Huawei Phones Likely Spying on You Sez US Intel Chiefs

[Zarathustra[H]]

As long as we keep in in perspective ........

Telling Americans not to buy Huawei phones isn't the same as China telling the Chinese people not to buy ........ um......I'm sorry but I can't actually think of a phone that isn't made in China because even the Korean ones are so .......
And if they aren't made in China then it's mostly either Taiwan or Vietnam.

There is an ENORMOUS difference between "made in" and "designed in"

Sure, "made in" carries some risk. There is always a chance that something uncouth goes on that the design owner is unaware of.

"Designed in" however, is the huge problem. They can do absolutely anything they want, and there is nothing we can do about it

 

[pcgeekesq]

There is an ENORMOUS difference between "made in" and "designed in"
Sure, "made in" carries some risk.

It sure does. Back in my SCUBA diving days, I owned a high-end Buoyancy Control Device (BCD) from an American company. It had a dump valves that included springs made in China. The springs were supposed to be made using marine-grade stainless steel, that wouldn't corrode in salt water-- and the first few lots, the ones that were tested for acceptance, were.

But then the Chinese company making the springs decided to make some extra profit by using a cheaper stainless steel that wasn't marine grade. Once in the sea water, the springs started to rust, leading to malfunctions of the dump valves. And as any diver can tell you, having all the air unexpectedly dumped from your BCD isn't good, since you will then start sinking and have lost your primary-- and perhaps only, depending on how lean you are and whether you are using steel or aluminum tanks-- means of stopping that.

The American company recalled the BCDs and replaced all the springs-- not cheap. The Chinese company blamed a low-level manager and fired them.

So yes, "made in China" carries risks. Risks that the product wasn't made to spec, and might kill you.

 

[lcpiper]

There is an ENORMOUS difference between "made in" and "designed in"

Sure, "made in" carries some risk. There is always a chance that something uncouth goes on that the design owner is unaware of.

"Designed in" however, is the huge problem. They can do absolutely anything they want, and there is nothing we can do about it

So we are all actually off on a tangent here and now is as good a time as any to get things back on track.

First off, this story really isn't about telling Americans not to buy Huawei phones, It's the government telling itself that it needs to be careful about HuaWei and ZTE communications infrastructure equipment. It's also the government telling itself that it should be concerned about US Companies allowing themselves to become dependent on these companies or others like them.

Something about this story as it was originally link has changed. The early story had an embedded link to a .pdf file of the briefing and I was reading it. That link is gone or something else has changing pointing to a different story.

And for anyone who agrees with this author from this 2014 story;
https://spectrum.ieee.org/tech-talk...as-huawei-based-partly-on-nsas-own-spy-tricks

U.S. spies suspect Huawei of being able to embed computer exploits because they've already done it themselves

Keep in mind that this is a wheel that just keeps on turning and I'm not sure who gave it the first push.

In this story, the shoe is on the other foot, from back in 2008, which is about gear bought even before that.
https://www.infoworld.com/article/2...rried-as-dod-sold-counterfeit-cisco-gear.html

According to the FBI presentation, the fake Cisco routers, switches, and cards were sold to the U.S. Navy, the U.S. Marine Corps., the U.S. Air Force, the U.S. Federal Aviation Administration, and even the FBI itself.

Yes, all government that can, spy on all the governments that they think they need to spy on. The game is older than the light bulb, and no one is going to stop playing this game any time soon.

 

[pendragon1]

and people think jones is crazy for saying internet connected tvs can/are doing this...
ANYTHING with a mic/camera and an internet connect could be doing this.

 

[Gigus Fire]

There is an ENORMOUS difference between "made in" and "designed in"

Sure, "made in" carries some risk. There is always a chance that something uncouth goes on that the design owner is unaware of.

