https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Wikipedia

How Much Sense Does the Huawei 5G Security Saga Make?

The Huawei 5G security storyline pits the U.S. and key allies against China. But does the common narrative accurately reflect reality?
  • Written by Brian Buntz
  • 29th March 2019

What American children refer to as “telephone” — the game in which players form a line or circle and whisper an increasingly distorted message to another — is called “Chinese whispers” in the United Kingdom.

The ongoing tussle between the Chinese networking behemoth Huawei and the U.S. government has parallels to this child’s game. It involves telecom infrastructure, which is an obvious reference to the American term for the game. The term “Chinese whispers” likely has roots in the 17th century, when Europeans struggled “to understand China’s culture and worldview” while Chinese historically stereotyped Westerners “as secretive or inscrutable,” according to the Wikipedia page describing the game.

In any event, there is a definite “he-said, she-said” dimension to the ongoing Huawei-5G-security narrative, which, in one corner, paints Huawei as a spy, and, in the other, as a victim. No matter what happens with the feud, the ramifications could be considerable for the architecture that supports 5G, IoT and smartphone communications across the world.

Huawei has sued the United States, claiming its government has unconstitutionally banned its equipment while also arguing the government officials are unfairly accusing the firm of building unsecured equipment. Chinese foreign minister Wang Yi has backed the lawsuit, praising the company for standing up to the U.S. ban and accusations about the insecurity of its equipment. (Chinese media has also released the children’s song “Huawei Beauty” intended to drum up domestic support for the company.)

Before the lawsuit was announced, the company’s current CEO, Guo Ping, said at MWC last month: “Huawei has a strong track record in security for three decades serving 3 billion people around the world. The U.S. accusation our 5G [technology is insecure] has no evidence.” Ping also vigorously denied that the company created backdoors in its products.

Conversely, the U.S. government alleged since at least 2012 that the Huawei poses a national and international security risk. A central premise of the U.S. government is that burden of proof lies with Huawei in demonstrating that its equipment is secure and that the company is not beholden to the Chinese government or its military.    

Potentially giving credence to U.S. government concerns is a U.K. report summarized by news outlets like The Wall Street Journal and The New York Times that concludes Huawei’s networking equipment has “significant” security problems.

But another perspective is that if Huawei equipment has major security flaws, as the U.K. report suggests, it would not make the firm unique. Ordinarily, a report that any firm has a lackadaisical security approach to cybersecurity would be something of a footnote. Adversaries routinely continue to target easy-to-exploit vulnerabilities such as weak credentials, unpatched software and the like.

Cisco, one of the nearest counterparts to Huawei, has reported 3,112 vulnerabilities associated with its products since the late 1990s. A total of 847 of those are cited as having a “high” or “critical” impact. Cisco’s products are said to have included a number of backdoors over the years.

The fact that many routers — from an array of manufacturers — have poor security is part of what fueled the Mirai malware attack that knocked prominent websites offline in late 2016. The malware has continued to mutate. Last year, a Mirai variant targeted routers from MikroTik, Ubiquity, Cisco and ZyXEL. Last year, Bloomberg published an exposé claiming that a unit of China’s People’s Liberation Army had compromised servers used by nearly 30 major U.S. companies including government contractors via a hardware-based attack.  

Chet Wisniewski, principal research scientist at Sophos is mystified by the Huawei-is-insecure storyline. “If I put my attacker hat on, I’m thinking: ‘I don’t really care which brand [of networking equipment] you have,’” Wisniewski said. “I’m in.”

Cybercriminals attacking telecommunication companies routinely target routers and other networking equipment. The problem is heightened by the difficulty of taking such gear offline to patch, given the criticality of the cellular networks they support.  

Wisniewski said if he were managing a telecommunications company, he would “make sure that things going into and out of [the networking equipment] are secure and not worry about the device.” If everything going into and coming out of the device is encrypted, the threat of an attack on the network’s confidentiality is minimized.

