When it comes to 5G kit security, you can go your Huawei, EU tells member nations

Re: Risk

It's not as if European networks aren't already full of Huawei kit, so this would be a case of trying to lock the stable door after the horse has bolted. 5G brings nothing to the table that isn't already on it, it's mainly scale and speed.

The whole thing has been cooked up as part of Trump's hamfisted trade negotiations with China: an attempt to apply pressure by freezing Huawei out of the market. Any security considerations would be better handled as part of the standardisation process and through testing and verification programmes such as several EU countries already run. Seeing as US companies have largely avoided investing in the development of cellular technology (Qualcomm is an also ran) there is no real way of avoiding Chinese kit, especially when so much of US kit is actually made there.

Re: Risk

No

For Western countries, use Huawei kit and you may find that in times of conflict your critical telecoms infrastructure is unsupportable. Use Ericsson or Nokia/Siemens and you will probably be fine, but you have to wait.

In all likelihood, all three vendors will use Cisco products for the same functions. Or maybe Juniper instead. Huawei may even have an equivalent solution to meet CALEA requirements, but I'm not familiar enough with their kit.

You're confusing made up concerns (Huawei doesn't permit lawful intercept or provides a tap for China into existing telco environments beyond adhoc troubleshooting in conjunction with the telcos) with legitimate concerns (China as a potential threat in a cold/hot war scenario).

Re: Well done EU..

"China is not a toothless and innocent party when it comes to spying"

With the level of activity seen from MSS, PLA and APT groups, they cover off well over 50% of the total volume of hacks and exploits seen globally at present.

Very much not toothless...

WAAAAAAH! I'm taking my bat and ball and going home! WAAAAH!

Everyone hung Bloomberg out to dry by denying it.

Whether it was a real story, a hoax on Bloomberg or a misunderstanding that everyone wanted buried is unclear at present. Given how "secure" Intel ME stuff is, it could have even been that...

Re: Pot - Kettle - Black

Yes, and prove it.

Re: Yes but no

>E) The ability to compromise Huawei gear is very well established - you are only ever one software upgrade/patch away from a fully compromised telecommunications network

But isn't that the case with all IT? Look at ASUS's current troubles, look back at some of Microsoft's major updates to Win10...

In some respects that has been recognised in the security accreditations for many years: you install the OS, you lock it down according to the rules and then only apply updates that have been through the relevant security clearance path/tests.

Re: Yes - and another thing...

Whilst Huawei's focus on business is understandable, it's also worth bearing in mind that it doesn't provide any end-user support whatsoever (in the UK, at least). I bought one of their 4G routers and wanted to check that it had the latest firmware: bearing in mind the obvious risks of obtaining firmware from anywhere but the manufacturer (ironic, I know, given the thrust of this thread!!) I contacted Huawei UK.

Surprise, surprise!! Their customer support (Ha!) advised me that "we do not offer firmware for download on our website and any third party websites offering these firmwares actually void the warranty of your device if they are installed".

In short, "You are f*cked if you need firmware for any reason" - which ties in with the vulnerability count listed above.

Re: Yes but no

Nice FUD. Lets spin it around shall we?

A) The US has a history of violently playing in other peoples back yards, without permission.This whole global islamic terrorism is a direct result of US policies fucking around in the middle east.

B) So does the US, especially with the NSA capturing goods in transit, and modifying them with backdoors.

C) Cisco can do the same thing, even though they knew their deliveries were intercepted, they can claim "but we didn't know they were tampered with"

D) The US views its domestic, foreign, military, and financial policies as all intertwined. If it's financial policy is strained, it has no qualms about making up excuses to violently invade sovereign nations for oil.

E) Given the extremely high frequencies of "whoops, here's another hole we forgot to close" patches from Cisco, I'd be trusting Huawei more.

F) Undetectable kill switches. Like religion, you can make the claim, but once asked for proof, "it's undetectable, so I cant prove it. you just have to trust me that it has happened." Again, given Cisco's relationship with the NSA, I'd still trust Huawei more.

G) Yes, all comms equipment. Including the stuff made in America, which this whole Huawei being spies bullshit is about. Trying to force the world into buying sub-standard gear frim the US, based on US fear-mongering.

H) As C pointed out, it doesn't have to be subject to nation state vulnerabilities. The Intelligence sources simply have to intercept the shipment, replace/modify the goods, and continue the shipment. Gag orders guarantee that the company in question has to simply say "there was a delay in transit, it will be with you shortly".

So all this FUD you are flinging about, is simply that. Huawei's track record is far better than Cisco's and the NSA.

Ask yourself this question. Why would you actually trust an ally who has been caught out actively spying on you, whose leader can barely string a rational thought together, and is governed by religious fruitcakes?

Re: Yes but no

Lets see... who the biggest threat to who. China to America? Or America to China?

Let me paint you a picture:

https://pbs.twimg.com/media/DvZlf2PUwAAiOKN.jpg

Re: EU skirting the 'issue'...?

It is hardly "Yet to be proven".

Have a look at the post above - always only 1 software patch away from a cracked system.