back to article Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone

A claimed deliberate spying "backdoor" in Huawei routers used in the core of Vodafone Italy's 3G network was, in fact, a Telnet-based remote debug interface. The Bloomberg financial newswire reported this morning that Vodafone had found "vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the …

  1. David Shaw

    bizness

    and (seriously) ten seconds ago Vodafone Italy just texted me an offer for a HUAWEI Mate 20 lite for 8 euros per month for 30 months.

    er... no thanks, it *might* have a backdoor

    1. Fred Flintstone Gold badge

      Re: bizness

      Hmm, interesting coincidence.

      I've been getting spam from what purported to be Vodafone Italy via email, but it has stopped now.

      To be honest, I'm rather disappointed - it would have been for more entertaining I had been spammed from that part of the world by Powergen.

      :)

    2. Anonymous Coward
      Anonymous Coward

      Re: bizness

      wow, Huawei refused to remove an industry standard interface that EVERY manufacturer has, and apparently Vodafone either refused to or are incapable of configuring a firewall to drop telnet packets on their own INTERNAL "secure" network....

      CALL THE PRESS, its a BACKDOOR for the communists!

      1. fajensen

        Re: bizness

        Not "apparently" the reality is that there are none capable at Skodaphone.

        See, Vodafone, like every other telecom provider in the western word, have over the last 15 years or so, cleverly gotten rid of everyone with any deeper technical knowledge and blown all the cost savings on executive compensation.

        Now, there is only their Chinese vendors (or perhaps the Russians) available for tech support and operation of their networks. Everyone else wants to be paid money and the money is not available because the CEO needs a new helicopter for the daily commute from his Scottish Castle.

  2. Doctor Syntax Silver badge

    If they'd said it should have had ssh instead of telnet they might have had a point.

    1. Anonymous Coward
      Anonymous Coward

      It probably did have SSH.

      And if telnet was enabled, it was likely* due to provisioning software not being happy with SSH rather than any problem with the SSH implementation.

      * assuming that the SSH implementation supported up-to-date ciphers etc. Not always a given in the networking world...

      1. crashhandle

        telnet is always up to date : its be around forever and not much has changed - to my mind that makes it a great tool for simple diagnostics in years to come.

    2. phuzz Silver badge

      In 2011 you could definitely still buy Cisco gear with telnet enabled by default. I've been trying to work out when they disabled it by default, but it's not easy to pin-point. I suspect they were still shipping some software with it enabled in 2016.

      1. Jellied Eel Silver badge

        Kraft terminals

        And if telnet was enabled, it was likely* due to provisioning software not being happy with SSH rather than any problem with the SSH implementation.

        Back in the good'ol days, 'carrier grade' or core kit always had a simple craft interface. Often a plain'ol VTY port where you could connect a simple VT-100 terminal and fix stuff. Then came MS and it's fun terminal emulation that didn't emulate useful stuff like sending a break.

        But serial ports have gone the way of the dodo, except for USB. Which means network types like me don't have to untangle rats nests of Cisco console cables any more. Challenge now is there's still a requirement for craft/emergency access, but it's gotten more complex. Simple to get bootloaders to write to a VTY during initialisation, not so simple to have to get SSH processes up and running before you can see boot errors.

        Otherwise it's one of those <shrug> moments. Telnet's simple, light weight and reliable. And also easy to protect given you can easily restrict who can telnet to a device. And I suspect that the reason it was there was because some large telco customer wanted telnet access given it's traditional role in O&M processes. Which may also explain why it wasn't documented for other customers.

        As a 'security vulnerability', it doesn't say much for previous security analysis of Huawei kit given port scanning may have detected it years ago. I'm guessing it's only now news because of the novel US approach to trade negotiations with China.

  3. GnuTzu
    Stop

    "We all want to see hard proof of espionage. This is absolutely not it"

    O.K. But, if it was intentional, you've just given them this option for future intentional back doors. See article on how stupidity is a legal defense in America: https://www.theregister.co.uk/2019/04/29/donald_trump_jr_cfaa/

    Maybe an investigation could could find that this was explicitly ordered. Oh wait, you want to get internal communications from a company in what country?

    Well, you can't reliably hold them to any meaningful standards, and you can't prove a negative, so even if the telnet backdoor was just a bonehead move, you'll never really know.

    1. walatam

      Re: "We all want to see hard proof of espionage. This is absolutely not it"

      I'm not sure if there is sarcasm in your comment but, on the off-chance you are being serious, please read the article where it explains, in the first sentence, that 'A claimed "backdoor" in Huawei routers used in the core of Vodafone Italy's 3G network was, in fact, a routine implementation of Telnet.'

      If we consider Telnet itself to be a backdoor then should we not just broaden the definition of a backdoor to anything that allows access to a resource on one system from any system?

      1. Arthur the cat Silver badge

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        If we consider Telnet itself to be a backdoor then should we not just broaden the definition of a backdoor to anything that allows access to a resource on one system from any system?

        Bloomberg next describes HTTP as a backdoor and sets fire to its own web servers "for security".

        1. A.P. Veening Silver badge

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          Bloomberg next describes HTTP as a backdoor and sets fire to its own web servers "for security".

          If only, but everybody knows Bloomberg uses Cisco exclusively and so is completely penetrated and controlled by NSA through the famous NSA backdoor.

      2. GnuTzu

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        @walatam, No, stupidity and the fundamental dishonesty that abounds--and is apparently rewarded (see referenced article)--has caused me to slip into a cynical skepticism so deep that I now start from the assumption that everything is a lie--and then try to work my way back to something resembling meaningful vigilance. But, maybe this is the way I'm supposed to be working in InfoSec. O.K. I admit to a bit of sarcasm, and maybe I should worry that I'm coming to enjoy it way too much.

        1. Anonymous Coward
          Anonymous Coward

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          IMHO, if you're not paranoid (to a manageable level, mind) and not equipped with a deeply dark and twisted sense of humour, your future lies not in security.

          Nor in sysadmin roles :).

          1. Michael H.F. Wilkinson Silver badge
            Happy

            Re: "We all want to see hard proof of espionage. This is absolutely not it"

            Is that you, Simon?

            1. Anonymous Coward
              Anonymous Coward

              Re: "We all want to see hard proof of espionage. This is absolutely not it"

              Is that you, Simon?

              No, but it's not the first time I have been asked that question, for which I thank you.

              I just appear to have a similarly twisted mind and an equivalent malevolent sense of humour..

              :)

          2. I ain't Spartacus Gold badge

            Re: "We all want to see hard proof of espionage. This is absolutely not it"

            Who says I'm paranoid?!?!

            1. MrDamage Silver badge

              Re: "We all want to see hard proof of espionage. This is absolutely not it"

              The people who have it in for you.

            2. AmenFromMars

              Re: "We all want to see hard proof of espionage. This is absolutely not it"

              I'm not paranoid but that bloke following me is.

        2. tip pc Silver badge

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          @GnuTzu

          You work in Infosec and don’t know what telnet is?

          That’s quite worrying.

          1. Anonymous Coward
            Anonymous Coward

            Re: "We all want to see hard proof of espionage. This is absolutely not it"

            Not *that* surprising, the new generation has not seen it because the service has thankfully been removed from most system defaults.

            Only the clients remain, and that is sometimes handy - if you haven't poked at port 25 via a terminal server you haven't dealt with email properly yet :)

            1. Tom Paine

              Re: "We all want to see hard proof of espionage. This is absolutely not it"

              There are a lot more people working in sprawling organisations stuffed with 30 years of accumulated legacy technology than are working in shiny-shiny startups with the latest and greatest post-agile serverless cloud everything.

              1. Anonymous Coward
                Anonymous Coward

                Re: "We all want to see hard proof of espionage. This is absolutely not it"

                .. and to be honest, it's more fun. At least to me it is.

                I like the challenge of integrating all these different systems and platforms, which basically is what the Internet originally did. Have an iPhone access a PDP-11? Weird as it may be, it is quite possible that someone has done it, just because he could.

                Yes, at some point you have to modernise because maintaining the join is also expensive and it may simply be more cost effective to rip & replace, but that just gets you new things to glue together :).

      3. Tom Paine

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        "bugdoors". Heard of them?

        Huawei already has plausible deniability, of course, due to their famously terrible software development processes and standards, and apparenlty non-existent pre-release security testing.

    2. Anonymous Coward
      Anonymous Coward

      Re: "We all want to see hard proof of espionage. This is absolutely not it"

      My dear boy, by that standard you could claim most things carry government mandated backdoors. It would certainly rule out Windows for commercial use, but that's an old debate.

      By way of illustration, when I was running security audits, running a process map from a command line would be the first thing I did, and I cannot tell you just how many organisations were running off a stock install of Solaris which enables all those fun services by default.

      I even took apart some stock exchanges in SouthEast Asia that had this up by default, and thankfully they had firewalls in front of it so I could help them save face and focus on improving things instead - safe defaults is only really a recent thing (well, ~ish, I'd say after Y2K things started to move to more sane defaults).

      From my work at telco's I can confirm that OEMs tend to be the ones that are slack on security, not the telco's themselves. When the world moved from 2G to 3G, platform signalling moved inband and it took a while to eradicate all the problems and lower risk exposure, and that was with gear of European origin..

    3. steelpillow Silver badge
      Facepalm

      Re: "We all want to see hard proof of espionage. This is absolutely not it"

      Well actually, no. I am pig sick of this absurd "get Huawei" campaign. It's like it was the maiden name of Trump's first wife or something. This report is absolutely what I want to see. Frankly, I do trust the UK cyber security community a little more than I trust witchfinder generals.

      Telnet = "secret". I mean, for fuck's sake.

      For those millennials who have a historical dictionary of phrase and fable to hand, you might like to look up "a breath of fresh air".

      1. Anonymous Coward
        Anonymous Coward

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        Don't forget their conviction for copying Cisco's IOS, down to the bugs or you might trip over your own naivette.

        1. steelpillow Silver badge
          Trollface

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          "Don't forget their conviction for copying Cisco's IOS, down to the bugs or you might trip over your own naivette."

          Naivette? I thought only the opposite gender had one of those. But what does it have to do with redneck conspiracy propaganda?