Attacks on the network’s availability are more of a concern. “At the federal government level, the warnings we’re seeing about Huawei, I think, are driven by a worry of denial of service,” Wisniewski said. The fear is that the emergency communication infrastructure in a given city can be exploited via a denial-of-service attack. “Much of such infrastructure relies on cellular infrastructure these days,” Wisniewski added. “With copper infrastructure, it was almost impossible to cause a denial-of-service–type thing, which was a great resilience for things like 911.”

The argument that Huawei is purposely putting back doors into its networking gear to provide surveillance data to the Chinese government or the PLA also gives Wisniewski pause. “For one, governments don’t put back doors in anything because that’s stupid because you get caught,” he said. And spies generally don’t get caught. “So if you’re a government, you’re going to booby trap something. You’re going to plant a vulnerability of some sort in the code that looks like an innocent mistake that only, you, hopefully, know about, and that nobody else discovers.”

If Huawei put back doors into its products, they could be exploited not just by China’s People’s Liberation Army but by NSA and other intelligence agencies across the world. “Those Huawei routers are being deployed throughout China’s infrastructure as well, not to mention their partners and the whole Belt and Road in Africa they’re doing,” Wisniewski pointed out. “So is that a net negative? Probably more of their stuff is being used in our adversarial countries than is being used in our friendly countries because we have more diversity in our networks than they typically do.”

But as Huawei, one of the largest networking firms and telecom equipment makers in the world, seeks to establish itself as a 5G and IoT heavyweight, the U.S. government has stepped up a campaign to dissuade allies from using the Chinese company’s equipment. Recently, the U.S. threatened to withhold intelligence from allies using Huawei gear. “If a country adopts [Huawei equipment] and puts it in some of their critical information systems, we won’t be able to share information with them, we won’t be able to work alongside them,” U.S. Secretary of State Mike Pompeo said in a February television interview.

European countries such as Germany, Italy and the United Kingdom have resisted a blanket ban on Huawei equipment. “There are two things I don’t believe in,” German Chancellor Angela Merkel recently said. “First, to discuss these very sensitive security questions publicly, and second, to exclude a company simply because it’s from a certain country.”

But the recent backlash against Huawei is serving to dampen its international growth plans. It already is active in more than 170 countries across the globe and had emerged as a leading maker of 5G equipment.

If the Chinese government asked for 5G data related to the company’s equipment, Huawei would conceivably be forced to disclose it, thanks to China’s 2017 National Intelligence Law, which requires Chinese corporations and citizens in China to cooperate with the nation’s intelligence efforts.

The company already had government and Chinese military links. Founded in 1987 by Ren Zhengfei, a former engineer in China’s People’s Liberation Army, Huawei has reportedly received significant support from the Chinese government, according to Richard McGregor, author of “The Party: The Secret World of China’s Communist Rulers.” On its website, Huawei stresses its independence from the Chinese government.

Dean Weber, chief technology officer at Mocana, said the potential for collaboration between Huawei and the Chinese government, is a valid concern. Imagine if Cisco had direct ties to NSA, he said. “What we’re talking about is the concern that if Huawei even gets 50 percent of the 5G world, and has the ability of the Chinese government to execute a strategy on those devices that would be counter Western interests, we’re in trouble because once the infrastructures is in place, it’s there,” Weber said. “It will be 6G before you get 5G replaced.”

“Let’s say the U.S. caught Huawei with their fingers in the cookie jar,” Weber said. “No matter what they do at this point, they’re in trouble with the United States government for having their fingers in the cookie jar. It doesn’t mean the U.S. hasn’t had their fingers in the cookie jar for years because we have. But that doesn’t mean we’re going to sponsor somebody else doing it.”

Tags: homepage-featured-4 Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Real-Time Analysis of Driver Behavior Using Machine Learning

13th May 2021

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

How Smart Environments Will Take Shape Post-COVID-19 dlvr.it/RxfPG2 https://t.co/Y6DMWxZf9S

14th April 2021
IoTWorldToday, IoTWorldSeries

IoT Enterprise Deployments Continue Apace, Despite COVID-19 dlvr.it/RxWwsS https://t.co/BSkxdf17vs

12th April 2021
IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X