Huawei has been under a lot of heat from the US since the US first charged Huawei in the beginning of 2019. At that time, 13 indictments were unsealed by the federal court in Brooklyn, New York against Huawei and affiliate organizations. The charges include bank fraud and conspiracy to commit bank fraud, wire fraud and the conspiracy to commit wire fraud, and conspiracy to commit money laundering, to name a few. These are some serious charges.
New charges, as reported by ZDNet’s Catalin Cimpanu, against Huawei were also recently added to the already long list as well as adding more defendants. These charges include misappropriating intellectual proper from six US technology companies to grow Huawei’s own business. The United States Department of Justice claims that stolen information includes “trade secret information and copyrighted works, such as source code and user manuals for internet routers, antenna technology, and robot testing technology.”
Furthermore, Data Breach Today’s Ishita Chigilli Palli reported on Wall Street Journal’s publication claiming that the US has evidence that Huawei has the capability of secretly accessing sensitive and personal information on the systems it sells around the world. This is a scary thought – a backdoor on networking equipment basically allows inside access to anything going through said hardware. Apparently, this was present back in 2009 as well but there was no evidence provided to validate such claims. On the flip side, a US official travelled to Berlin in December 2019 to share the information with allies. Of course, Huawei is denying such allegations, claiming they don’t have such capabilities.
Palli goes on to write about lawful interceptions and that some countries mandated backdoor access by, and only by, authorities and law enforcement. The companies providing the hardware were not to have this ability. Huawei claims that they adhere to the same standards that other telecoms adhere to (3GPP’s TS 33.107 for 3G and TS 33.128 for 5G), and that they provide remote access abilities to countries requesting such access but that they themselves are unable to access said equipment for their own purposes.
Why Does This Matter?
Having backdoor access to anything is…less than desirable – at least from a consumer standpoint. I get the whole public safety aspect to be able to identify criminals. This is the only pro I can think of, if you want to call it a “pro” in the first place. The issue comes when we think about who is considered a criminal. That’s merely subjective and prone to mislabeling, in my opinion at least; allegations shouldn’t be taken as proven or convicted. This is a fine line that requires much scrutiny in permitting such snooping; surely there are legalities in place.
Considering the big hype around 5G, and its prominence, having direct access to all data passing through the hardware can certainly lead to some interesting datasets. Personally I am not familiar with how the technologies pass through the devices but when the manufacturer themselves write the code, unless it’s vetted by an external entity with no affiliation or bias, then you only have that manufacturer’s word that “it’s safe” – this should be taken with a grain of salt. The best example I can think of in this case would be a password input field – does the vendor accept the plaintext password and then salt or hash it, or does the vendor hash it upon input so that there is no ability to intercept a plaintext password. The former would allow this vendor access to your password; the latter masks your plaintext password upon input.