          1. phuzz Silver badge
            Meh

            Re: "We all want to see hard proof of espionage. This is absolutely not it"

            I thought a 'Naivette' was a small version of the central part of a church.

            1. Am

              Re: "We all want to see hard proof of espionage. This is absolutely not it"

              That's a micro-nave. Naivette is a French dance from the, erm, 1700s

              1. Arthur the cat Silver badge

                Re: "We all want to see hard proof of espionage. This is absolutely not it"

                Naivette is a French dance from the, erm, 1700s

                Google says it's a British company that, inter alia, makes concrete blocks to stop unauthorised people getting on to your land.

        2. Giovani Tapini

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          A flagrant (allegedly) copy of a CISCO "backdoor" does not make it a Chinese "backdoor"...

      2. GnuTzu

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        @steelpillow, That's fine, but for the record, there was absolutely no political agenda in my comment. And frankly, it makes me a little nauseous to imagine what others were reading into it. But somehow, at some point somebody is actually going to have to come up with a policy that makes sense and can be reasonably implemented by those of us who have to deal with these things on a day-to-day basis. Sadly, reasonable policy and politics... well, policy - reasonable = politics.

        1. GnuTzu

          Re: "We all want to see hard proof of espionage. This is absolutely not it"

          Sigh. I was just having so much fun simply being paranoid about technology, but now that you've got me thinking about politics: should I worry more about back doors from foreign governments, those that have strict control on technology, or a government that maintains due process... by way of... a... secret court? ... :'( I'm not having fun anymore.

          1. steelpillow Silver badge

            Re: "We all want to see hard proof of espionage. This is absolutely not it"

            @GnuTzu. I appreciate that you were avoiding politics. But, to paraphrase what I wrote:

            Telnet = "backdoor". I mean, for fuck's sake.

            It's more like a side door with "STAFF ONLY" written on it in big red letters and it has been a well-managed operational risk for longer than I care to remember. Picking up the "backdoor" paranoia is, frankly, picking up the politics no matter how unintentional.

            As to governments, you pays your money and you takes your choice, as they say. Every government claims that it operates due process while its enemies don't. Generally I go by their track record on human rights abuse. But a government that claims telnet is a backdoor? Sheesh! Sometimes I judge them on their stupidity instead.

    4. rcxb Silver badge

      Re: "We all want to see hard proof of espionage. This is absolutely not it"

      Any sufficiently advanced incompetence is indistinguishable from a deliberate backdoor...

      1. Michael H.F. Wilkinson Silver badge
        Happy

        Re: "We all want to see hard proof of espionage. This is absolutely not it"

        But Telnet might not be considered sufficiently advanced incompetence

  4. Anonymous Coward
    Anonymous Coward

    Sniffable

    At least Telnet is plain text and unencrypted. Wireshark will show exactly what commands are being sent, and by who.

    1. Hans 1

      Re: Sniffable

      At least Telnet is plain text and unencrypted. Wireshark will show exactly what commands are being sent,̶ ̶a̶n̶d̶ ̶b̶y̶ ̶w̶h̶o̶.̶

      TFTFY

    2. Phil O'Sophical Silver badge

      Re: Sniffable

      At least Telnet is plain text and unencrypted.

      Not necessarily, see RFC2946.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sniffable

        "Not necessarily, see RFC2946."

        Have you ever seen that used in real life?

        I ask because I've seen an awful lot of telnet traffic passing through IPS/IDS/network sniffers and never encountered it in practice. A quick Google search suggests its only supported out of the box between Windows OS's which must make it close to non-existent given how common managing Windows boxen with telnet is.

        Given telnet's sending of a character at a time and common strings, I'm not sure that it would be particularly difficult to brute force.

        1. Phil O'Sophical Silver badge

          Re: Sniffable

          Have you ever seen that used in real life?

          Nope.

          A quick Google search suggests its only supported out of the box between Windows OS's which must make it close to non-existent given how common managing Windows boxen with telnet is.

          My current Debian Linux box supports it, at least according to the telnet manpage.

          Agreed, though, it's unlikely to be in widespread use, especially since it uses preshared keys rather than any public key approach.

          1. Roland6 Silver badge

            Re: Sniffable

            >Have you ever seen that used in real life?

            A quick check seems to indicate that its not supported by puTTY so clearly not very common or popular.

        2. steelpillow Silver badge

          Re: Sniffable

          "Have you ever seen that used in real life?"

          I have seen secure Telnet implemented.

          Nobody could get the login to let them in, though.

          Was good fun when I was authorised to use the secure connection but not the one that actually worked.

      2. Hans 1

        Re: Sniffable

        I have never seen an implementation of that RFC, did not even know it existed.

        Ohhhh, the memories:

        Theodore Ts'o, Editor

        VA Linux Systems <------------------------

        43 Pleasant St.

        Medford, MA 02155

        https://www.cnet.com/news/10-years-gone-the-va-linux-systems-ipo/

        !!! Achtung !!! 90's feel to this website:

        http://marc.merlins.org/linux/refundday/

  5. rnturn

    Why would Telnet be required...

    ...for manufacturing and diagnostics? It's definitely "old school" but wouldn't a plain 'ol RS-232 port that a technician could connect to be more secure than telnet? At least someone wishing to get into the equipment would have to be onsite. Sure, it complicates vendor support by requiring someone to schlepp into the data center and physically connect a laptop to the equipment but if you want security questions to NOT be raised in connection with your product, why not do that to defuse those criticisms? (There are ways to avoid the physical access but, I suspect those will be labeled as too archaic to be used in a "modern" environment.)

    1. JohnFen

      Re: Why would Telnet be required...

      "At least someone wishing to get into the equipment would have to be onsite."

      As I understand their implementation, you have to be onsite to use the telnet connection. It is not exposed to the wider network. Most, if not all, of the consumer routers I've used have had the same thing going on.

    2. John Robson Silver badge

      Re: Why would Telnet be required...

      Don't you just hook up a serial multiplexer to all those devices? because they're not just going to have one such device on a desk in the back of a data centre, they'll be deployed in reasonably sized groups...

    3. Anonymous Coward
      Anonymous Coward

      Re: Why would Telnet be required...

      "t's definitely "old school" but wouldn't a plain 'ol RS-232 port that a technician could connect to be more secure than telnet?" - Typically during manufacturing you try to make things automated and simple.

      If IPL works and it boots the default flash image it can then be programmed and tested over the network. If it doesn't boot it goes on a test-jig (push down tool onto pads on motherboard).

      When you have hundreds to configure and test, potentially flash upgrade and soak test, it's a lot easier to plug them into an private network with DHCP, with entire process automated.

      With RS-232 ports you would have the fun and games of needing terminal servers, slightly more annoying cabling, and slower flashing speeds etc.

      Basically it's cheap, works, scales, is pretty quick (you can kick off other commands on the hosts like wget or curl to pull flash files over), doesn't require dealing with keys and certificates, simplifies cabling and could be turned off once complete.

      That's why I imagine they use it.

      1. J.G.Harston Silver badge

        Re: Why would Telnet be required...

        puTTY is a terminal service.

        Last year I was doing upgrades to a load of telephone switches for a Northern telco. About half the kit I plugged in a serial lead (with a weird plug on the end) and Serial-Telnet'ed into the switch, about half of them I plugged an Ethenet cable in and Ether-Telnet'ed in. In all cases I had to be physically on site and physically within four feet of the switch.

    4. Crazy Operations Guy

      Re: Why would Telnet be required...

      Because these devices are deployed not in a datacenter, but to the remote towers. It'd take a few hours to get to it while customer complaints pile up. The interface is usually going to be stuck onto a private administration VLAN, then routed across an MPLS link back to the mothership alongside the VLANs for the various other data channels like handset data and voice, control-plane, etc.

      Telnet is usually used because its one of those that can be trusted to work even when things like the system has the incorrect time or loses its configuration.

      The testing they are doing is likely going to be testing just after tower deployment and disaster recovery to ensure the tower is functioning properly and to fix things that need to be re-tuned.

    5. MrBanana

      Re: Why would Telnet be required...

      A "plain 'ol RS-232 port" would cost money to manufacture, and to be time consuming to implement any kind of testing. Exposing telnet as a port to the LAN side of a router is basically free.

    6. fajensen
      Pint

      Re: Why would Telnet be required...

      At least someone wishing to get into the equipment would have to be onsite.

      We don't always wanna be onsite. In many cases, the thing we need to talk to, is installed on an island or some 4 hour drive into the forest on 'Gravel & Log' roads (RADAR and Electrical Substation). Don't get me wrong, an expedition into Nature is kinda fun, but, during a severe snowstorm .... nah, maybe not so much.

      Usually, insecure stuff like Telnet is exposed via a pretty well secured "JumpBox", a dedicated computer / or a virtual machine which has access to some of the VPN's dedicated to system management, in this case Telnet. This machine will work similarly to the "RS-232 to IP" multiplex device we used to install in each rack, when everything was serial and we still didn't want to go down there, only Globally.

      Of course if someone hacks the JumpBox, they can do bad things.

  6. Barry Rueger

    Pot, meet kettle

    Surely in this post-Snowden age we all have to assume that the American security establishment is hacking into systems world-wide? It's a bit much for Trump et al to be going on about Huawei.

    1. Anonymous Coward
      Anonymous Coward

      Re: Pot, meet kettle

      Kettle, meet pot.

      If /you/ really think that the Chinese, Germans, English, French, and so on through the other 138 countries, aren't either 1) doing the same thing or 2) trying to do the same thing, you need to remove your blinders.

      1. Anonymous Coward
        Anonymous Coward

        Re: Pot, meet kettle

        Yeah, we're on one side of the liberal open economy divide, China sits on the other - they are not interested in competing with us by the way, they want to do us out of business. Think this scuffle with Huawei is about tech? 10 years ago, there were 11 companies making mobile network equipment. Now there are 4, the two Chinese remain and the rest in the west have had to consolidate to fight them - China is openly subsidising their national champions - not to compete, but to strangle western competition.

        1. Aitor 1

          Re: Pot, meet kettle

          And you think we are not doing the same?

          What is the Boing Max scandal really about if not illegal aid with certification, etc?