"Designed in" however, is the huge problem. They can do absolutely anything they want, and there is nothing we can do about it

Then there's this:
https://www.nytimes.com/2017/03/08/technology/personaltech/defense-against-cia-hacking.html
https://www.theregister.co.uk/2017/06/15/wikileaks_dumps_cia_wifi_pwnage_tool_docs_online/
https://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy
http://www.businessinsider.com/nsa-revelations-kill-ibm-hardware-sales-in-china-2013-10

Any way you slice it, when governments get into spying in normal products, everyone suffers. I'm not saying that Chinese spying is ok but US is not, but neither governments should be in the business of spying and telling people what manufacturers to use or not. Until people develop fully open and reviewed hardware and software for devices, it's safe to assume that there's people who are spying on you.

 

[lcpiper]

Then there's this:
https://www.nytimes.com/2017/03/08/technology/personaltech/defense-against-cia-hacking.html
https://www.theregister.co.uk/2017/06/15/wikileaks_dumps_cia_wifi_pwnage_tool_docs_online/
https://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy
http://www.businessinsider.com/nsa-revelations-kill-ibm-hardware-sales-in-china-2013-10

Any way you slice it, when governments get into spying in normal products, everyone suffers. I'm not saying that Chinese spying is ok but US is not, but neither governments should be in the business of spying and telling people what manufacturers to use or not. Until people develop fully open and reviewed hardware and software for devices, it's safe to assume that there's people who are spying on you.

You know, no one really likes to find out that someone is spying on them. You don't like to find out that your girlfriend is going through your shit while your taking a piss, that Mom found your Playboys, that your boss checked your web browser history, etc. But when it comes to stories about things your government does to spy on others, it really pays to find a way to place a value on what you are worth as a spy target. Take the first story, the CIA can compromise routers, I would hope so. I would hope that our premier spy agency has developed ways to break security on foreign communications equipment.

The second one, IBM and others lost a ton of business because the Chinese realized the risks of buying American goods following the Snowden leaks. Well one person might look at this and blame it on the NSA and say look what happened because of those assholes. But another person might look at the story and think, "God, not only did Snowden completely fuck intelligence operations against China, he fucked US businesses as well."

Again, number three, the NSA is intercepting goods in transit and implanting malware, excellent job guys, doing it right, because they aren't randomly snagging my router on the way to my house, they are intercepting shit on it's way to Iraq and Afghanistan and Pakistan and China ffs. But it's going to get more clicks if the reporter doesn't add that little nugget, or even better, they can mention it in the article but no one will pay any attention at all and still make the assumption that they themselves are the target. Trust me, there was another article about this one and it specifically said that they only have ever done this to targets in other countries, never domestically, but everyone just ignored that.

Guys, every one of us is someone's target. Maybe it's Google, maybe Huawei, perhaps the FBI, but if you are a US Citizen and you aren't doing shit you shouldn't be doing, then the NSA is probably not looking at you.....unless you work for them then they are all in your shit so.

 

[A Little Teapot]

Correction: Huawei phones are spying on you which means we can't. So please buy American next time.

 

[Cheveyboy]

I read the title real quick and thought that Intel was woofing some shit about some other companies product's security. Then I realized it was the US government.

 

[kinjo]

The NSA is just mad that someone else is in the game

"we here at Huawai know you have a choice in who anonymously collects all of your private data without your permissions and we thank you for choosing us"

 

[Gigus Fire]

You know, no one really likes to find out that someone is spying on them. You don't like to find out that your girlfriend is going through your shit while your taking a piss, that Mom found your Playboys, that your boss checked your web browser history, etc. But when it comes to stories about things your government does to spy on others, it really pays to find a way to place a value on what you are worth as a spy target. Take the first story, the CIA can compromise routers, I would hope so. I would hope that our premier spy agency has developed ways to break security on foreign communications equipment.

The second one, IBM and others lost a ton of business because the Chinese realized the risks of buying American goods following the Snowden leaks. Well one person might look at this and blame it on the NSA and say look what happened because of those assholes. But another person might look at the story and think, "God, not only did Snowden completely fuck intelligence operations against China, he fucked US businesses as well."

