How would Huawei spy on your network?

Last week the talk was about a story about former head of the CIA and the NSA, Michael Hayden, who thinks Huawei are spying on networks that have installed their kit. Link here to the Register story though it appeared in a lot of places.

One has to think about how Huawei might do this without the network operator knowing?

paul sherrattI had a chat about this with one of our networking gurus Paul Sherratt (pic inset – good looking boy) and this is what he had to say:

“They would write traffic tap/backdoor code into pre-shipped FPGA firmware or on an ASIC, hidden from any local intelligence agency code review body.  If for spying/traffic tap function, there would be some safeguards against activating the code if the router believes it is under test/non-production conditions.  There may also be some kind of ‘Hello, I am here’ call-out, which for example may be done by modifying a large DNS request packet contents and padding to the same length to avoid detection by looking at packet headers.

Whether that is even possible will depend on the hardware design – so that should also go through a full review by an intelligence body to determine if pre-shipped chips are an intelligence risk.  If they are, the only way to 100% prevent it happening would be to fully review the ASIC design and manufacture outside of China, which would probably rule out Huawei as a supplier.

It would be easier to implement in software/FPGA firmware, but easier to tackle from a security standpoint.  All software and FPGA firmware would be compiled after intelligence review and installed on network equipment after shipment.  If I were China, I may find it easier to get software engineer spies working for a more ‘trusted’ vendor not imposed with the same level of hardware and software review.”

It’s a tangled web innit? It feels as if we should be looking over our shoulder all the time.

As a footnote I used to work in the chip business. The company I worked for produced military ASICs amongst other things. it was quite common for chip designers to leave little messages or their names etched into the metal layers in empty spaces a chip. I remember once one of the guys leaving the words  “live fast die young” in the corner of a chip. They had to redo the metal mask and re-manufacture the whole chip. It was destined for a high reliability application where the notion of dying young was not too popular! Good times…

Published by Trefor Davies

Liver of life, father of four, CTO of trefor.net, writer, poet, philosopherontap.com

Join the Conversation

  1. Trefor Davies

7 Comments

  1. You’ve also got to assume that the network running the gear isn’t sufficiently instrumented to be able to spot the “phone home” traffic, or that the “phone home” traffic is either heavily obfuscated, or cleverly compressed so that it can be dismissed as “noise”.

  2. And now days we are all actively carrying around a Camera ,Microphone and GPS.
    Whose to say the likes of Nokia are not tracking/watching / listening to us all ?

  3. “Whose to say the likes of Nokia are not tracking/watching / listening to us all ?”

    Why would they? they don’t sell enough phones! 😉

  4. It’s a tangled web innit? It feels as if we should be looking over our shoulder all the time.

    As a footnote I used to work in the chip business. The company I worked for produced military ASICs amongst other things. it was quite common for chip designers to leave little messages or their names etched into the metal layers in empty spaces a chip. I remember once one of the guys leaving the words ”live fast die young” in the corner of a chip. They had to redo the metal mask and re-manufacture the whole chip. It was destined for a high reliability application where the notion of dying young was not too popular! Good times…

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.