          What is this Huawei scandal about if not about aid to our companies? yes, there is also the opportunity to keep the spying going on, but the main reason is probably about economics, and we (as in the west) are losing this fight, or rather we have almost lost it: they now have patents for 5G and related technology and we are just using anything, legal or not, to stop them.

          We could not prove they are giving them subsidies, so we went the illegal route to stop them.

        2. not.known@this.address

          Re: Pot, meet kettle

          "10 years ago, there were 11 companies making mobile network equipment. Now there are 4, the two Chinese remain and the rest in the west have had to consolidate to fight them - China is openly subsidising their national champions - not to compete, but to strangle western competition."

          Not quite. 10 years ago, there were 11 companies making mobile equipment. Then the management realised it was cheaper to get the kit built in China so shipped all manufacturing there resulting in lower costs and greater profits. Then the Chinese realised they didn't really need the American managers or sales teams and cut out the middle men, which meant *they* got all the profit and the American managers got the same treatment they handed out to the factory workers who used to manufacture the "american" kit.

          What's stopping the American companies restarting their own manufacturing rather than complain that someone else is being unfair?

    2. fajensen
      Pint

      Re: Pot, meet kettle

      It's a bit much for Trump et al to be going on about Huawei.

      One of the many rules for information warfare is: "Accuse your enemy of that which you are guilty of yourself". The purpose is to normalise your own behaviour and then relativise it away.

      The trope about "Chinese companies must cooperate with Chinese intelligence services" is exactly that - talking around PRISM and the "Patriot Act", so we can first ignore for a while that "Our" companies must cooperate with "Our" intelligence services and then say "Yeah, but Everyone are doing it!"

      There is an interesting article on information warfare Bruce Schneier's blog, if one can abstract the Russians^3 (which I guess one has to include if one is working with 'security' within the USA) to "Just about every think-tank and petty foundation with 3 pieces of silver to blow on AWS":

      https://www.schneier.com/blog/archives/2019/04/towards_an_info.html

  7. JohnFen

    On the one hand

    On the one hand, nobody should be using a telnet server outside of certain special circumstances. It's too insecure and there are better options.

    On the other hand, the use of telnet for this sort of thing is very common and can't, all by itself, be called a "back door" with a straight face.

    1. stiine Silver badge
      FAIL

      Re: On the one hand

      Did you miss the part about hard-coded credentials? They are, by definition, a backdoor.

      1. JohnFen

        Re: On the one hand

        I didn't miss that part. But I suspect we differ about what a backdoor is. In my book, a backdoor is an unadvertised method of gaining access to a system remotely. Whether or not the credentials are hardcoded doesn't matter.

        I may be misunderstanding what they're doing here, but my understanding is that the telnet interface is not remotely accessible by default. I'm also willing bet it's not undocumented.

      2. Crazy Operations Guy

        Re: On the one hand

        By "hard-coded" they might just mean the defaults that are baked into firmware.

  8. Blockchain commentard

    SNMP and SSH should be used for equipment configuration and engineering access. As default, not as an option.

    1. John Robson Silver badge

      SNMP?

      Are you mad - or a sadist?

      I can't recall the last time I actually tried to configure something via SNMP... But then it was probably pre v3, but since you didn't specify that I assume that plaintext config changes are good for you - hence telnet.

      1. Anonymous Coward
        Anonymous Coward

        But a secure version of SNMP is extremely useful. It is a truly generic management agent that is client agnostic and implemented on almost all manageable equipment. A good SNMP implementation with a set of supporting MIBS makes network management and alerting a breeze.

        1. stiine Silver badge

          Name one.

        2. Roland6 Silver badge

          >A good SNMP implementation with a set of supporting MIBS makes network management and alerting a breeze.

          For most SNMP implementations "network management" actually means "network monitoring and reporting" not provisioning or configuration changing.

          1. Anonymous Coward
            Anonymous Coward

            As a network manager with an up and running network do you spend most of your network management time 'monitoring and reporting' or provisioning and configuration changing?

            For most people I would say that the monitoring and reporting (alerting) is the most important and daily task and the one that benefits most from being able to manage the systems 'under one roof'. Although SNMP has a configuration change facility SNMP in a multi vendor organisation (pretty much all of them) along with link discovery and traffic flow are a big part of most sys admin and network manager's toolboxes.

        3. fajensen
          Pint

          A good SNMP implementation with a set of supporting MIBS makes network management and alerting a breeze.

          You must be trolling! That is less likely than finding a good implementation of communism!

          The "adjective rule" - which is that whenever there is an adjective used in the name of something, it means the exact opposite - applies very strongly to SNMP:

          "Simple" - Not at all, SNMP is and ancient Complex and Twitchy beast,

          "Network" - Nope, SNMP "manages" some parts of some Devices that happens to be on a network,

          "Management" - Nah, we can maybe, because UDP, Get/Set some bits in whatever order we or the network like, no Rules, no ACID and no Rollback. This is for Debugging, not Management.

          "Protocol" - Yes, there is a Protocol (it sucks, but, it is there).

          SNMPv1 is a steaming pile of dinosaur crap, SNMPv2 kinda works, but, anyone using SNMPv2 for more than Graphing is a Retard, and SNMPv3 ... oh, boy ... anyone using that special combination of stupidity, sadism and forced restraint is a Gimp!

          Telecoms, who need 'management' that can manage things without blowing up, they use NETCONF with Conf-d or similar: https://www.tail-f.com/confd-basic/

          I.O.W.: I don't like SNMP very much.

          1. Fred Flintstone Gold badge

            I.O.W.: I don't like SNMP very much.

            Thanks for the clarification, I totally missed that.

            :)

          2. Malcolm Weir Silver badge

            Part of the problem with people who extol SNMP is that they assume it's a Network Management Protocol that is Simple.

            This is incorrect: SNMP is a Management Protocol for Simple Networks.

            (In my personal view, the sort of Simple Network for which SNMP is best suited have 1 or fewer nodes.)

    2. Roland6 Silver badge

      >SNMP and SSH

      Don't you mean TR-069/CWMP and SSH?

  9. Chris G

    Is Bloomberg owned by the same people as the Daily Wail?

    Enquiring minds and all that.

  10. Anonymous Coward
    FAIL

    Telnet IS a backdoor

    For starters: Telnet is not a protocol. Telnet is a remote access utility. Telnet's underlying protocol is TCP/IP.

    Telnet traffic is unencrypted. Yes, that includes transmission of the password. There is a reason why it has been replaced by ssh for just about two decades. Just like there is a reason why http has been (mostly) replaced by https.

    A 14-year-old with Wireshark can sniff Telnet traffic. No need for NSA and/or GCHQ.

    No, you don't need Telnet to perform remote diagnostics or maintenance. That's pure bullshit. All of this remote administration and maintenance stuff can be done more securely with ssh and an appropriate key length.

    And no, Telnet is not a standard remote maintenance utility. It has not been so for 20+ years. Telnet has been deprecated in all Linux and *BSD distros specifically because it's a backdoor.

    Name one Linux distro that still installs Telnet by default. I use RHEL, Fedora, SUSE and Ubuntu, and neither installs Telnet by default. I'm not even certain that RHEL still has it available for manual installation.

    Just because telnet was the de facto standard for remote logins on UNIX and UNIX-ish systems in the early '90's, that does not mean its use is acceptable in 2019, or 2011 for that matter.

    Huawei's use of Telnet is, at this point, quite difficult to explain. Modulo the Chinese having trouble cracking and decrypting ssh traffic with key lengths over a certain threshold.

    1. John Robson Silver badge

      Re: Telnet IS a backdoor

      They install telnet, just not a telnet server.

      Using telnet on another screen right now... very useful to actually debug a connection issue I'm seeing.

    2. Anonymous Coward
      Anonymous Coward

      Re: Telnet IS a backdoor

      *cough* *cough* https://tools.ietf.org/html/rfc854

    3. DaLo

      Re: Telnet IS a backdoor

      You are completely confusing the word 'backdoor' with 'insecure'. The issue with being able to sniff the traffic is only an issue if the end user decides to use Telnet, and if they are security conscious they wouldn't use it where it is possible to intercept.

      Having Telnet does not allow you to sniff the traffic going across the router/switch it just allows you an insecure way of logging in.

      You could easily say that if it didn't have password complexity requirements built in it is a 'backdoor' using the same logic. No it isn't it is no less safe a device, it could just be used in an unsafe way.

      If there was a hardcoded password on the device that was available to the telnet interface (especially if it could be access remotely) = backdoor.

      It's use wan't in 2019 - it was 2011/2012 and many, many switches and routers still included telnet servers (and SNMP v1) at that time.

      1. Anonymous Coward
        Mushroom

        Re: Telnet IS a backdoor

        > If there was a hardcoded password on the device that was available to the telnet interface (especially if it could be access remotely) = backdoor.

        There was. At least I hope there was a password. That's what Huawei said. Because they needed Telnet for troubleshooting and maintenance.

        I assume that Huawei's logins were protected by a password. But I could be wrong.

        Yes, I can use Telnet to find out what's running on your box, and send commands to all kinds of stuff running on your box, and eventually gain remote access with escalated privileges - read root - if you are clueless enough to have what you call a Telnet Server running, and/or you leave all kinds of ports open. Which you probably do, because you don't know any better.

        If you are a Windows Person: root means Administrator in UNIX/Linux/BSD land.

        By the way, there is no such thing as a Telnet Server. There never was.

        It's either the ancient inetd, which I have not seen since around 1998, or its more recent incarnation named xinetd, which is supposed to be slightly less insecure.

        Let's play "Basic Systems Security 101" for USD $100: For the past 15+ years, none of the Linux distros that I mentined above install xinetd by default. You have to go through hoops to get it installed, and you get several screaming warnings when you do so.

        Because, you know, some paranoid people who have been doing this security stuff for more than 3 months, and have given it more than 150 nanoseconds' worth of thought, are trying to warn you not do to something pathologically stupid.

        But, of course, what do the Linux distro security guys know. Pah! Bunch of paranoid freaks. Telnet - and the Telnet Server is where security is all at. Courtesy of the Microsoft-Huawei Institute For Secure Computer Systems.[1]

        ---

        [1]: It doesn't exist.