Again, number three, the NSA is intercepting goods in transit and implanting malware, excellent job guys, doing it right, because they aren't randomly snagging my router on the way to my house, they are intercepting shit on it's way to Iraq and Afghanistan and Pakistan and China ffs. But it's going to get more clicks if the reporter doesn't add that little nugget, or even better, they can mention it in the article but no one will pay any attention at all and still make the assumption that they themselves are the target. Trust me, there was another article about this one and it specifically said that they only have ever done this to targets in other countries, never domestically, but everyone just ignored that.

Guys, every one of us is someone's target. Maybe it's Google, maybe Huawei, perhaps the FBI, but if you are a US Citizen and you aren't doing shit you shouldn't be doing, then the NSA is probably not looking at you.....unless you work for them then they are all in your shit so.

Disagree completely. When you have any sort of products that rely on security and you compromise them, you are telling all foreign governments not to use those products.
The only way to exert dominance in the global marketplace is through economic means. The US is never going to get into a war with China and vice versa.
When you purposely do stupid shit to get your country's products banned in another country you're not helping at all.
Consumers get caught in the crossfire for stupid reason in all of this. I don't want anyone spying on me even if i have nothing to hide. There's a lot of evidence that points to massive surveillance programs enacted by my own government designed to capture everything. Who the hell wants that?

 

[janis2018]

Now I am very worried to continue using Huawei 4G router.

 

[Ididar]

Guys, every one of us is someone's target. Maybe it's Google, maybe Huawei, perhaps the FBI, but if you are a US Citizen and you aren't doing shit you shouldn't be doing, then the NSA is probably not looking at you.....unless you work for them then they are all in your shit so.

Except it has been shown that the NSA and CIA are hoovering up a whole lot of data on American citizens ... they just claim they're not using it. No, they're probably not reading most people's emails but they are gathering up a whole lot of domestic information.

 

[lcpiper]

Disagree completely. When you have any sort of products that rely on security and you compromise them, you are telling all foreign governments not to use those products.
The only way to exert dominance in the global marketplace is through economic means. The US is never going to get into a war with China and vice versa.
When you purposely do stupid shit to get your country's products banned in another country you're not helping at all.
Consumers get caught in the crossfire for stupid reason in all of this. I don't want anyone spying on me even if i have nothing to hide. There's a lot of evidence that points to massive surveillance programs enacted by my own government designed to capture everything. Who the hell wants that?

Are you imagining that someone is compromising every single router that CISCO sells at the factory or as they are being shipped? Is that how you imagine this happens?

Or are you considering that at "target" someone the NSA specifically wants to watch orders some equipment and the NSA takes advantage of that opportunity to make him vulnerable?

And do you not see the difference?

The US has already fought a war with China, it happened in the 50s, you know, they called it the Korean War.

 

[Gigus Fire]

Are you imagining that someone is compromising every single router that CISCO sells at the factory or as they are being shipped? Is that how you imagine this happens?

Or are you considering that at "target" someone the NSA specifically wants to watch orders some equipment and the NSA takes advantage of that opportunity to make him vulnerable?

And do you not see the difference?

The US has already fought a war with China, it happened in the 50s, you know, they called it the Korean War.

Didn't the NSA get caught with developing tools that circumvent security and having those toolsets leak to the public?
For hardware hacks i'm sure it's targeted. For software hacks and security compromises it's used everywhere. Eventually these security holes get known and utilized to cause lots of problems worldwide.

Proxy wars are slightly different than direct combat. The general gist of creating conflicts to stem the tide of communism was a bit short sighted. The soviet union didn't crumble from some war offensive, but through economic means.

 

[lcpiper]

Except it has been shown that the NSA and CIA are hoovering up a whole lot of data on American citizens ... they just claim they're not using it. No, they're probably not reading most people's emails but they are gathering up a whole lot of domestic information.

No it has not.

