The Channel logo

back to article UK discovers Huawei UK staff auditing Huawei kit: Govt orders probe

Huawei will be probed by a top Whitehall official after the Chinese tech giant's staff in Oxfordshire were given the job of auditing Huawei's telecoms gear for Blighty's communications networks. The review was ordered following the publication of a report by an influential committee of MPs which warned of a conflict of interest …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Oh look, another one.

Another set of organisations (and in particular, I'd guess MBA-trained no-relevant-skills managers) that thinks the purpose of the audit is to shift stuff (ship it, sell it, get bonus) and not actually anything to do with checking whether something is actually fit for purpose medium term. A proper check would need relevant skilled (independent?) staff, might cost money for the audit, and might cost even more in upfront costs to make sure the stuff really is audit-ready. There'd even be a risk occasionally of the audit saying No. Imagine that!

12
1
Bronze badge

snigger

see above

0
0
Silver badge
Facepalm

Re: snigger

In truth you would have to build everything from scratch to be sure.

Ermm.... call our engineering department in Vietnam, sir?

0
0
Silver badge
Black Helicopters

Re: snigger

You can't even do that these days - European law gives equal employment opportunity to European workers, and you need to employ the best for the job.

So in theory a foreign power could train "the best developers in the world", then pay them to apply for the jobs to develop our "UK kit".

0
3

Re: snigger

Sorry, but there are, and have always been, exceptions for national security.

1
0
Silver badge

Re: snigger

Which is why they're also calling for Juniper and Cisco to setup similar auditing units, also to be staffed by GCHQ, isn't it?

4
0
Silver badge

Re: snigger

No, GCHQ probably know about those backdoors and exploit them. Huawei havent spilled the beans yet...

2
0

The Civil Service at its best!

Somebody in the Civil Service gave Huawei the job of auditing Huawei in the first place. Will heads roll? The Whitehall mandarin should be investigating his colleagues for stupidity.

Anyway, it's a question of do we want to be spied on by the Americans or the Chinese? American kit is not more secure, it is more snoopable by the Americans.

I wonder how many SSL Certificate Authorities have provided their private keys to Uncle Sam.

19
1
Silver badge
Meh

Re: The Civil Service at its best!

This is reflective of privatization as much as government. Any time a private company can tilt things in their favor they're going to. Nobody should be surprised by that. Not arguing for bigger, more intrusive government, but if government spent their time (and money) doing what they're supposed to be doing instead of being intrusive and pandering to their private sector buddies things would be a lot better.

8
1
WTF?

Re: The Civil Service at its best!

I wonder how many SSL Certificate Authorities have provided their private keys to Uncle Sam.

What an interesting thing to wonder! I think Uncle Sam has better ways of snooping than faking commercial PKI certificates...

I suppose you do understand that knowing the CA's certificate doesn't help in attacking the private keys associated with the certificates that CA may have signed?

0
1
Bronze badge

Re: The Civil Service at its best!

But once again, as with PRISM: what's the surprise? It was obvious from press stories months ago - maybe even here at Ye Vulture Central - that the centre was operated by Huawei itself. How come they're surprised?

I need an icon for head scratching.

1
0
Anonymous Coward

Re: The Civil Service at its best!

Uh no, you don't attack the private keys of the certificate the CA signed...

If you have the private keys of the root CA, and you control the network, you instead produce a new identical certificate to the one installed on the site the end-user is trying to access, on-the-fly, and serve that to the end-user. Classic man-in-the-middle attack...

2
0
Silver badge
Black Helicopters

Does every piece of kit get the same treatment?

Is Cisco vetted for foreign government backdoors, for example? After all, we know the US has massive form.

32
2
Big Brother

Re: Does every piece of kit get the same treatment?

Don't you mean "Massive Phorm"?

9
0

Re: Does every piece of kit get the same treatment?

"Is Cisco vetted for foreign government backdoors..."

Cisco kit is mostly manufactured in China these days. Even the chips used are also manufactured there, so there is ample opportunity to introduce "additional features" which are invisible to Cisco and their customers. Huawei started out making counterfeit Cisco modules, so their history is already tainted.

5
0
Thumb Up

Re: Does every piece of kit get the same treatment?

Oooooh! *snap*

0
0
Anonymous Coward

They sound almost as trustworthy as the USA.

5
0

Self regulation?

I did wonder where Fred the Shred would go next.

Good for him diversifying his skill set.

0
0
Silver badge

Seriously, somebody asked them to audit their own gear??

That gear will have intentional and unintentional vulnerabilities, just like cisco, juniper, ericsson etc. They might not be blatant backdoors, but that kit will have more back doors than Harewood house. It's not the gear we have been flogging China for years hasn't. Why should we expect them to have higher standards than ourselves.

2
0
Silver badge
Joke

Whitehall put the contract out for bidding. Huawei won it fair and square....