        1. JohnFen

          Re: Telnet IS a backdoor

          "By the way, there is no such thing as a Telnet Server. There never was.

          It's either the ancient inetd, which I have not seen since around 1998, or its more recent incarnation named xinetd, which is supposed to be slightly less insecure."

          inetd and xinetd are used to fire up servers on-demand. Neither of those are actually proper servers in and of themselves. There is such a thing as a telnet server in both BSD and Linux. It's called telnetd. It isn't installed by default anymore, and it's very much not recommended for use, but it does exist.

          In Linux these days, I think the telnet server tends to be provided by busybox instead of by an always-on daemon.

          1. JohnFen

            Re: Telnet IS a backdoor

            A correction (it's been a while since I've looked at this stuff, so my memory is imperfect). The telnet server is still provided by the telnetd package. It's called in.telnetd. If you use xinetd to wire this up, then you'll see the reference in its configuration file.

          2. Anonymous Coward
            Stop

            Re: Telnet IS a backdoor

            > I think the telnet server tends to be provided by busybox instead of by an always-on daemon.

            You're wrong on both counts:

            1. inetd is, and has always been a server on UNIX and UNIX-ish systems. It runs as a daemon. That means always-on. It is called inetd, not Telnet Server, or any other such misappropriation:

            Wikipedia - inetd.

            2. Busybox is an Android/Embedded Linux thing. Not a general-purpose Linux thing. If Busybox runs the equivalent of inetd on your smartphone, you may want to think twice about that. On Android, you don't need it. There are plenty of ssh clients available for Android, independently of Busybox.

            On general-purpose Linux distros, inetd is no longer available. It's been replaced by xinetd for at least 15 years. xinetd is an always-on daemon, just like inetd used to be.

            xinetd does not get installed by default. If you install it, you need to explicitly tell it which inet services you want to enable. Telnet is always disabled by default. The xinetd daemon handles all the service requests, including telnet, rlogin, etc.

            1. JohnFen

              Re: Telnet IS a backdoor

              "inetd is, and has always been a server on UNIX and UNIX-ish systems."

              What I meant was that it isn't providing any direct internet services. It is managing other internet services.

              I already corrected my busybox error.

              "The xinetd daemon handles all the service requests, including telnet, rlogin, etc."

              But it doesn't actually service those requests itself. It starts the appropriate server and has that actually handle the request. In the case of telnet, it starts the telnet server -- in.telnetd -- and then the telnet server actually deals with the telnet operation.

        2. Jamie Jones Silver badge

          Re: Telnet IS a backdoor

          The fact that most of your post is hysterical bollocks wouldn't be so bad if it wasn't for the fact that you wrote it in a condescending way.

          You should have listened to John, but you doubled down.

          06:40 (17) ".incomplete" root@thompson# grep telnetd /etc/inetd.conf

          #telnet stream tcp nowait root /usr/libexec/telnetd telnetd

          #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd

          The telnet server. Most often spawned from inetd (which as John said, mainly is just resposible for firing off other servers. It's a "meta-server" that listens on all the specified ports, launching sub systems when appropriate.. It stems from the time when it was useful to not require each subsytem to run it's own listener, due to memory/processor constraints.

          Oh, and the world isn't linux. inetd is still installed on many systems, just not enabled.. Oh, and the telnet client is still present and useful, and I'll be buggered if I'm going to stop using it to access control daemons running on localhost on embedded systems just because you scream SSH or RPC/TLS/HTTPS.

          I guess I therefore fail your basic security 101, but then, what value is a qualification from Trump University? :-)

          Here are some publically accessable telnet servers on the internet. I'm curious to how they are therefore insecure:

          tower.blinkenlights.nl

          rainmaker.wunderground.org

          towel.blinkenlights.nl (port 666)

          1. Anonymous Coward
            Anonymous Coward

            Re: Telnet IS a backdoor

            > The telnet server.

            You know, anyone can copy-and-paste. That doesn't necessarily mean they know what they're copying and pasting.

            And no, it's not a telnet server. It's not a server of any kind. It doesn't serve anything. It doesn't do any processing. You can't send direct requests to it. You can't connect to it directly.

            It's just a simple multiplexor program that is started by inetd or xinetd on your behalf when you establish a TCP connection at port 23. That's all it does.

            inetd or xinetd are the servers. in.telnetd is not.

            1. MrBanana

              Re: Telnet IS a backdoor

              Wow! Just Wow.

            2. Anonymous Coward
              Anonymous Coward

              Re: Telnet IS a backdoor

              Could I suggest you download an early version of Slackware and get familiar with how things work? You really seem to be short on a few fundamentals. I'm not going to berate you for that as it is my opinion that giving someone a starting point to improve their insight themselves is usually more productive.

              The reason I'm suggesting a very early version of Linux is because you should get as raw a system as possible where you have to set up everything yourself rather than use a fancy GUI to do it all for you - that won't teach you much.

              In short, you're really *WAY* wrong - it's now up to you to work out how you got to that place and fix it.

        3. DaLo

          Re: Telnet IS a backdoor

          "There was. At least I hope there was a password. That's what Huawei said. Because they needed Telnet for troubleshooting and maintenance."

          They didn't say that at all. They said, according to the article, "configure and test the network devices". Now this could very easily have been during manufacture as part of the QA with the final sign off, disabling the login or writing out the customer firmware to the device. There doesn't appear to be any suggestion that a login still remained on the device. If you've ever looked at a lot of electronics they have a diagnostic port that is often underneath the cover that is used for the same purpose.

          As for your talk about no such thing as a telnet server? What are you on about, in client server computing you define one thing that accepts requests as a server and you connect to it with a client. A machine with ports open to accept an incoming Telnet connection can be referred to as a Telnet Server or Service, the machine you connect to it with can be regarded as the Telnet Client. What tool you use to fire this up or maintain it, or if it calls itself something different on your device is largely irrelevant.

          1. Anonymous Coward
            FAIL

            Re: Telnet IS a backdoor

            > A machine with ports open to accept an incoming Telnet connection can be referred to as a Telnet Server or Service

            You know, you would've come across as less ignorant had you searched in Google for the correct terminology before posting here.

            No, the tool isn't calling itself something different on my device. Actually, I have no idea what that's even supposed to mean.

            You can try pretending Telnet Server is an actual term, but it isn't. The only thing you're proving by calling it a Telnet Server is that you are very unfamiliar with this rather old technology. A bit of UNIX or Linux knowledge would have helped you, but that does not appear to be your strong suit.

            And no, it's not client-server either. Telnet predates the client-server model by about 20 years.

            The client-server model is about shared workloads. Telnet has nothing to do with shared workloads. Just because you have some sort of local client that connects to something remote, that doesn't automatically mean it's the client-server model.

            IBM 3270 terminals connected to IBM mainframes, and that was the farthest model from client-server that I can think of.

            1. DaLo

              Re: Telnet IS a backdoor

              Wow, you're a bit abusive aren't you? First you confuse insecurity with a backdoor, then you claim there's no such thing as a Telnet Server.

              Hmm -> Telnet Server

              1. Anonymous Coward
                FAIL

                Re: Telnet IS a backdoor

                There is no such thing as a Telnet Server. But if you want to continue believing that there is, please go ahead. Whatever floats your boat.

                > Wow, you're a bit abusive aren't you?

                Not really.

                It's mainly that you're insecure enough in your own knowledge that you take personal offense when you discover - or it's pointed out to you - that you might be wrong.

                Learning things from sources other than Google searches might help with that insecurity.

                1. ChrisElvidge

                  Re: Telnet IS a backdoor

                  From: https://www.gnu.org/software/inetutils/

                  Inetutils is a collection of common network programs. It includes:

                  An ftp client and server.

                  A telnet client and server. <<<---- HERE

                  An rsh client and server.

                  An rlogin client and server.

                  A tftp client and server.

                  And much more...

                2. DaLo

                  Re: Telnet IS a backdoor

                  From this comment: "Learning things from sources other than Google searches might help..."

                  From your previous comment: "You know, you would've come across as less ignorant had you searched in Google for..."

                  You know there is a troll icon that you can use that saves a lot of time and is generally considered good manners to use on this forum when trolling?

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Telnet IS a backdoor

                    > generally considered good manners

                    Searching in Google for information is good. It's not good enough. It might teach you the correct terms. Learning what these terms apply to, and how all this stuff works takes a lot more effort than searching in Google followed by 15 minutes of reading.

                    Face it: you don't know how this stuff works. Not by a long shot. But you feel compelled to pretend that you do.

                    Prove me wrong. Can you list the names of the processes, the names of their configuration files, and the sequence of events - in correct order - that are involved in establishing a Telnet login session?

                    1. DaLo
                      Facepalm

                      Re: Telnet IS a backdoor

                      Of course that is the way to 'prove you wrong'.

                      71 downvotes so far on this topic, it may tell you something.

                      1. Anonymous Coward
                        FAIL

                        Re: Telnet IS a backdoor

                        > 71 downvotes so far on this topic

                        Yet no answer to my purely technical question.

                        That confirms what I had suspected all along. You have no clue.

                        Downvoting is easy. Explaining how a Telnet login session actually works, not so easy.

                        Thanks for the entertainment.

                        1. Jamie Jones Silver badge
                          FAIL

                          Re: Telnet IS a backdoor

                          You do realise that a large number of us here would be able to recreate the whole process entirely if need be, and could therefore explain it in more detail than you'd understand. But that would take time, and as a student, you are rude, arrogant, and incapable of listening, so why would anyone bother?

                          This is not the YouTube comments section. If you want to continue willy-waving, abusing the very people who correct you, and doubling down on your mistakes, I suggest you go there. You'll fit right in with the flat earthers or the maga idiots posting shite on progressive channels.

                          Have a nice day.

                          1. Anonymous Coward
                            Devil

                            Re: Telnet IS a backdoor

                            > you are rude, arrogant, and incapable of listening

                            Awesome. Ad-hominem attacks because I asked a simple technical question. Which, of course, you claim you could answer, but you won't because it would take too long. And I'm rude. Right.

                            Lame old excuse for not being able to explain it in the first place. You're not the first one to use it, and definitely not the last.

