back to article When it comes to 5G kit security, you can go your Huawei, EU tells member nations

The European Union says it has a plan for securing its 5G networks – and no, it doesn't necessarily involve forbidding the use of Huawei kit, US-style. On Tuesday, the European Commission delivered a set of rules that will allow individual member nations to carry out their own risk assessment of third-party suppliers' 5G kit. …

  1. Duncan Macdonald

    Risk

    Use Huawei and there is a small possibility of Chinese espionage or use Cisco etc and have a high probability of American espionage.

    At the moment Huawei seems the better choice (especially as it is cheaper than equivalent kit from the USA).

    1. Charlie Clark Silver badge

      Re: Risk

      It's not as if European networks aren't already full of Huawei kit, so this would be a case of trying to lock the stable door after the horse has bolted. 5G brings nothing to the table that isn't already on it, it's mainly scale and speed.

      The whole thing has been cooked up as part of Trump's hamfisted trade negotiations with China: an attempt to apply pressure by freezing Huawei out of the market. Any security considerations would be better handled as part of the standardisation process and through testing and verification programmes such as several EU countries already run. Seeing as US companies have largely avoided investing in the development of cellular technology (Qualcomm is an also ran) there is no real way of avoiding Chinese kit, especially when so much of US kit is actually made there.

    2. Anonymous Coward
      Anonymous Coward

      Re: Risk

      No

      For Western countries, use Huawei kit and you may find that in times of conflict your critical telecoms infrastructure is unsupportable. Use Ericsson or Nokia/Siemens and you will probably be fine, but you have to wait.

      In all likelihood, all three vendors will use Cisco products for the same functions. Or maybe Juniper instead. Huawei may even have an equivalent solution to meet CALEA requirements, but I'm not familiar enough with their kit.

      You're confusing made up concerns (Huawei doesn't permit lawful intercept or provides a tap for China into existing telco environments beyond adhoc troubleshooting in conjunction with the telcos) with legitimate concerns (China as a potential threat in a cold/hot war scenario).

      1. K

        Re: Risk

        Get educated.... seriously, take 90 minutes out of your life and watch the "The coming war on China" documentary, don't judge the title, it's not some crackpot 3rd rate conspiracy theory video. It is written and narrated by John Pilger (a BAFTA winning journalist). Trust me, it will open your eyes..

        Here's it's even available, online:

        https://vimeo.com/277068625

  2. K
    Big Brother

    Well done EU..

    The USA are scared sh*tless about the economic scales tipping against them, the monolithic tech industry has gotten fat on double and triple digit margins, and they no longer like to compete, they're literally hooked on easy money. In addition, they're scared Chinese companies have got the drop on 5G and will corner their traditional "western" markets, such as most of EMEA, Australia and New Zealand... how do they prevent this happening? They play dirty, by crying wolf and threatening their "friends".

    Don't get me wrong, China is not a toothless and innocent party when it comes to spying, but given the tactics we've seen from both US and British politicians (even in recent months, just concerning this issue) - I'd trust them about as much as a cornered snake, and would consider the chinese the least offensive option!

    1. Anonymous Coward
      Anonymous Coward

      Re: Well done EU..

      "China is not a toothless and innocent party when it comes to spying"

      With the level of activity seen from MSS, PLA and APT groups, they cover off well over 50% of the total volume of hacks and exploits seen globally at present.

      Very much not toothless...

      1. K

        Re: Well done EU..

        As I said, they're not toothless... but I bet those figures fails to includeany attacks attributed to western intelligence (or very little), yet we know with the Snowdon leaks, the NSA and GCHQ are prolific and do taps etc on an industrial scale!

  3. sanmigueelbeer
    Joke

    Earlier this year, US Secretary of State Mike Pompeo suggested that Washington may even opt to withhold sensitive intelligence information from allies that use Huawei gear.

    No soup for you!

    1. MrDamage

      WAAAAAAH! I'm taking my bat and ball and going home! WAAAAH!

  4. ratfox
    Paris Hilton

    What has happened to the big story published by Bloomberg, claiming that a Chinese origin manufacturer was baking backdoors for the Chinese government directly into their motherboard, which was supposedly confirmed by three-letters agencies... And nobody was ever able to find anything?

    Fake news indeed, Mr Trump?

    1. Anonymous Coward
      Anonymous Coward

      Everyone hung Bloomberg out to dry by denying it.

      Whether it was a real story, a hoax on Bloomberg or a misunderstanding that everyone wanted buried is unclear at present. Given how "secure" Intel ME stuff is, it could have even been that...

  5. Flak
    Big Brother

    Pot - Kettle - Black

    Need I say more?

    1. ivan5

      Re: Pot - Kettle - Black

      Yes, and prove it.

  6. Anonymous Coward
    Anonymous Coward

    Yes but no

    Afraid to say that the internal security assessments of Huawei are scathing to say the least.

    The EU doesn't want to offend China, neither do governments.

