back to article Uncle Sam: Secretly spying on networks around the world without telling anyone, Huawei? But that's OUR job

An almighty row broke out on Tuesday over the cops-only backdoor Huawei builds into its cellular network products and who exactly can access it. The US government, via an anonymously sourced story in the Wall Street Journal, said this so-called "lawful interception interface" is baked into Huawei's cellular network gear, and …

  1. Anonymous Coward
    Anonymous Coward

    Vodafone. Ericsson. Greece.

    Three totally unrelated words. Can't even imagine how they could be relevant to this story.

  2. Anonymous Coward
    Facepalm

    Just to make sure I understand

    Huawei built their kit to comply with US laws requiring them to provide a backdoor to police for legal wiretaps.

    The US government supports the existence of this backdoor and all other competing kit also contains it.

    The US government argues that because Huawei followed the law it should be banned as a security risk.

    As Thomas Jefferson once said, “How much pain they have cost us, the evils which have never happened.”

    1. big_D Silver badge
      Facepalm

      Re: Just to make sure I understand

      If Huawei can access this portal on their kit, I would guess the operator of the kit is guilty of not changing the default password?

      1. Rich 2 Silver badge

        Re: Just to make sure I understand

        That was my thought. You would think that such a facility would be "handed over" to the actual operator

        Wouldn't you??

    2. Anonymous Coward
      Anonymous Coward

      Re: Just to make sure I understand

      I suspect the problem is that Huawei's interface cannot be directly controlled and therefore requires a warrent.

    3. Anonymous Coward
      Anonymous Coward

      Re: Just to make sure I understand

      Everything you say is correct, but *in addition*, there is “tromboning”.

      The US government maintain the right to have all communications of their own citizens while in other countries, re-routed all the way back to and from the US. This allows them to listen in on their own citizens abroad without having to ask the governments of those states for permission to access the (3GPP standardised) legal intercept interface.

      And if you are wondering how the hell the roamed-to network is supposed to verify your citizenship status......

      1. Barrie Shepherd

        Re: Just to make sure I understand

        "And if you are wondering how the hell the roamed-to network is supposed to verify your citizenship status......"

        Never Roam to another countries network, use a local SIM and a cheap local phone!

        1. Anonymous Coward
          Anonymous Coward

          Re: Just to make sure I understand

          Your precautions make zero difference.

          “local phone” is irrelevant because the phone identity (IMEI) isn’t used for much of anything by the Core Network, except a blacklisting check for stolen phones. Things depend on IMSI, which is carried on SIM.

          Local SIM is slightly relevant, but is only one of the checks. The main point is that most people have paid by card at some point - either contract, but even PAYG. The billing system knows your card number, and the first six digits of that identify the issuing bank and country. So that covers most people, unless you have a local bank account too.

          And finally, paying for a burner phone in cash or cash equivalent, simply guarantees your call and internet traffic being tromboned to the US, because the local telco can’t prove you’re *not* a US citizen.

          And why do other countries telco’s sign up to this crap? Because doing so is a condition of any US telco signing roaming and peering agreements with them.

      2. Anonymous Coward
        Anonymous Coward

        Re: Just to make sure I understand

        Of course, in certain countries, some very close to us indeed, the US simply plonks its interception apparatus in convenient places on that country's back bone and listen in to everything. Of course,if they spot something that might concern that home country, and it suits the US to do so, it may share that information.

  3. John Smith 19 Gold badge
    Gimp

    Indeed, how *dare* another country do what we want to do first

    Data fetishists got to fetishize.

  4. notathome

    Interesting this story comes out about US spying on allies etc

    https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

    meanwhile the bigger bling story is more backdoor found on Chinese kit - get the feeling we are being played here......

    1. Reg Reader 1

      Wow, thanks for sharing that. It was very interesting.

    2. codejunky Silver badge

      @notathome

      I dont have a subscription to read that but is it the same news as this one?-

      https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-cia-bnd-germany-intelligence-report

      1. Fred Flintstone Gold badge

        Re: @notathome

        Yes, it's the same story.

        In a nutshell: Swiss company Crypto AG wasn't as clean as Swiss manufactured gear normally is, it had been backdoored by the Americans.

        This is why you cannot trust gear whose manufacturer does not expose themselves to public testing and validation - which is what Huawei has done, but Cisco not. Hence the amused snorts heard from security specialists worldwide when US people declared Huawei to be unsafe and that the world should use US gear.

        Caveat: those evaluations have a limited lifespan, though, you're but one unevaluated update away from a backdoor and you only have to look at the entries for the obfuscated C contest to see what evaluators are up against. It's a job for people far more persistent than I will ever be :).

        1. Paul Hampson 1

          Re: @notathome

          Not only was the gear not as clean as it should be, the CIA and BND (German CIA if you like) Legally bought the company!!. The supposedly neutral Swiss crypto company was owned by the the CIA.

  5. Anonymous Coward
    Anonymous Coward

    Good Guys??

    This is OK:

    - https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-cia-bnd-germany-intelligence-report

    *

    But the same thing ALLEGED about Huawei is not OK. What am I missing here?

    *

    And then there's the fact that Cisco equipment runs the internet right now, and has done so for the last twenty years. I wonder if Cisco equipment might have some backdoors inserted at the behest of the US government. Surely not!!!!

    *

    Once again we are confronted by an amusing (?) paradox -- THERE ARE NO 'GOOD GUYS'.

    1. big_D Silver badge

      Re: Good Guys??