                            In fact, it wouldn't take that much time to explain the Telnet login session bringup. 15 lines of text at most. Not even full lines. About the same time it took you to write your reply, if not less.

                            Well done, Sir. Well done.

                            1. Jamie Jones Silver badge

                              Re: Telnet IS a backdoor

                              You don't get to shit over everyone here, then cry when you're called out for it.

                              As for the telnet session, apologies, I thought you expected at least some technical detail, not some high level faff. If you want to know, google it, or pay me.

                              Not to be an arse, but like many here, I've been professionally involved in networking, dns infrastructure, security, tcp/ip programming (client and server), wide-area monitoring protocols (tcp/ip -> pager / sms gateways), systems programming, kernel hacking, and general systems design, both for comercial, and security-cleared government contracts, for 25 years. Google me if you're bored.

                              We all come here for techie news, and to have a bit of a laugh, and a few virtual beers. For you to come in acting like you know everything, and inevitably tripping up, and then double-down with further abuse, is a bit tiring.

                              You remind me of the time my (then) 8 year old niece asked me how to connect to the internet, and when I started to explain in as high level as I could, she interupted me, shouting "wrong! you know nothing, Jamie! You connect to the internet by clicking on the blue E". Still, she's funny and lovely with it.

                              The internet is full of "l33t h4ck3r" script-kiddies who think they know it all, when they clearly don't, but up to now, El Reg has been mostly free of it, and I'm no longer going to entertain your rants. Consider yourself killfiled.

                              P.S. I have no spellchecker on this browser, so I've probably made loads of spelling mistakes. Feel free to pick up on them if it makes you feel better!

                    2. Malcolm Weir Silver badge

                      Re: Telnet IS a backdoor

                      Well, let's see...

                      Usually, in.telnetd (see https://linux.die.net/man/8/in.telnetd,hereinafter referred to as in.telnetd(8)) will be started by inetd or xinetd, which are two solutions for the same basic task. It doesn't matter which, because the mention of these is a red herring: in.telnetd can be started manually (see in.telnetd(8)) from a command line or from an /etc/rc* script (or whatever variant exists on your platform).

                      Once in.telnetd is running, it listens on whatever port you tell it to listen, or port 23 by default. When a connection happens on that port, it sends a list of telnet configuration options to the client (see in.telnetd(8)). After the telnet protocol options have been negotiated (because telnet is a protocol, no matter what some rando insists), it opens a pseudo-tty pair and spawns a subshell, which invokes whatever login program was specified on the command line, usually (but not necessarily) /bin/login or some variant of that.

                      At this stage, the telnet server is simply responsible for receiving segments on the TCP socket, checking for the escape sequences (e.g. BRK to send a BREAK on the pseudo-TTY, SUSP to suspend, etc... see RFC854 for the full list) and passing everything else through to the pseudo-tty, and sending the output on the ptty back across the TCP connection.

                      What might confuse some people is that the telnet client program will work without the telnet protocol: you can (and most of us will have) telnet'd to miscellaneous servers, the whatever's running on ports 25, 80, 110 and 143. Those servers don't understand the telnet protocol (because they aren't in.telnetd or equivalent), but that's OK, because the the client side (telnet(1)) will function without the options, support for the control functions, etc. So the telnet _client_ doesn't need the telnet _protocol_, but telnet _servers_ must implement it.

                      That said, special-purpose telnet servers also exist (because they're quite easy to implement by nicking the right libraries). For example, I've worked on a telnet server that managed a tape robot; we could have simply used the raw socket interface, but we decided that having things like the erase character mechanism was preferable and anyway it was easier to re-use someone else's code than reinvent the wheel. And we chose to implement the thing as a CLI rather than some fancy RESTful machine because (a) the latter hadn't been created as a "thing", and (b) it let us use the same parser as we used on the serial RS-232 console.

                      Happy?

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: Telnet IS a backdoor

                        > Happy?

                        Yes, but you got a number of details wrong:

                        1. in.telnetd (or telnetd from BSD) doesn't listen to port 23. Only inetd (or xinetd) listen to port 23, as it is a reserved port. See /etc/services and /etc/protocols.

                        2. in.telnetd (or telnetd) can be started manually only with the -debug option. That's the only case where you can specify a port. If you try starting in.telnetd manually without the -debug option, it exits immediately.

                        3. If you start in.telnetd manually, it will stick around for a while doing nothing, then it will eventually exit, as it has no connections to manage.

                        4. in.telnetd doesn't fork a shell that subsequently forks /bin/login. It simply forks and execve(2)'s /bin/login by default, or whatever other login session manager was explicitly indicated by -L. execve(2)'s default command interpreter is /bin/sh.

                        5. About half the Telnet commands are unimplemented - either on the client side, or on the in.telnetd side, and have been so for a very long time.

                        But I am very glad that you mentioned that telnet can be used to establish a connection to any port. Most of the Telnet advocates here were likely unaware of that capability.

                        1. Malcolm Weir Silver badge

                          Re: Telnet IS a backdoor

                          Dear gawd, with every post you demonstrate your ignorance!

                          1. You clearly don't know what a reserved port *is*, and have no idea what /etc/services *is* used for. A reserved port can only be opened by a process running as root. That's it. It has nothing to do with inetd or xinetd or anything else, as evidenced that port 80 is reserved, too.

                          2. As it happens, yes, if you manually start in.telnet without the debug option it will exit, because it doesn't have a socket open. But as you yourself acknowledge, if you start it with the debug option, it will run. Hence your entire thesis that there's no such thing as a telnet server crashes and burns, because, as you acknowledge, starting in.telnetd with the debug option IS A TELNET SERVER!

                          3. If you start in.telnetd manually, it will wait for a connection for a while; this duration is defined as the time until someone kills it (e.g. as part of a system shutdown).

                          4. I didn't actually say it forked a shell, I said it forked a subshell; a subprocess or coprocess would have been more accurate. Yes, sloppy language on my part, but as you know, you can't technically fork a shell. The rest of your comment, though, contains a serious factual error on your part (execve has no default shell...), so I'm not loosing sleep in the face of your self-aggrandizement.

                          5. Which means that about half are implemented, which means that someone who claims that telnet isn't a protocol isn't a smart as he thinks he is....

                          6. I'd bet most of the telnet advocates here, as you call them, have used telnet to connect to other services. It's a totally routine technique for detecting whether the service is accessible...

                          Now run along. You've demonstrated your ignorance and shifting positions quite adequately, and I doubt anyone is terribly interested in your "wisdom" anymore...

    4. JohnFen

      Re: Telnet IS a backdoor

      What is your definition of "a backdoor"?

    5. Anonymous Coward
      Anonymous Coward

      Re: Telnet IS a backdoor

      Telnet is a FRONT door. You can configure it with or without a lock, or brick it up, but it has its uses on a private network.

      1. Dagg Silver badge

        Re: Telnet IS a backdoor

        Telnet is a FRONT door

        Which you can use to create a backdoor.

    6. Anonymous Coward
      Facepalm

      Re: Telnet IS a backdoor

      Telnet is not inherently bad, the use case is eloquently explained up thread. It's insecure, and unsuitable for remote usage, but ssh requires key distribution and has host checking, which complicates matters in a production environment (an environment for production of these devices in a factory) .

      I would point out, bootp, tftp, and other protocol for early stage commissioning typically share the same unencrypted issue.

      Yes, ssh should be used for remote administration. Yes, SNMPv3 should be used for configuration management and alerting, but telnet is fine if you control the network, like a telco should.

      If it's on its own vlan, I don't really see the problem, and if you don't have your control plane locked down, well see icon.

    7. Anonymous Coward
      Anonymous Coward

      Re: Telnet IS a backdoor

      "Name one Linux distro that still installs Telnet by default. "

      The one I use on a daily basis is "MontaVista Carrier Grade Linux" .

      But, whether left on telnet or switched to ssh, the control plane is secured, even from most of the network operator's own staff.

  11. Philip Stott
    Black Helicopters

    I'm edging towards giving them the benefit of doubt on this

    That they're just as prone to shite infosec as any of the other Shenzhen white box shifters.

    Except Huawei aren't anymore and need to up their game.

  12. Draco
    Paris Hilton

    Bloomberg has Zero Tech Credibility

    Reg readers should recall the obvious piece of fake news Bloomberg published (and doubled down on) about the Chinese infiltration of Super Micro servers.

    This article simply goes to show that either Bloomberg knows nada about tech and will publish any piece of BS that will garner them sales.

    https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/

    Paris because she'd be the perfect face for Bloomberg

    1. Anonymous Coward
      Anonymous Coward

      Re: Bloomberg has Zero Tech Credibility

      They really need to fire the editor in charge of their tech section, and hire a new editor and new writers to start that up again from ground zero. Or just ignore tech and stick to business, which they report on pretty well.

      1. Richard 12 Silver badge
        Flame

        Bloomberg are rapidly losing credibility

        If they screw up the things I know about this badly, how can I trust that they're reporting properly on the things I don't know much about?

        Business and finance appear to have similar levels of complexity and jargon to computing technology.

        So as their "tech" desk is this incompetent, we can infer that their business and finance desks are likely to be similarly incompetent, and anything they print must be also considered inaccurate, over-egged and occasionally a flat lie.

        1. Fred Dibnah

          Re: Bloomberg are rapidly losing credibility

          You could apply that analysis to every mainstream media outlet.

    2. Anonymous Coward
      Anonymous Coward

      Re: Bloomberg has Zero Tech Credibility

      Good to see others still remember it too; after all it was at least six months ago.

    3. Irongut

      Re: Bloomberg has Zero Tech Credibility

      With the Supermicro story and now this my opinion of Bloomberg is that they are a mouth-piece for Trump. As a Brit I don't really know their past work. I'm told they are a respected publication but they're pissing that away with these Chinese tech horror stories.

    4. Julz
      Black Helicopters

      Re: Bloomberg has Zero Tech Credibility

      Never attribute to stupidity that which is adequately explained by malicious political intent...

  13. Anonymous Coward
    Anonymous Coward

    PREDICTION: As greybeards retire. we'll see a shitload more of this nonsense.

