.

    3. Doctor Syntax Silver badge

      Re: Evidence? You want evidence?

      "Of course, cell phones and communications equipment from Chinese-branded companies are not the only threat."

      Of course they aren't. There's equipment from the US (NSA) and the UK (GCHQ) to name but two others.

    4. mutin

      Re: Evidence? You want evidence?

      You are right. But people on this list have no clue about China, Russia, etc. They live by "all people united". Left or liberal, they follow the song "Imagine all the people...". Any company in China by definition, is under government control. If CH government wants Huawei to implant a back door, the company will.

      Guys, take some time to read about communist countries, USSR and China (which had been created by USSR direct help) history. China was 5000 years back an empire, and it is empire governed by modified communists. Entire world of capitalism helped to grow it to technically modern country. That changed nothing in CH junta mind set. They want to be #1 and control you guys. You think about US as it is "empire". Not really. Simply the US is the state trying to protect you from such things as 1,500.000.000 robots controlled by a dozen of maniacs.

      Fix you ignorance, read books (put down you mobile sucker for a couple of years) and you will find out that things as much much more complex than you can imagine. And travel to CH to see thing by yourself.

  18. webgubby

    Like The Power Point war

    I see a pattern here, like when Colin Powell gave a Power Point presentation in UN, showing how Iraq and Saddam Hussein produced Weapons of mass destruction in trucks, while those trucks where driving around in Iraq.

    This is to protect Cisco and NSA surveillance off those Cisco routers, sold to us.

  19. mutin

    components of critical infrustructure

    Technically speaking, Huawei equipment installed in a country Internet infrastructure seems as controlled by local specialists and not by guys from China. Not entirely correct. The update of Huawei equipment will come from China. It means UK guys wasting time checking the code. They are checking "public" version. An update to new "private" version may easy bring as many backdoors as China government wants.

    People who did not read about world and particular China history do not understand Chinese mind set. It was last 5000 years the country of slaves, I would use "robots" as it is much closer. It was always the upper not even class but a group of governing people. Not Emperor but his closest circle always ruled the country. Nothing changed. CH government while presenting as "modern communists" are actually the some junta as before. 5000 years back. And current purpose is to dominate the world. They have 1,500.000.000 people, they have a lot of cash, and they sent millions young people to study in the best Western universities. US universities of the best quality occupied by Chinese. The idea is very simple - we have money, we have #1 industry, we want to be the technical and thus real leader of the world. The problem still exists - by gens, Chinese guys cannot think free as Western race. China still needs inventions, trade secrets - in general - ideas. Millions of slaves can do manufacturing but cannot do ideas. So, millions youngsters in the US and other Western countries is the attempt to create a class of Western-thinking technology leaders.

    Until they overcome their nature, they will need backdoors and other hacks in Chine Made equipment.

  20. DerekCurrie
    Stop

    Deutsche Telekom: Naive

    The ransacking of the world by China: Criminal Nation has been documented since 1998, the year the Clinton Administration in the USA provided them with Most Favored Nation status. Due to the nature of China's totalitarian, 'communist' government, there is no creative incentive in China. Therefore, the incentive is to steal everything from those who are creative. To believe Huawei is somehow an exception to the criminal rule, especially considering its very direct ties with China's government, is outrageously naive.

    ...And the naive will reap the rewards of their foolishness. Do your research and you'll cure your naiveté.

    Meanwhile, bless those Chinese who dare to be creative, despite their nation's criminal incentive and mandate!

  21. Torchy

    Cisco Malware.

    Seems that Cisco have had malware installed on their systems by the CIA for years now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like