Categories
Engineer security

Is Huawei in your network a national security concern?

I am reminded that yesterday’s post on how would Huawei spy on your network has an additional dimension in the UK in that a significant chunk of BT’s 21CN infrastructure is based on the Chinese vendor’s kit. I hadn’t noticed that this hit the headlines a couple of months ago.

The BT Huawei deal would have been based on very attractive commercials spread over the lifetime of the contract. I’ll leave you to draw your own conclusions on its wisdom from a national security perspective. I don’t have any details to suppose there is a risk other than what I already covered yesterday and then I couldn’t assess the level of risk. That’s somebody’s job.

One wonders whether the powers that be might be might at this very moment be redrawing rules of engagement for secure national networks roll-outs. I can’t imagine that UK defence networks touch any part of 21CN anyway. They will be totally separate. Won’t they?

Access to non defence networks that are strategic could also be a problem. For example how are all our power stations connected? The telecommunications infrastructure itself? Imagine if nobody could make a phone call or send an email for a week? How about the oil refineries? No oil = everywhere grinds to a halt. I’m sure you can come up with other scenarios.

I dunno.

PS takes me a while to catch up with the news, I know.

Categories
Engineer internet online safety security

How would Huawei spy on your network?

Last week the talk was about a story about former head of the CIA and the NSA, Michael Hayden, who thinks Huawei are spying on networks that have installed their kit. Link here to the Register story though it appeared in a lot of places.

One has to think about how Huawei might do this without the network operator knowing?

paul sherrattI had a chat about this with one of our networking gurus Paul Sherratt (pic inset – good looking boy) and this is what he had to say:

“They would write traffic tap/backdoor code into pre-shipped FPGA firmware or on an ASIC, hidden from any local intelligence agency code review body.  If for spying/traffic tap function, there would be some safeguards against activating the code if the router believes it is under test/non-production conditions.  There may also be some kind of ‘Hello, I am here’ call-out, which for example may be done by modifying a large DNS request packet contents and padding to the same length to avoid detection by looking at packet headers.

Whether that is even possible will depend on the hardware design – so that should also go through a full review by an intelligence body to determine if pre-shipped chips are an intelligence risk.  If they are, the only way to 100% prevent it happening would be to fully review the ASIC design and manufacture outside of China, which would probably rule out Huawei as a supplier.

It would be easier to implement in software/FPGA firmware, but easier to tackle from a security standpoint.  All software and FPGA firmware would be compiled after intelligence review and installed on network equipment after shipment.  If I were China, I may find it easier to get software engineer spies working for a more ‘trusted’ vendor not imposed with the same level of hardware and software review.”

It’s a tangled web innit? It feels as if we should be looking over our shoulder all the time.

As a footnote I used to work in the chip business. The company I worked for produced military ASICs amongst other things. it was quite common for chip designers to leave little messages or their names etched into the metal layers in empty spaces a chip. I remember once one of the guys leaving the words  “live fast die young” in the corner of a chip. They had to redo the metal mask and re-manufacture the whole chip. It was destined for a high reliability application where the notion of dying young was not too popular! Good times…

Categories
broadband Engineer internet

FTTC Broadband at 700Mbps? The Man from Huawei He Say Yes!

I don’t know whether it’s because I’m getting old but the pace of life seems so frenetic these days. Today I read about a 700Mbps DSL prototype showcased in Hong Kong by Chinese networking vendor Huawei.

Huawei’s SuperMIMO technology uses four twisted pairs to achieve a downstream rate of 700Mbps at a distance of 400 metres. This means it would likely fit into a Fibre to the Cabinet (FTTC broadband) scenario. In the UK of course we are just rolling out “up to 40Mbps” FTTC and trialing 100Mbps Fibre to the Premises (FTTP).