    We're already rocking "experts" who have no idea what USENET is, let alone how it works. (Which does rather open the door for a Dragons Dens stylee pitch ....).

    I know in my last place of work, out of an IT department of 50, only 4 had the faintest clue about ssh - which is what you get in a Windows outfit.

    1. Anonymous Coward
      Anonymous Coward

      Re: PREDICTION: As greybeards retire. we'll see a shitload more of this nonsense.

      Microsoft have a huge backdoor called winlogon. Also you are right, it's going to get way worse.

    2. Anonymous Coward
      Devil

      Re: PREDICTION: As greybeards retire. we'll see a shitload more of this nonsense.

      > [ ... ] out of an IT department of 50, only 4 had the faintest clue about ssh [ ... ]

      And the other 46 are the ones who go apeshit on various boards over OMG!!! NSA is monitoring my MMS dick pics!! My precious privacyyyyyy!!!, but have absolutely no problem using Telnet over WAN to "troubleshoot" Huawei 5G routers.

  14. cs9

    Telnet

    MSFT ships Telnet -- ****ing morons! How dare they! Don't the realize this is 2019 and there is positively no reason to be using Telnet like it's still the 90s!

    Huawei ships Telnet -- carry on, then! Let me explain in my most patronizing tone how Telnet is really no big deal and everyone should be using it in 2019.

    Signed -- Reg readers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Telnet

      I thought the MSFT shills only appeared when someone started bad mouthing MSFT? I guess business must be slow at the moment.

      BTW, you dropped your strawman.

      Telnet on Windows is a useful tool for debugging some issues - while their are better tools available, they aren't always available for installation in a given environment so having telnet as an OS add-in is useful although arguable PowerShell provides replacements that are provide most of the functionality, although a little more effort maybe required for the average telnet jockey. Having this option would make Windows a security risk in Bloombergs eyes.

      Huawei having support for telnet that isn't enabled by default BUT is used within Vodafone for some purpose wouldn't be a reason to dismiss Huawei as a viable vendor. As Bloomberg seem to suggest.

    2. chuBb.

      Re: Telnet

      Since win 7 or vista you had to explicitly install the telnet client from the windows features menu, its not an out of box thing.

      Plus as others have said, whats the big deal on a closed management network, APC/Schneider are screwed as all the crappy PDU's i have in my racks work best by telnet, the web interface is crap, and ssh more often than not kills the under powered CPU, so telnet it is, backed by radius for AAA.

      Plus virtually every consumer home router has telnet enabled on the lan ports and many many many IOT things have have telnet enabled, sometimes locked down to an obscure subnet or port (seen 192.168.254.250/30 used quite a bit on some off shelf ethernet modules) but telnet is there, mainly because of how trivial it is to implement on underpowered (read as cheap) reference boards, as its plan text based you only need to abstract the connection method away from the command parser to get the most out of your firmware (yes there are still areas of coding where every kb counts, and cant just borg packages together with some control logic to create modern bloat ware ala anything backed by npm or nuget), i.e. simple socket server listening on TCP:23, and a serial server can both use the same command buffer and command parser stack, considerably more involved to run ssh, suggest the people freaking out never run nmap on their lan lol, that or get a clue...

      Also as someone pointed out TFTP is a far bigger threat in my opinion, there is no auth mechanism and there are plenty of publically accessable provisioning services that just need a write flag being misconfigured to cause real problems, struggle to think of any VoIP phone which doesnt have a tftp fallback for firmware updates or config provisioing even if they offer http(s) alternatives, you have to physically disable, i would be far more concerned about poisoned firmwares, which left micrpphones open, forked calls to other destinations, inject a proxy in to the call signalling, nm that most ITSP's still think that TLS is an uncessary overhead on the signalling, nevermind offering or accepting SRTP for the media, kinda glad i was allowed to do the opposite on the phone network i run, even if it means turning customers away who want to cling on their 10 year old linksys desk phones.....,

    3. 1752

      Re: Telnet

      MS stopped shipping Telnet Server in Windows 10 \ Server 2016. Also as someone else noted even now the client is not installed by default.

  15. Milton

    "We all want to see hard proof—" No, we don't.

    "We all want to see hard proof of espionage. This is absolutely not it"

    Wrong for two reasons, actually.

    (1) Hard proof is extremely unlikely. If anyone's kit (by which I mean hard- and software in any combination) is up to no good, you may be 100% certain it will be disguised as accidental, an unforeseen bug, oozing with plausible deniability. El Reg readers are well placed to think of all the crafty, deniable, ambiguous, seemingly accidental ways there are to disguise bad behaviour, ranging from 'unintended' buffer overflows and code execution errors to sly use of misdirection, both figurative and literal. In short, if a company like Huawei wants to leave nasties in its equipment, they will be (a) incredibly hard to find, (b) tough to prove as hostile and (c) even tougher to show as purposefullly malicious. It simply isn't hard for clever people to hide wood in a forest.

    (2) The lack of proof is irrelevant, because, as I have said before, where the psychotic paranoia and power-crazed greed of nation states is concerned—especially those lacking civilised checks and balances—you must act upon capabilities, not intentions. China has a foul regime. It is an undoubted danger to democracy and basic decency in the world, and arguably a threat to the freedom of the entire species. Its companies will do whatever they are told because executives can be disappeared into prison camps with barely a ripple, no chance of a fair trial and no free press to raise a stink. China could easily include malware, spyware or saboware in stuff designed and built by Chinese companies.

    And since they could, and since the stakes are existentially high, you have a duty, as either a leader or an adviser to leaders of your country, to assume that they will.

    And don't get me started on the absurdity of distinguishing 'core' and 'non-core' hard-/software in this context. It's pure sophistry. Only a politician would swallow such rubbish. If you think the nurse might want to poison you, do you think opting for that injection in your toe, instead of your jugular, makes a scrap of difference?

    Sophisticated Chinese equipment—which I think includes anything with a CPU and the ability to connect to the internet—absolutely should not feature in UK infrastructure. (And you probably shouldn't be buying their phones either.)

    1. Tom 38

      Re: "We all want to see hard proof—" No, we don't.

      In your analogy, being injected in the toe is as lethal as being injected in the jugular, because they both flow to the heart. In reality, the "heart" is the security services infrastructure. How does their information flow to my phone so that the "injection" can poison it?

    2. Alister

      Re: "We all want to see hard proof—" No, we don't.

      Sophisticated Chinese equipment—which I think includes anything with a CPU and the ability to connect to the internet—absolutely should not feature in UK infrastructure.

      Ok then, what about sophisticated American equipment (built in China), or even sophisticated American equipment (built in Mexico)?

      I don't see that for the UK there is much choice in the matter, whatever we use, it will (by your reckoning) be open to interference by another nation state.

      1. stiine Silver badge

        Re: "We all want to see hard proof—" No, we don't.

        That's exactly what he said. And yes, you could actually substute any foreign country's name for 'China' in his example, and it would still be true.

    3. A.P. Veening Silver badge

      Re: "We all want to see hard proof—" No, we don't.

      you must act upon capabilities, not intentions.

      I prefer to act on proven misconduct. For capabilities, Huawei (with all other Chinese suppliers) gets one strike. For proven misconduct, Cisco (with all American suppliers) gets three strikes and is OUT!

      1. Anonymous Coward
        WTF?

        Re: "We all want to see hard proof—" No, we don't.

        > I prefer to act on proven misconduct.

        Brilliant. Do not disable any insecure services until after you've been successfully attacked.

        I really, truly hope that you're not in charge of anyone's systems security. Because if you are, I pity them.

        1. A.P. Veening Silver badge

          Re: "We all want to see hard proof—" No, we don't.

          I am in charge of security and I am paranoid enough to disable services at the slightest whiff of insecurity. Having been informed about the discovered back door in Cisco systems, Cisco is completely banned and anathema here. Given that HCSEC hasn't found a back door in Huawei systems yet (but enough other weak spots), I am prepared to provisionally give Huawei the benefit of doubt.

          1. Anonymous Coward
            Devil

            Re: "We all want to see hard proof—" No, we don't.

            > I am in charge of security and I am paranoid enough to disable services at the slightest whiff of insecurity.

            On the Internet, no-one knows you're not actually in charge of anything.

        2. Jamie Jones Silver badge

          Re: "We all want to see hard proof—" No, we don't.

          ST, I hope when you leave school and get a job, you'll have calmed down and become more rational - especially if you want to work in the security field.

          A healthy dose of suspicion and paraoid is helpful in our field... Out and out tinfoil hattery and shouting down everyone who doesn't agree with you tends to make you less secure (can't see the wood for the trees etc.) and piss your users off more (so they end up writing passwords on sticky notes attached to their screen)

          Just reading this thread, AP Veening comes across as a security professional. You...erm. don't.

          1. Anonymous Coward
            FAIL

            Re: "We all want to see hard proof—" No, we don't.

            Jamie Jones:

            Congratulations on your uncanny ability for self-delusion.

            Now go have a beer with AP Veening so you can discuss barn door closing optimization techniques.

            1. Anonymous Coward
              Anonymous Coward

              Re: "We all want to see hard proof—" No, we don't.

              @ST: You could probably have avoided a lot of those downvotes by not communicating like a belligerent jerk.

              1. Anonymous Coward
                FAIL

                Re: "We all want to see hard proof—" No, we don't.

                @AC:

                > You could probably have avoided a lot of those downvotes by not communicating like a belligerent jerk.

                Sez the AC guy who resorts to ad-hominem attacks by calling me a belligerent jerk. The bravery of AC.

                Did you actually have a point?

                Your comment is a perfect example why I don't care about downvotes coming from commentards in your category. This isn't Facebook, and I am not here to collect Likes.

                1. HieronymusBloggs

                  Re: "We all want to see hard proof—" No, we don't.

                  "Sez the AC guy who resorts to ad-hominem attacks by calling me a belligerent jerk"

                  AC here. I didn't call you a belligerent jerk, I said you communicate like one.

            2. Jamie Jones Silver badge
              Facepalm

              Re: "We all want to see hard proof—" No, we don't.

              I have plenty of experience with over-excited teenagers who think they know everything.

              You don't phase me. My mistake was thinking you might take note of some of the comments posted here. Of course, you know better.