    But the message from every single one of their security establishments is crystal clear:

    A) China is increasingly seen as an overtly hostile country

    B) They have a security apparatus that is mature and sophisticated, with very long reach into its own corporations as well as into foreign espionage

    C) The task of espionage falls to MSS, PLA and APT groups, so companies like Huawei can put their hand on their heart and say that they don't spy

    D) The problem with Huawei is the link between government and business there, and telecommunications is named explicitly as one of the 10 industries they want to dominate under MIC2025

    E) The ability to compromise Huawei gear is very well established - you are only ever one software upgrade/patch away from a fully compromised telecommunications network

    F) Kill switches are almost guaranteed to be hidden in their equipment - they are totally undetectable. Read this: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf?token=N4pJSSoqL4kE4V4JXpTwx7qDRX4%3D

    That is not a theoretical threat, it is real.

    G) All telecommunications equipment must be treated as hackable - the claims of Huawei to have better standards of security than either Ericsson or Nokia are risible - CVEdetails.com contains raw numbers of exploits found in each vendors equipment. Huawei 507, Ericsson 5, Nokia 37.

    H) Neither Ericsson or Nokia are subject to the same nation state vulnerabilities that Huawei has.

    Now ask yourself, that cheap Huawei equipment - still want it?

    1. Roland6 Silver badge

      Re: Yes but no

      >E) The ability to compromise Huawei gear is very well established - you are only ever one software upgrade/patch away from a fully compromised telecommunications network

      But isn't that the case with all IT? Look at ASUS's current troubles, look back at some of Microsoft's major updates to Win10...

      In some respects that has been recognised in the security accreditations for many years: you install the OS, you lock it down according to the rules and then only apply updates that have been through the relevant security clearance path/tests.

    2. William Old

      Re: Yes - and another thing...

      Whilst Huawei's focus on business is understandable, it's also worth bearing in mind that it doesn't provide any end-user support whatsoever (in the UK, at least). I bought one of their 4G routers and wanted to check that it had the latest firmware: bearing in mind the obvious risks of obtaining firmware from anywhere but the manufacturer (ironic, I know, given the thrust of this thread!!) I contacted Huawei UK.

      Surprise, surprise!! Their customer support (Ha!) advised me that "we do not offer firmware for download on our website and any third party websites offering these firmwares actually void the warranty of your device if they are installed".

      In short, "You are f*cked if you need firmware for any reason" - which ties in with the vulnerability count listed above.

    3. MrDamage

      Re: Yes but no

      Nice FUD. Lets spin it around shall we?

      A) The US has a history of violently playing in other peoples back yards, without permission.This whole global islamic terrorism is a direct result of US policies fucking around in the middle east.

      B) So does the US, especially with the NSA capturing goods in transit, and modifying them with backdoors.

      C) Cisco can do the same thing, even though they knew their deliveries were intercepted, they can claim "but we didn't know they were tampered with"

      D) The US views its domestic, foreign, military, and financial policies as all intertwined. If it's financial policy is strained, it has no qualms about making up excuses to violently invade sovereign nations for oil.

      E) Given the extremely high frequencies of "whoops, here's another hole we forgot to close" patches from Cisco, I'd be trusting Huawei more.

      F) Undetectable kill switches. Like religion, you can make the claim, but once asked for proof, "it's undetectable, so I cant prove it. you just have to trust me that it has happened." Again, given Cisco's relationship with the NSA, I'd still trust Huawei more.

      G) Yes, all comms equipment. Including the stuff made in America, which this whole Huawei being spies bullshit is about. Trying to force the world into buying sub-standard gear frim the US, based on US fear-mongering.

      H) As C pointed out, it doesn't have to be subject to nation state vulnerabilities. The Intelligence sources simply have to intercept the shipment, replace/modify the goods, and continue the shipment. Gag orders guarantee that the company in question has to simply say "there was a delay in transit, it will be with you shortly".

      So all this FUD you are flinging about, is simply that. Huawei's track record is far better than Cisco's and the NSA.

      Ask yourself this question. Why would you actually trust an ally who has been caught out actively spying on you, whose leader can barely string a rational thought together, and is governed by religious fruitcakes?

    4. K

      Re: Yes but no

      Lets see... who the biggest threat to who. China to America? Or America to China?

      Let me paint you a picture:

      https://pbs.twimg.com/media/DvZlf2PUwAAiOKN.jpg

  7. Jimmy2Cows Silver badge

    EU skirting the 'issue'...?

    If there really is an 'issue' as our American friends say - and that's yet to be proven - EU seems to be skirting the issue of approving/banning outright and passing that buck to individual member states.

    Or, to put it slightly more bluntly, EU doesn't want to piss of China and can point to this saying "we didn't say to ban Huawei", but is happy for individual member states to piss off China and face their ire.

    Just my tuppence worth. For whatever that's worth. Probably nothing.

    1. Julian Garrett

      Re: EU skirting the 'issue'...?

      It is hardly "Yet to be proven".

      Have a look at the post above - always only 1 software patch away from a cracked system.

    2. Fruit and Nutcase Silver badge
      Coat

      Re: EU skirting the 'issue'...?

      Who are we to judge says EU

  8. DenTheMan

    Bottom line ...

    Is the billions it costs to buy a US infestation rather than a Chinese infestation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like