3
0

Not worth the time to even talk about this

Why would Huawi go to all the effort? They would just chuck a few quid at BT

After BT and their selling of customer surfing habits to Phorm (with the biggest wiretap we knew about until Snowden opened his mouth ) and their attempt to defend it with the immoral lie "we did not believe it to be illegal"

You cannot trust a word this slime company tells you. They have already proved that they will sell customers down the river for a profit, and we are supposed to trust they would not do the same to the Chinese/Americans/any other power that asked?

3
0
Anonymous Coward

Re: Not worth the time to even talk about this

Big companies have many departments, generally with different goals. Consequently they don't always see eye to eye. Sometimes one dept gets its way, and sometimes another. Don't tar all of BT with the Phorm brush.

1
1
Silver badge

Re: Not worth the time to even talk about this

"You cannot trust a word this slime company tells you. They have already proved that they will sell customers down the river for a profit, and we are supposed to trust they would not do the same to the Chinese/Americans/any other power that asked?"

Now that we know your opinion of BT, please switch the topic back to Huawei

And bear in mind that the Great Firewall of China is built with Cisco kit.

0
0
Bronze badge

Calling the great white telephone

Huawei... there's a reason I don't like Mandarin. Somebody once memorably described speaking Mandarin as feeling as though you'd just had a stroke and couldn't move your muscles.

Much prefer Cantonese - which is more like an argument in a street market ;)

3
1

Re: Calling the great white telephone

"Much prefer Cantonese - which is more like an argument in a street market ;)"

And the food is better too...

0
0
Bronze badge
Windows

Wont someone think of the children?

Huawei products are pretty deeply embedded in the UK. It does make sense to audit their devices.

Does BT even know what goes into the little white boxes for FTTC connections? I don't. I've got several of the bloody things but unless I connect something to the remains of the RS232 interface on the mainboard I can't even connect to it to see its link speed. I'm pretty sure that might void my warranty in some way or at least cause a bill if it broke later and a sticker was found broken to show I'd opened it up.

Never mind its on the list of things to do to my home one ...

Cheers

Jon

2
0
Linux

Re: Wont someone think of the children?

"Accidentally" spill some tea, or better still some Coke onto the offending sticker and claim it must have just perished.

0
0

war with china

its started already huh? not with tanks, or guns, but with computers and trade. intresting times

2
0
Silver badge

Re: war with china

Gunboat diplomacy never really stopped.

0
0

It's ok...

...I've seen the exec summary of the audit report...

"Huawei kit arr light, no plobrem"

Well it is Friday afternoon.

Coat - got.

5
2
Linux

Huawei auditing Huawei gear, ha ha ha, whatever next? GCHQ activities being audited by Politicians?

6
0
Anonymous Coward

Nothing to see here...

Situation normal, all fscked up.

Usual UK Gov mixture of "lowest price = best" procurement strategy, plus normal level of ministerial & civil service retardation when it comes to technology. I bet Huawei offered to do the audit for free if they got the order. If verifying that equipment is being properly audited/assessed for suitability ISNT the responsibility of the top brass, then what on earth is?

I conduct application, protocol, and network security assessments for a living. Dont get me wrong, Cisco et al have a performance that if far from stellar, but I can say with confidence that Huawei is on the trailing edge of the pack, probably due to their relative lack of experience.

3
1
Silver badge

Re: Nothing to see here...

SInce when are UK.gov uying the vast majority of the kit?

If they wish to audit it, then go ahead - but that's not going to stop private companies (such as BT) from buying thieir kit by the containerload when the price is right.

As for Cisco, when their "list" price is 120% higher than what most large suppliers sell the stuff to Joe Random off the street for, you know they're not being sold because of the actual performance (Not that Cisco are the only ones who have "retail" prices that only the terminally stupid (or civil servants) would actually pay.

Huawei is a little cheaper than the Cisco kit - and they don't anally rape for things like 10Gb HBAs (who on earth can justify 1500 quid when 3rd party compatibles are 400 and whitebox ones are 150?). The massive savings come into effect when you realise you're not vendor-locked.

2
0
M7S
Bronze badge

Just a thought re security

Is it wise to ask our brightest boffins to go, pre-announced, into the lair of the suspected enemy to work, possibly under supervision/survelliance (overt or otherwise), revealing all "our" secret methods of probing kit?

0
0
Silver badge

While it does leave itself wide open to abuse, it does have its upside.

Huawei employees in the UK will get access to the kit that an external vetting company won't. Yes, they are Huawei employees, but they are (probably) British, or possibly European, so hopefully (and it is only a hopefully) their national identity and loyalty to their country outweighs their loyalty to China and Huawei.

You'd hope that if they uncovered something and blew the whistle that the UK government would support them (you'd at least hope, I said!)

1
1
Anonymous Coward

"their national identity and loyalty to their country outweighs their loyalty to China and Huawei."

For the vast majority of people, paying the bills is what drives loyalty. And if it's Huawei employees auditing Huawei products...

3
1
Bronze badge

General Principles

The People's Republic of China is not a normal civilized democracy like the United States. People can be whisked off to labor camps by the secret police at whim. So of course no Chinese company can give credible assurances that vulnerabilities haven't been designed into its equipment - even if the threat may still be overblown at present because of the technical difficulty of not getting caught.

In the future, though, much more insidious vulnerabilities may be possible.

0
1
Silver badge

Re: General Principles

To be fair, no Western company can give credible assurances that vulnerabilities haven't been designed into its equipment either.

2
0
Silver badge

Re: General Principles

To be fair we all but know those vulnerabilities exist in all mainstream kit. The US and Canada already admitted sending the Ruskies some doctored SCADA software. Admittedly it was doctored to make stuff go kaboom, but if we have not been sending them dodgy kit for decades it begs the question, why not?

1
0
Anonymous Coward

Re: General Principles

"normal civilized democracy like the United States"

Thanks for making me laugh so much!

7
0
Silver badge

Re: General Principles

"People can be whisked off to labor camps by the secret police at whim"

And this hasn't happened to people the US govt doesn't like?

6
0
Big Brother

Re: General Principles

"The United States is no longer a normal civilized democracy. People, including U.S. Citizens, can be whisked off by the government to Guantanamo without due process and held there indefinitely, while any incriminating documents are somehow "lost."

"The NSA believes it is acceptable to spy on anyone in the world, including its own citizens, also without probable cause, warrants, or due process - yet hypocritically, along with Great Britain, believes the alleged "right" to collect any and all information, secretly, and keep it indefinitely, should be reserved only for "democracies" that would never DREAM of abusing it.

"Of course, thanks to the many holes in their systems, and the numerous leaks, no agency such as the NSA can give credible assurances that vulnerabilities haven't been designed into its equipment - even if the threat may still be overblown at present because of the technical difficulty of not getting caught (thanks to whistleblowers such as Snowden).

"In the future, though, much more insidious vulnerabilities and abuses of legal and democratic processes and human rights may be possible."

There - fixed that for you.

7
0
Silver badge

Call me cynical

but why now? I can't help wondering if someone is try to deflect attention away from what NSA and GCHQ are up to.

6
0
Anonymous Coward

And we wonder who will protect us against NSA'a massive data-trawling! NSA is volunteering to do the job!

God, how do we elect such dopes to Parliament, (or Congress) and why do we tolerate such stupidity in the bureaucracy, especially at GCHQ. Asking the spies to vet themselves is like giving them a free pass to the holy of holies. Are they going to take advantage? Well, it would be somewhat unethical!!!

0
0
Bronze badge

"God, how do we elect such dopes to Parliament, (or Congress)"

Because they wear the correct coloured rosettes.

5
0
Silver badge
Unhappy

"God, how do we elect such dopes to Parliament,"

Simple.. One career politician is pretty much like another.

Only career politicians join the major political parties.

Governments are made of major political parties.

So who ever you vote for, a politician gets in.

We vote the useless crooked oxygen thieves in, because the only other option is to not vote.

4
0
Anonymous Coward

Sauce for the goose?

So if Huawei staff do the checks and say that all the Huawei kit is just fine and above board, then that's a conflict of interest.

But if GCHQ do the checks and day that all the GCHQ snooping is legal and above board, then that's perfectly trustworthy?

So how about Huawei taking a look at GCHQ's systems to see if they're telling the truth? No, I thought not...

2
0
Black Helicopters

Re: Sauce for the goose?

... if they haven't infiltrated each other by now!

0
0
Silver badge

Bah!

Tuned out after reading "self-policing". Does anyone actually *really* believe in it? Azathoth on a bike, even the Linux community cannot self-police as events this week have demonstrated, and if people who "do it for the sake of it" can't, then what are the chances anyone else will?

0
0
Black Helicopters

Re: Bah!

Read Peter Wright's "Spycatcher" for a description of self-policing.

IIRC, you have a very secretive organization "a", with secretive departments "a/b" and "a/c". Department "a/b" polices department "a/c" (but "a/c" doesn't know it), and department "a/c" polices department "a/b" (but "a/b" doesn't know it). Neither dares report their findings to anyone, but simply try to trip each other up.

I don't expect that changes in government, technology, society, will have stopped them doing things like this.

1
0

Page:

This topic is closed for new posts.

Forums

Opinion

Neil McAllister

Claims that cloud will drive Oracle's future growth ring hollow
Pure Storage array

Neil McAllister

How the cloud taught Redmond to play by a new set of rules

Features

Pebble Steel
Meet the man who accidentally created the smartwatch hype
No, silly... he was the fall guy for years of Finnish folly
Fraud image