              Silly me

    4. anonymous boring coward Silver badge

      Re: "We all want to see hard proof—" No, we don't.

      You know that you can't prove a negative, right?

      1. mhenriday
        Boffin

        Re: "We all want to see hard proof—" No, we don't.

        «You know that you can't prove a negative, right?» Wrong - at least if the ancient Greek proof that √2 is irrational (and the countable infinity of similar proofs by reductio ad absurdum) is still to be considered valid....

        Henri

    5. Justthefacts Silver badge

      Re: "We all want to see hard proof—" No, we don't.

      The 3GPP/5gpp standards-defined terminology Core Network is not “sophistry”.

      Specifically in 2G, 3G and 4G core network comprises SGSN, GGSN, MSC, HLR, EIR, BGW, etc, whereas non core is the access network UTRAN etc. The 5g standard combined functions and virtualised some of these, but maintained physical separation between access network and core network for both economic and security reasons.

      The access network directly connects to your mobile over the air; it’s what you think of as the “mast” (sort of). The core network sits between access network and internet providing higher level functions, and usually sits in a data centre. Huawei will be able to provide access network but not core network

      This is technically and security relevant because:

      Irrespective of what encryption (https or anything else) the user runs, the network provides end-to-end encryption between the mobile and core network. The access network is, from a security perspective, a dumb pipe passing encrypted packets, nor does it know user identity information. It is the Core Network which knows things like user identity info, session encryption keys etc.

      Being the access network gives you exactly no more information than an over-the-air sniffer, which is none at all. All of 3G, 4G, 5G protocols are secure against MITM attacks.

      A genuine security risk is that being the access node allows you a direct connection to the Core Network, ie it’s a jump off point for a potential hack, if there were a vulnerability in CN. Therefore, the software should be fully audited to ensure that it can’t be used that way - which is exactly what CESG (GCHQ as you probably know it) did.

      You should also be aware that it is at the Core Network nodes (only) that legal intercept capability is enabled, to co-located boxes owned by authorities with the relevant credentials and authorisations.

      Having said all of that......

      The US has made it quite clear that whatever the technical and economic justifications, a condition of remaining in Five Eyes is that we dump Huawei. Everything we have in practice is Five Eyes, so that is our non-negotiable national interest. Whether you like it or not, the US has us over a barrel on this. “The EU” simply has no intelligence of real value to share, whatever their pomp and circumstance.

      1. Brent Beach

        Re: "We all want to see hard proof—" No, we don't.

        @Justthefacts Excellent post.

        To summarize:

        1. There is a known, small window through which Huawei could peer and the security folks are checking it.

        2 There is co-located hardware that can see everything, controlled by telco and national security services that can see everything.

        3.Five eyes is not a partnership, but one big US Dawg and 4 little puppies who will do what they are told (see Snowden materials).

        In the Huawei case, US actions are not motivated by the usual paranoia. Rather the US security establishment is being used as a big stick in trade negotiations between Trump and China.

        The four puppies might reconsider their security arrangements with Trump Inc (formerly known as the US of A) if they want to be serious about national security.

        1. Malcolm Weir Silver badge

          Re: "We all want to see hard proof—" No, we don't.

          The Five Eyes stuff is far more complicated than it may at first sight appear. The UK has _at least_ two sites that the US intel community likes a lot, and which (for various technical reasons) are not easily replaced without a lot of impact to existing programs, so figure that as a multi-hundred-billion dollar relocation cost. Technically, one of the sites might be replaced with a slightly sub-optimal alternate in either one of two European countries, but the other would be harder.

          And anyway, "Five Eyes" is not an automatic thing. There's "REL AUS/CAN/NZ/GBR" and there's e.g. "REL GBR", etc. So what the US is threatening is that not as many goodies would be shared, not that nothing would be shared.

          At the end of the day, this is all purely political: if GCHQ says the risk is technically manageable, then it's probable that the NSA would say the same (technically). Therefore (from a UK perspective) the US can rattle its sabre all it likes, and when the political climate shifts, they'll "reach an accomodation". Again.

    6. fajensen

      Re: "We all want to see hard proof—" No, we don't.

      And since they could, and since the stakes are existentially high, you have a duty, as either a leader or an adviser to leaders of your country, to assume that they will.

      Well, so, what do we do about Capitalism then?

      It was "*not* some Chinese conspiracy that have manipulated all our business leaders (and made our politicians foam the runway for them with treaties, grants and subsidies), into handing over the Keys of Everything to China, of course while knowing exactly what kind of regime China represent!

      It was personal Greed, unfettered by any restraints on "Markets", nothing else, that did all of that!

  16. Julian Garrett

    Sorry, but if that is Telnet, in 2011, open, with port available (and I cant believe I am saying this) *AT AN OPEN IP ADDRESS* then someone fucked up big time.

    TELNET!? Are you fucking serious? That is the most insecure protocol in the history of insecure protocols.

    1. Irongut

      The lack of reading comprehension amongst supposedly intelligent people amazes me. I'll repeat the part you missed, it was in the fifth paragraph so you didn't have to read far:

      "... It would not have been accessible from the internet," said the telco in a statement to The Register

      So you can reign in your disbelief and give your caps lock key some much needed rest.

      1. Anonymous Coward
        Anonymous Coward

        Sorry, slight problem there, which goes to the very heart of the issue. Huawei engineers are on the network all the time, using the OSS for software upgrades, technology and site additions etc.

        Vulnerabilities like this are vulnerabilities. Period. Huawei A) knows the full topology of the network B) by leaving these protocols running they can easily go from places they have access and control over to places they shouldn’t. I think the original criticism, while technically not consistent with the narrative, is more than valid.

        1. Anonymous Coward
          Anonymous Coward

          If Huawei engineers are on the network all the time then you have a problem with not employing your own staff to do the work and manage the kit. That's like inviting a burglar into your house and complaining they can steal your shit.

          Some of the comments on here trying to justify the original incorrect article because it fits the narrative given to you by dubious press sources is astounding. Nobody will ever find a back door because there isn't one and as a company it would be suicide to ever put one in. Do people honestly think that some of the brightest people at various spy agencies around the world haven't already checked or do people think that Huawei are some kind of Chinese James Bond style villain with a cat?

          1. A.P. Veening Silver badge

            Nobody will ever find a back door because there isn't one and as a company it would be suicide to ever put one in.

            In that case Cisco committed suicide.

          2. Julian Garrett

            I have stuck my neck out here by adding my name to this reply - have 20 years experience in mobile networks, worked for every vendor and 12 operators.

            It’s very routine to have the vendors engineers do the entirety of any software upgrade.

            A) they have the experience with this. They are the domain experts on their kit

            B) it makes them accountable if something goes wrong. There was a very well publicised case in NZ about 10 years back where Alcatel-Lucent took Telecom NZs mobile network off air for a number of hours due to a patch loaded on top of a patch without verification. Cost A-Lu 10’s of millions. If TNZ did it themselves it would have been zero.

            In my current role as a national manager with MBNL in the UK, I am dealing with Ericsson and Huawei who both have managed services and deployment contracts and directly touch the network all day every day.

            1. Anonymous Coward
              Anonymous Coward

              I'm not in telecomms, but I would have thought the biggest risk was the operational risk of having all one kind of kit on a network. *If* there is a flaw, vulnerability or even a failed upgrade that bricks the kit then it bricks your network. If you have multiple vendors in parallel then you have added resilience. However that doubles (at least) the cost and complexity of the infrastructure.

          3. Anonymous Coward
            Anonymous Coward

            *If Huawei engineers are on the network all the time then you have a problem with not employing your own staff to do the work and manage the kit. That's like inviting a burglar into your house and complaining they can steal your shit.*

            - Ever heard of a managed services contract? that's *EXACTLY* what it is. Im sorry but you must have never come across outsourcing before.

            1. Anonymous Coward
              Anonymous Coward

              I know what a managed service contract is and how it works and yes you and others do have a point, it's how you manage these managed services and what risk you are willing to expose yourself to by doing it. The idea is that you pay for staff to do the management and training involved to minimise the risk, sure it's going to cost you more but then the kit probably cost you less.

              I'm also not sure what the total risk there is, if it's the 5g backbone then isn't that just the phone to base station to internet hardware and if so what is the potential problems they could cause? If someone could answer that would be grand.

          4. Anonymous Coward
            Anonymous Coward

            >or do people think that Huawei are some kind of Chinese James Bond style villain with a cat?

            The pussy connection may explain PotUS' interest in them?

      2. Kevin McMurtrie Silver badge

        I'm not entirely sure about the "not have been accessible from the internet" part. Telnet has no two-way handshake to get started. That means that you can abuse the payloads of other systems to issue telnet commands. For example, you could use HTTP POST to send telnet commands in the HTTP body. The HTTP header would probably spew some errors on the Telnet device but that wouldn't harm the payload execution.

      3. Dagg Silver badge

        "... It would not have been accessible from the internet," said the telco in a statement to The Register

        Yep, but it is accessible to something internal and that something may have a hidden backdoor that is accessible to the internet.

        Consider also that Telnet may just be a terminal interface but remember in days gone by many of us old farts used glass TTY terminals to access systems, write, compile and run software we could also open / close ports change configuration and basically manage the whole system via telnet. Custom coded backdoor anyone....

    2. HieronymusBloggs

      TELNET!?

      "That is the most insecure protocol in the history of insecure protocols."

      Is that you, Donald?

      1. Giovani Tapini
        Trollface

        Re: TELNET!?

        I'm not at all sure its worst, try FTP, clear text, dual port bulk data transferring protocol. Try again

  17. J.G.Harston Silver badge

    ANYBODY CAN DISABLE MY BURGLAR ALARM!!!!!!

    Just by the simple expedient of breaking into my house, finding where I've hidden the key, and finding where the control box is, working out what my PIN is, they can UNLOCK THE CONTROL BOX AND DISABLE THE ALARM!!!!

    1. Jamie Jones Silver badge
      Happy

      AND NOW YOU'VE MADE IT EVEN EASIER BY TELLING THEM HOW!!!!1!

      THE SKYYYYY IS FALLLLINNNNNNNNNNNNNNNNNNNNNNNNNG!