What has been shown is that the NSA was capturing meta-data on overseas calls, that was show. It was also well known for decades that the NSA was actually recording all overseas calls back in the analogue land line days.

But with Snowden's bullshit move the media has become experts in making everything sound like it's all connected and all something that it isn't.

There are millions of foreign nationals in this country all the time. Not all of them are here to innocently pursue lives of peace and prosperity, some are here with bad intent. Yes the government collects all sorts of domestic information, that's how to identify anomalies. You can't recognize what looks wrong if you don't know how things are normally supposed to look.

And when I talk about foreign nationals, I'm not just talking about immigrants, or illegal aliens. There are foreign workers on H1B visas, students on education Visas, my niece went to school here for a year without an education Visa, foreigners can simply pay for private schooling and come here as long as they have money and a sponsor. There is embassy staff, business travelers, people on vacation, foreign military here for long term training with the US military. I know of at least one German Air Force Unit that was stationed at the US Airbase in Alamogordo New Mexico for many years, they came with their families just like our servicemen frequently do the same in other countries.

Millions of people who interact with all elements of our society, academics, business, government, military, even our homeless. Any foreign intelligence service looking for ways to gain access to information has a broad spectrum of people who can be vulnerable and exploited. Americans who are not involved in these things frequently just can't imagine how vulnerable people are in so many other countries.

Oh, your in the US going to school, your working for us now and you are going to do what we tell you or else. It has been going on for hundreds and hundreds of years but today, these people are in the US and they talk on cell phones and send email and do all kinds of other things involving data that is passed acrossed US telecommunications systems.

Try and understand that there are well meaning up-standing good people. People who believe in our country and it's ideals, and value freedom and all that the US Constitution stands for, and that they are willing to fight in their own ways to protect our rights and freedoms. And these good people who believe and use their voice, sometimes just don't get it. They don't get how easily they can be used. They don't get that not everyone is their friend. They don't get that there is a constant struggle going on to identify and locate real threats and that in their ignorance, they can't even see a threat that's right in front of them almost every day of the week.

And try to understand that the people who do this kind of work don't see people like you as an enemy or a bad guy, even if you have a few things wrong. But they do get tired of being accused of being such assholes all the time when they really aren't planning evil things against you.

And I'll tell you what's worse. It's these people who have decided that the ends justify the means. That because they believe something is wrong or bad, that it justifies anything that they might do. People in the government who abuse their position and the trust placed in them because they don't personally agree with something that someone is doing. I'm not talking about a true whistle-blower but a leaker, yes. Someone who refuses to do their job properly as directed, and instead of quitting, they sabotage the effort so that it will fail. How can we, as citizens of this country have any faith in our government if our government people won't do their jobs because they don't agree with something.
These people, they have a responsibility to the people of this country to do what they are supposed to do.

I'm not talking about following an illegal order, or doing something that they find morally and ethically wrong. If someone can't do something for such reasons they have a responsibility to all of us to stand up and say so, to refuse and say why. Not to be cowardly little pricks and sneak out of the office with classified information stuffed in their panties to give to the media.

As to this news article, try to keep something else in mind. China doesn't see North Korea or South Korea as separate countries or sovereign nations. Just like Hong Kong and Taiwan, Chine sees the Koreas as part of China. The Han Dynasty was all about the Han people. When the Han Dynasty ended, those people fled to the Korean Peninsula and cut themselves off from the rest of China, sort of. I'm married to a South Korean, she's a US citizen now but I've learned that non of it is simple, not of it is easy. South Korea looks like it's closer to the US than it is to China but that's not even a little true. It would be closer to the truth to say that China allows South Korea to pursue westernization as an experiment and they keep North Korea the way it is because every experiment needs a control group. But make no mistake, an elephant has two ears and they sometimes flap in different directions but the elephant doesn't for it has ears any more than the ears forget what they are a part of.

 

[lcpiper]

Didn't the NSA get caught with developing tools that circumvent security and having those toolsets leak to the public?
For hardware hacks i'm sure it's targeted. For software hacks and security compromises it's used everywhere. Eventually these security holes get known and utilized to cause lots of problems worldwide.

Proxy wars are slightly different than direct combat. The general gist of creating conflicts to stem the tide of communism was a bit short sighted. The soviet union didn't crumble from some war offensive, but through economic means.

You say "got caught" as if they were doing something wrong.

The NSA had hacking tools that were on systems used for operations on the internet stolen by a contractor and they got out.

Proxy wars? Perhaps you should reacquire yourself with the People's Volunteer Army and reassess the idea that the Korean war was a proxy war.

After WW2 nobody really wanted to be fighting a war including the US. China thought they could chase the US and Western Democracy away from the Korean Peninsula without a major fight because they didn't think the West would care enough about it but that wasn't the case. When the "official" North Korean Army failed China created the PVA from their own Army, the PLA. And China went to war with the US and the UN and both sides let that go "officially". They agreed to keep the mess on the peninsula and not let it spread everywhere else because China was still trying to rebuild after the Japanese Occupation and the destruction of WW2.

This was not a proxy war, no one was fighting it for China, the US had allies but the US also had skin in the game and their name on the line. And the Soviet Union collapsed under it's own weight and unrealized goals, like the invasion and occupation of Afghanistan. I'm not saying Afghanistan was the big cause, it was one of many that had an impact on a struggling economy.

And the US didn't create the conflict in Korea. Try not to forget that the China that "allowed Korea to align with the West, was not the same China that promoted that war. There was a little turnover involving Chang Ki Shek and Mao Tse Tung and the new landlords decided they didn't like what the inherited in the turn over.

 

[bman212121]

Now I am very worried to continue using Huawei 4G router.

I haven't seen any reports of anyone pointing out that their devices are in fact compromised, and that having a router would instantly mean that all of your traffic passing through it is logged, sent up to somewhere, and also all of your TLS traffic using PFS is instantly decrypted whenever it passes through the router. There are tons of smart people out there who would be picking this stuff apart left and right if they saw something like this happening, but I haven't see anything from security researchers claiming they've found something. As I alluded to with a previous sentence, encryption starts at device, and ends at the device, so you shouldn't have to worry about someone trying to see information that is being passed as long as it's encrypted. Could someone with a vast amount of computing resources break it? Possibly. Would it be worth their time or cost effective to do so? Not at all. If you really wanted to get at data, it's way easier to get it before it's encrypted, which isn't possible to do from a router. (It's definitely possible to do from a phone, which is where this thread originates from. Malware on the phone can also get at data before it's encrypted)

 

[lcpiper]

I haven't seen any reports of anyone pointing out that their devices are in fact compromised, and that having a router would instantly mean that all of your traffic passing through it is logged, sent up to somewhere, and also all of your TLS traffic using PFS is instantly decrypted whenever it passes through the router. There are tons of smart people out there who would be picking this stuff apart left and right if they saw something like this happening, but I haven't see anything from security researchers claiming they've found something. As I alluded to with a previous sentence, encryption starts at device, and ends at the device, so you shouldn't have to worry about someone trying to see information that is being passed as long as it's encrypted. Could someone with a vast amount of computing resources break it? Possibly. Would it be worth their time or cost effective to do so? Not at all. If you really wanted to get at data, it's way easier to get it before it's encrypted, which isn't possible to do from a router. (It's definitely possible to do from a phone, which is where this thread originates from. Malware on the phone can also get at data before it's encrypted)

This thread is not about an article focused on Huawei phones, it's focused on the US Government studying Huawei and ZTE and deciding that they need to stay away from communications infrastructure equipment made by those companies, and that they should continue to urge US business do the same, and that even phone sales should be suspect. Phones are at the bottom of the list, they don't make up the list.

 

[mustang_steve]

Meh, if some bigwig in China wants to see my dick pics , more power to them. I shall continue using my "red phone". After all, every phone we use is made in China, so enough of the fearmongering.