      Cisco has spent the last 2 years removing one backdoor after another from its code, after they had been "discovered" by security researchers and alleged internal audits.

      1. Bronek Kozicki
        Paris Hilton

        Re: Good Guys??

        Yup, and we are left to wonder how many are still left in place.

        A picture of a person trying to answer such a question ->

        1. Yes Me Silver badge

          Re: Good Guys??

          The ones legally required in the various countries where Cisco sells its kit are left in place.

    2. Anonymous Coward
      Anonymous Coward

      Re: Good Guys??

      There's really no need for Cisco to laboriously insert and manipulate backdoors when it comes to tapping into UK government business. At a higher point in the stack it's so much easier to search:

      $ dig +short mx digital.hmrc.gov.uk

      30 alt3.aspmx.l.google.com.

      30 alt4.aspmx.l.google.com.

      10 aspmx.l.google.com.

      20 alt1.aspmx.l.google.com.

      20 alt2.aspmx.l.google.com.

      That's just one bit. As you may recall, they also have their hands on your medical records via the NHS..

      1. Anonymous Coward
        Anonymous Coward

        Re: Good Guys??

        And all the data from the last census.

        1. Anonymous Coward
          Anonymous Coward

          Re: Good Guys??

          .. minus the religious bit, though - if they followed the rules like they should, Jedi Master would now be a religion. I'm hoping for a surge of Pastafarians for the next one.

          Honestly, they should. It would create all sorts of opportunities for fun, and God knows we need them.

  6. MacroRodent

    Standard feature

    As everyone in the industry knows, LI (lawful interception) is baked into telecom network equipment from ALL vendors. It is mandated by laws and specified in the standards.

    The reason law enforcement people worry about messaging apps with strong end-to-end encryption is that when it is used, standard LI is useless for snooping.

  7. Kevin McMurtrie Silver badge

    Big microSD cards are nice

    The map I'm looking at, the article I'm reading on Wikipedia, and the song I'm listening to are on a large microSD card. It's not that I'm planning anything bad, it's that government spy software shouldn't be trusted to interpret your actions if it's even half as bad as average software. I'm guessing it's much worse.

    I'd feel much better if these data taps were documented and had a mandatory alerting system to the carrier and an independent watchdog. It's the "secret" part that makes it so prone to abuse and access from unauthorized entities.

  8. Big_Boomer

    Methinks the US Government doth protest too much. Guilty conscience? They are right, the Chinese probably ARE doing exactly what the USA are also doing, to both their own people and to other countries, and so is everybody else with very few exceptions I imagine. If you want secret comms, then ENCRYPT. Otherwise they are all welcome to snoop on people watching cat videos and gossiping about who is ****ing who on Loser Island, cos nobody cares. We already live in a Big Brother society and it's gonna get worse before it gets better.

    1. Gonzo_the_Geek

      FTFY

      " it's gonna get worse before it gets better even worse."

    2. amanfromMars 1 Silver badge

      The FUD which just keeps on giving .....

      Howdy, Big_Boomer,

      Methinks the West is terrified that the East/the System is terrified that internetworking hackers and/or crack coders are doing what the Western System cannot do and has no effective viable attacking defence against.

      And that which cannot be done but which is considered vital and worthy of all manner of outrageous shenanigans, is Command and Control of Daily 0Day Narratives, for there are any number of them to constantly feed with Novel AI Needs and NEUKlearer HyperRadioProACTive IT Seeds for Lead ‽ .

      And shared as a exclamatory question because as a statement it would be somewhat presumptuous and too easily realised as a sad rad mad bad reflection on the current state of human intelligence ........ leaving it in greater danger of further exploitation?

  9. Barrie Shepherd

    LI In Europe - and most of the 3GPP world

    Dear US - Technical capability for Lawful Interception (LI) is standard on 3GPP network suppliers/operators regardless of race or skin colour.

    Over 70 American organisations are members of ETSI - which sets the Standards. Your country has had plenty of opportunity to influence how LI works and what safeguards need to be implemented, and no doubt did.

    Calling Huawei out for including a mandatory function in their equipment is very hypocritical. Perhaps you are too wrapped up in telephony history when LI capability was built into a "black box" sat in the corner of a telephone exchange - Now I guess you refer to it as a "yellow box".

    For those suffering from insomnia you can read all about it here https://www.etsi.org/committee/1403-li

  10. Frederic Bloggs
    Coat

    Hypocrisy?

    We've heard, no wait... Someone mentioned that word a while back on some PP presentation, I wanted to ask what it meant, but we ran out of time for questions. Is it about anything important?

  11. This post has been deleted by its author

  12. JohnFen

    The harder the US pushes on this

    The harder the US pushes on this, the more ridiculous it looks.

    1. DCFusor

      Re: The harder the US pushes on this

      Indeed.

      It seems the government can no long rely on _all_ of us being uninformed or unable to detect hypocrisy.

      Maybe this internet thing did do some good?

  13. chivo243 Silver badge
    Trollface

    Shutd up allrraaeady

    You're gonna ruin the snooping game for us all... I know you spy, I know I spy, let's not tell anybody else, savvy?

    Where's that traditional bomb icon with the fuse got off to?

  14. kernel_panic

    Not as easy as they make it sound now is it?

    People tend to forget that whomever wants to access the lawful intercept interfaces must go through often 2 or more firewalled networks meaning there are multiple barriers before you even get to an access prompt. All access is logged and kept in line with industry and regulatory certifications. If someone manages to crack all those failsafes and gain unauthorised access I'd like to hire that person thank you very much

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like