  18. aks

    It does feel like the USA don't like Huawei because they don't include NSA approved backdoors.

    This is the same feeling I have about Kapersky being blacklisted because they discovered NSA malware and reported it.

  19. anonymous boring coward Silver badge

    What an amazing load of utter bollocks that is spread about Huawei!

  20. Craigie

    Orange

    Clearly someone high up in Bloomberg snorts a lot of orange powder. Unfortunatel.

    1. GrumpenKraut
      Thumb Up

      Re: Orange

      > Unfortunatel

      O2 really should rename themselves to that!

  21. croc

    All this hoo-haa aimed at Huawei, and no one is making a big deal about the IoT threat. Given that much of the IoT thingys are made in China... Not to mention many of the mobile handsets, including Trumps favorite unsecured iPhone....

  22. martinusher Silver badge

    Another Bloomberg Coup!

    I saw this report on the news feed and the first thing that came to my mind is "Wasn't it that lot that ran the report about the secret Chinese spy chip?". And so I dismissed the whole report as just crap.

    Now we discover its a Telnet port. Telnet isn't particularly secure but it rather depends on the context. I wouldn't use it on the public Internet unless I was interested in honeypots (for example) but there are lots of times its perfectly adequate. Its also really easy to turn off.

  23. Dan 55 Silver badge
    Facepalm

    Oh FFS

    Name me a shitty ISP-supplied router that didn't have the telnet port open on the LAN side in 2011.

  24. Anonymous Coward
    Anonymous Coward

    The Real Risk

    While there is a technical back door access risk from allowing Huawei to supply equipment, the bigger risk is the Huawei “University” education program.

    It has allowed them to embed themselves in various University and corporate education programs.

    Education might seem like a good thing, but the broader strategy of multi-channel re-education for positive influence and perception, has typically meant that regardless of if Chinese firms are teaching technology, language, or anything else, they tend to include pro-China messaging to persuade people into their belief system, which includes contradictions to many current Western beliefs.

    1. Gonzo_the_Geek

      Re: The Real Risk

      Tinfoil hat a little tight there darling?

    2. Malcolm Weir Silver badge

      Re: The Real Risk

      Ummm... I don't think you've been to, say, Shanghai. You'd see that there are contradictions between Chinese beliefs and Chinese policy and Chinese reality. Yes, it's weird, but no stranger than some of the delusions that Americans have about the USA (e.g. the contrast between the US and the UK requirements for ID raises some questions about "the land of the free"...)

  25. Fursty Ferret

    Catflaps...

    Characterising this sort of Telnet service as a covert backdoor for government spies is a bit like describing your catflap as an access portal that allows multiple species to pass unhindered through a critical home security layer.

    Yeah, but if you can reach through the catflap and unlock the door from the inside it's not that secure, is it? Now, you could have a microchip controlled catflap, but all you have to do is hang around for the appropriate passwor-, I mean, cat and stuff it through the flap first.

    I think that catflaps should be the new way of describing security problems.

    1. SolidSquid

      Re: Catflaps...

      The internet is a series of tubes with catflaps in them?

      1. Anonymous Coward
        Anonymous Coward

        Re: Catflaps...

        That would explain the reason why of all those cats images/videos going around...

    2. CrazyOldCatMan Silver badge

      Re: Catflaps...

      but if you can reach through the catflap and unlock the door from the inside it's not that secure

      In the days when we had two fairly big dogs (a GSD/Rottie and a Doberman/Rottie) we had an A4-sized cat door so that they could come and go into the garden at will.

      One of our (more clueless) friends wondered whether a cat door that big was a security problem - especially given that I (and I'm not small) could wriggle in through it.

      We pointed out that we needed a door that big because of the big dogs that we had and that most[1] burglars would be somewhat wary of going into a house with about 100kg of big black 'n tan dogs inside..

      Although, it wouldn't be the big dogs you had to worry about - it would have been the JR/Staffie cross or (most likely) the miniture dachshund[2] that would have gone for you.

      [1] Never underestimate the stupidity of criminals. Which is why most of them get caught.

      [2] She had levels of paranoia I've only ever seen in calico cats. If she had had brains, she would have been dangerous[3]..

      [3] Some of the local yoof managed to kick their ball into our back garden when said dachsund was in the garden. I heard one of the yoofs climb onto the grit-bin just outside the fence and say "it's OK - they only have a small fluffy dog - climb over and get the ball". Said yoof got down and was replaced by a slightly more dexterous one. In the meantime, the two big dogs had wandered out to see what the dachsund was barking at.. DexterousYoof then went to climb over the 6-foot fence, saw the B&T's and much swearage ensued along with the words "I thought you said they only had a little dog!". They ended up knocking on the front door to ask for their ball back. Apparently, we generated much street-cred[4] by having such big, fierce-looking dogs[5].

      [4] Something I don't think I'd ever possessed before or since.

      [5] They might have been big but they certainly were not fierce - the one time that we had someone stealing the lead off the bay windows, I tried to get the Dobie-cross to come out with me to see what was going on. She refused and hid behind my wife.. So I guess that we did slightly too good a job of being the pack alphas.

  26. flayman Bronze badge

    I agree that China needs reigning in, but this is pathetic. Let's not forget that the NSA was shown to have been operating "upgrade" factories where intercepted network kit from American companies like Cisco were implanted with unauthorised firmware for spying on foreign customers targeted for surveillance. Clearly the fact that Huawei is a state run company makes little difference in practice when the spies get involved.

  27. T. F. M. Reader

    In fairness...

    Yes, on the face of it it sounds quite ridiculous to call telnet a backdoor in general. However, I took the trouble to read the Bloomberg piece, and the devil seem to be in the details.

    What I understood was that Vodafone specifically prohibited telnet on their kit as a matter of policy (reasonable given how insecure telnet is). Apparently, Huawei's equipment had a telnet service (yes, it is a service/daemon, whether or not it is launched through inetd) running and undocumented. It was discovered during an independent security test. Then there was some ping-pong between Vodafone and Huawei regarding whether telnet should be stopped, or completely removed, whatever. Aparently, Huawei agreed to remove the code, then tried to hide the fact that they didn't, and then argued that they could not remove it for "quality purposes". That caused eyebrows to be raised back then in 2009 and 2011 (the quote regarding "political background" and Huawei not proving they were an "honest vendor" is not current but dates to that time).

    No, it doesn't seem like a malicious backdoor[*]. And one doesn't need to panic, especially since the thing was fixed around 2011 (and Voda keep buying from Huawei). However, a lot of comments here sound as if Bloomberg didn't even realize it was telnet. They did and wrote that in multiple places in the article. I think the whole point was that it was present despite a specific policy prohibiting it and after promises to remove it

    [*] It does remind me, maybe unfairly, of things like a manufacturer's maintenance password on your home router or an undeclared microphone on a smart thermostat, and those wouldn't be considered completely benign, would they?

    1. Dan 55 Silver badge

      Re: In fairness...

      What I understood was that Vodafone specifically prohibited telnet on their kit as a matter of policy... It was discovered during an independent security test.

      Nobody at Vodafone could type telnet 192.168.1.1 to check?

  28. Radio Wales
    Black Helicopters

    Empty minds make much hay.

    All this furore over an industry standard (ahem) back door, leaves me wondering about the science of leaving secrets in plain view because nobody ever looks there.

    Then there is is the deeper suspicion that some 'people' are upset that it is now the Chinese who are collecting all our secrets instead of the Americans.

    There are going to be words over this... Definitely! Things will be said - and probably regretted.

  29. JeffyPoooh
    Pint

    OMG!!!!!!!!!!!!

    It turns out that my router has an 'Admin' web server (browser accessed) control panel that is potentially accessible from ANY PC ON MY LOCAL NETWORK!!!

    OH MY GAWD!!!

    THINK OF THE SECURITY IMPLICATIONS!!

    Worse still, there is a router setting that would permit accessing the Admin page from ANY PC IN THE WORLD! One cosmic ray bit flip, and the state sponsored hackers would be in like Flynn.

    Call Bloomberg!!!!

    1. sebbb

      Re: OMG!!!!!!!!!!!!

      And what about ISP routers being accessible from their network for "troubleshooting purposes" and then some random support guy trying to solve my connection falling every 10 minutes decides to change my WiFi net name from the call centre? Big Red does this all the time.

  30. Brent Beach

    Tactic 42

    This bit of trade negotiation - which involves accusing a Chinese company of espionage in order to get a better trade deal and is Trump negotiation tactic number 42 - will eventually be resolved with a trade deal. The deal will be called Trump China Best Ever Trade Deal.

    At that point, all the misdirection about Huawei back doors will end and the poor American back door vigilantes will be left with nothing. No great conspiracy that they thought they had discerned through the use of their back-door detecting super power. The Huawei back door conspiracy theory will slip from the front pages of American newspapers (particularly in Bloomberg) and Fox Opinion programs into some deep part of Reddit.

  31. Anonymous Coward
    Anonymous Coward

    Additive naivete FTW

    Pre-paid SIM w/data. nmap. Reserved IPs for internal use. (https://en.wikipedia.org/wiki/Reserved_IP_addresses)

    Oops, the management vlan is routed to the user space.

    Sorry about the testing port we left active.

    Apologies for the hard coded testing admin p@55w0rd login on the core hardware.

    Regrets about the lack of password failure lockout/timeout policy.

    Yes, additive naivete is real. wEEEEEEEEEEEE

  32. Aodhhan

    I think there was a bad interpretation

    The Chinese actually meant to say,

    We are now aware, that you are aware of our maintenance access points installed in 2012.

    You can rest easy, as the Chinese government has no ambition to use this for any purpose

    because we have newer, faster, and quieter interfaces to use now.

    This information of course, has been passed on to the Chinese military for investigation purposes.

  33. Nifty Silver badge

    Whatever happened to if it looks like a duck?

    1. CrazyOldCatMan Silver badge

      Whatever happened to if it looks like a duck?

      Usually, it gets served up with hoisin sauce and cucumber, all wrapped in little unleavened wraps..

      Hmmm. Chinese food. Hungry now.

  34. Colin Ritman

    Yet again

    The idiot press make themselves even more pathetic in their desperate need to create clickbait.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like