nanog mailing list archives
Re: China Showdown Huawei vs ZTE
From: Saku Ytti <saku () ytti fi>
Date: Tue, 24 Apr 2018 23:10:51 +0300
On 24 April 2018 at 21:45, Naslund, Steve <SNaslund () medline com> wrote: Hey,
The US Government considers Huawei and ZTE to have "close ties" to the Chinese government according to the Director of National Intelligence along with the heads of CIA, FBI, and the NSA as stated in testimony before the Senate Intelligence Committee. The founder of Huawei is the former engineering officer of the People's Liberation Army of China. Now, this only applies to US Government agencies according to their acquisition rules but there have been moves by the FCC to ban these devices from US cellular network. I am not advocating for or against any of these policies and you can run what you want (assuming it can be imported). I myself would be nervous running Huawei code in a device if a cyber war broke out between the US and China.
Thank you for the insight, quite interesting. Call me naive, but I don't think sticker in device has any implications on security, as components and code are sourced through complicated chains through various jurisdictions. Let's assume for a moment that attacker is NSA, I don't think that NSA would want to even push project through Cisco or Apple via official channels, even if legally allowed, to get some secret backdoor installed, because too many people would be involved in the project and controlling the information would become challenging. Two years from now lot of those involved people might be in different company or different country, how to avoid them from exposing the information? It seems much better vector would be to target individual person with commit rights, ensure you have leverage over them, then ask them to commit specific set of abstruse code, which is likely to pass code review but introduce functionality which benefits your agenda. Even if this one person would talk, would they know it was NSA, if they knew, would anyone believe them? Why would China work differently? Why not pwn one Cisco employee in India to get the code in that the party sees beneficial? -- ++ytti
Current thread:
- RE: China Showdown Huawei vs ZTE, (continued)
- RE: China Showdown Huawei vs ZTE Colin Stanners (lists) (Apr 24)
- Re: China Showdown Huawei vs ZTE Suresh Ramasubramanian (Apr 20)
- RE: China Showdown Huawei vs ZTE STARNES, CURTIS via NANOG (Apr 20)
- Re: China Showdown Huawei vs ZTE Colton Conor (Apr 20)
- Re: China Showdown Huawei vs ZTE Saku Ytti (Apr 24)
- Re: China Showdown Huawei vs ZTE Colton Conor (Apr 24)
- RE: China Showdown Huawei vs ZTE Naslund, Steve (Apr 24)
- Re: China Showdown Huawei vs ZTE Saku Ytti (Apr 24)
- RE: China Showdown Huawei vs ZTE STARNES, CURTIS via NANOG (Apr 24)
- RE: China Showdown Huawei vs ZTE Naslund, Steve (Apr 24)
- Re: China Showdown Huawei vs ZTE Saku Ytti (Apr 24)
- Re: China Showdown Huawei vs ZTE Alan Buxey (Apr 26)
- Re: China Showdown Huawei vs ZTE Saku Ytti (Apr 26)
- RE: China Showdown Huawei vs ZTE STARNES, CURTIS via NANOG (Apr 20)
- Re: China Showdown Huawei vs ZTE Aaron Gould (Apr 24)
- Re: China Showdown Huawei vs ZTE Saku Ytti (Apr 24)