Is Huawei Safe?

The Huawei story is infuriating to me because there is no way to tell whether their equipment really is compromised. As far as I know, nobody has actually found any suspicious devices or malicious code hidden in their products. It is just that they seem like they might be corruptible. Trouble is, so do a lot of other companies.

The real issue is to work out how we can trust anything when technology is insanely complicated and we are just stupid, ignorant apes with an inflated sense of our own abilities?

The situation is unlikely to get any clearer regarding Huawei. The security accusations seem to be based on the idea that the Chinese government could have people inside Huawei, which is true, but exactly the same accusations could be levelled any other company from any other country that we don’t trust. And it is not like a massive proportion of non-Chinese companies don’t manufacture all their stuff in China using factories that could just as easily also be infiltrated.

There are also allegations of poor treatment of staff. These do sound depressingly plausible, and I don’t want to minimise those, but I do want to focus on the security issues specifically here.

If we are drawing up a shitlist then it might as well include all countries as any country could infiltrate or corrupt a company based there, either with the knowledge of the company or without. It is not just China and Huawei. Could Putin have bad guys inside Kaspersky Lab? Sure. Was there any evidence that he actually did? Not as far as I know. Could Trump have bad guys inside, say, Cisco? OK. Well, maybe not Trump, but some actually competent part of the US government? Sure. Do they? Not as far as I know. Could Emmanuel Macron be inside my Mum’s Alcatel phone messing up her text messages? Well, almost certainly not, but theoretically, yes, sure.

OK. So let’s do it all in the UK?

Yeah, right. Any sensible suggestions?

Sorry. Just my little joke. Besides, it would be foolish to believe that our government is significantly more trustworthy than many others. It is just rather less competent.

So, how do we fix this? How can we make it so that we can trust a piece of network equipment when we can’t 100% trust its manufacturer or the supply chain?

One alternative is to not trust the network at all. Treat your own network as no safer than some random public wifi and just rely on end to end encryption for everything. That works well for preventing data theft but doesn’t address other concerns such as the possibility of a hidden killswitch which could be used to take down the whole network remotely in a cyberattack.

I have a different suggestion and I do not think that it is completely impractical for very large companies and government agencies to implement.

  • The device should use only trustworthy commodity chips so that there is no risk of anything dodgy baked into the chips themselves, provided the chips’ authenticity is verified.
  • The device should be manufactured at a site supervised by independent inspectors. (Which will have the additional advantage of keeping an eye on the treatment of the workforce.)
  • The device should be supplied with blank firmware (or some disposable temporary firmware just to allow QA tests on the hardware).
  • The device should not be firmware upgradable over the network without some physical access being required to enable it. (e.g. new firmware can be uploaded but it is not actually flashed unless somebody presses a physical button on the device and is discarded if nobody presses the button after a short time.)
  • The device should be supplied with full source code for the firmware and a recommendation as to which third party compiler to use on it. The source can be released as true Open Source or just provided under a proprietary licence. True Open Source is better as that allows for many other people to audit the code too and hence distributes the cost of auditing.
  • The company or agency purchasing the device can inspect the hardware to verify that it is as claimed, audit the firmware source code for bugs and backdoors, compile the firmware themselves, inspect the results and then flash the device once they are satisfied.
  • Once flashed with the audited firmware the device should be installed in a secure facility.

Now that may put a large burden on the customer but if the customer wants to inspect everything then they are already volunteering for that burden. This gives them a chance to dig as deep as they need to in order to achieve the level of confidence that they require. The biggest downside here is that it prevents the use of proprietary chips. That might be a hit worth taking in some applications. The manufacturer could make a special edition of their product without proprietary chips for sale into security conscious markets and let the customer decide whether they are willing to accept a slower, bulkier, less power efficient, and/or more expensive device.

In the meantime, I don’t trust the Chinese government any further than I can spit it but I also don’t see any reason yet why Huawei should be regarded as a greater risk than other Chinese companies and factories which are trusted to manufacture equipment for western companies often without a second thought.

Advertisements

April 27, 2019. IT, Politics, Security, Sensible.

Leave a Comment

Be the first to comment!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback URI

%d bloggers like this: