Categories
Engineer internet online safety security

How would Huawei spy on your network?

Last week the talk was about a story about former head of the CIA and the NSA, Michael Hayden, who thinks Huawei are spying on networks that have installed their kit. Link here to the Register story though it appeared in a lot of places.

One has to think about how Huawei might do this without the network operator knowing?

paul sherrattI had a chat about this with one of our networking gurus Paul Sherratt (pic inset – good looking boy) and this is what he had to say:

“They would write traffic tap/backdoor code into pre-shipped FPGA firmware or on an ASIC, hidden from any local intelligence agency code review body.  If for spying/traffic tap function, there would be some safeguards against activating the code if the router believes it is under test/non-production conditions.  There may also be some kind of ‘Hello, I am here’ call-out, which for example may be done by modifying a large DNS request packet contents and padding to the same length to avoid detection by looking at packet headers.

Whether that is even possible will depend on the hardware design – so that should also go through a full review by an intelligence body to determine if pre-shipped chips are an intelligence risk.  If they are, the only way to 100% prevent it happening would be to fully review the ASIC design and manufacture outside of China, which would probably rule out Huawei as a supplier.

It would be easier to implement in software/FPGA firmware, but easier to tackle from a security standpoint.  All software and FPGA firmware would be compiled after intelligence review and installed on network equipment after shipment.  If I were China, I may find it easier to get software engineer spies working for a more ‘trusted’ vendor not imposed with the same level of hardware and software review.”

It’s a tangled web innit? It feels as if we should be looking over our shoulder all the time.

As a footnote I used to work in the chip business. The company I worked for produced military ASICs amongst other things. it was quite common for chip designers to leave little messages or their names etched into the metal layers in empty spaces a chip. I remember once one of the guys leaving the words  “live fast die young” in the corner of a chip. They had to redo the metal mask and re-manufacture the whole chip. It was destined for a high reliability application where the notion of dying young was not too popular! Good times…

Categories
Business video voip

WWF, VC, HD @wembley

You might ask yourself what WWF has to do with VC and HD? In fact you are probably wondering what the acronyms actually stand for and what have they got to do with Wembley.

 

We are talking World Wide Fund for nature, Video Conferencing and High Definition. (I knew that do I hear you say 🙂 ) and all three were being discussed at a Polycom seminar held looking down at the magnificence that is  the pitch at Wembley Stadium.

 

WWF is launching a programme to help businesses cut the number of flights by 1 in 5 and as a leader in the VC game Polycom found it expedient to have representatives along to make a presentation.

 

Obviously Polycom is using Global Warming and the need to reduce carbon footprints as a sales tool for its VC systems but the cynics amongst you should not poo poo this as it is a perfectly valid/nay sensible thing to do. VC does help cut down on business travel and thus helps save the planet as well as reducing costs.

 

One of the reasons I attended was to hear what Polycom was doing with Microsoft on OCS. Turns out they make some of the handsets and are producing a couple of VC products (HDX4000 and HDX8000) that integrate with OCS (more details anon I’m sure).

 

What really interested we was the fact that Microsoft has 11,000 staff working on rich media collaboration, apparently more than the rest of the industry put together. One of the OCS phones doesn’t even have a keypad. Microsoft is saying that you only need your desktop. The Polycom perspective on this is that businesses haven’t gone for desktop VC because of the difficulty of maintaining dispersed resources. It’s hard to see Microsoft getting this wrong.

 

A number of OCS case studies were presented. Gibson guitars reduced calling costs by 75% using OCS.  Prodavka reduced phone costs by 50%

 

There were lots of other interesting facts being bandied around:

 

  • China is the second biggest market for VC behind the USA
  • The biggest issue facing adoption of VC is the ability to reserve resources. ie room booking
  • The average HD system cost is $8k cf $200k for telepresence.
  • In 2008 there will be 1500 telepresence systems sold worldwide. By 2012 this is expected to grow to 17,000.
  • Interoperability between different vendor systems is still an issue
  • 1 long haul flight is equivalent of 12 months driving from a carbon footprint perspective
  • Air travel is the fastest growing contributor of CO2 – 3% today, 25% by 2030
  • The fastest ways of reducing CO2 generation include power saving data centres, extending networks to home workers and increased usage of collaboration and content sharing tools (video and voice conferencing) as alternative to travel.
  • The M4 motorway at Slough is operating at 150% capacity
  • The average traffic speed in London is 8 mph – no increase since the horse and cart !
  • PWC avoided 1.1 million miles of travel through use of VC resulting in the saving of 198kg of CO2
  • BT has claimed £238m benefit to their business by use of VC – £100m based on travel cost benefits and the rest based on productivity improvements including reduced staff sickness
  • Nortel has saved $60k a week on travel due to telepresence with 10 systems worldwide
  • A Yougov survey in 2007 said 37% of face to face meetings were deemed unnecessary
  • If European companies cut travel by 20% there would be a saving of 22m tons of CO2 a year

Finally Polycom played some impressive videos including http://www.youtube.com/watch?v=w4H0BR_8wy8