"While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse."
Do the Snowden documents contain any NSA guidelines on sanitation procedures after taking a leak? If they a rigorous the NSA might be up for an unexpected boost in popularity!
I just mean that people argue about Huawei and other China-related stories quite fiercely whenever they come up (often too fiercely: https://news.ycombinator.com/newsguidelines.html). 'Groupthink' is refuted by a quick glance into any such thread.
Actually though, the word 'groupthink' usually isn't about anything other than oneself. It's a form of internet preening: I the freethinker am nobler than the deluded masses in whose midst I glide. In other words, a middlebrow 'sheeple'. (Sorry if that feels like I'm picking on you personally; I don't mean to.)
Hard to know from the article, and Bloomberg does not have a good track record, if the 'backdoor' was a vulnerability , an unwanted feature or an actual backdoor.
I might imagine a Chinese headline with "US firm Intel backdoors every CPU", which may or may not be true depending on your feelings on Intel ME
> Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses
A backdoor is a deliberate remote-access vulnerability that the creator intended to use for illegitimate access.
The same code, but intentional, is a bug and vulnerability, but not a backdoor. Same security implications, but a big difference wrt. culpability, appropriate punishment, and expectations of future behavior.
It's true that "backdoor" is sometimes used as you defined. I feel that some usage, like this article, implies a deliberate backdoor. But you're right that it's an implication and not an explicit statement.
One reason that I feel this implication here is that an 'unintentional' backdoor vulnerability can be exploited by any attacker, but the article focuses on this backdoor's exploitability by Huawei, and by implication their untrustworthiness.
The funny thing is that there are many more. Interesting how the EU is dealing with this - most media seems to focus on how badly china could be spying while the US proved they aren't trustworthy long before.
Pretty obvious how the EU will deal with it. I once read the official statement of the German government that there is no way the US is spying on us while walking past dozens of huge radomes on a US base close to ESA hq.
I read the news when it was discovered that our intelligence service regularly updated NSA selectors to spy on internet users and never looked into what they were updating. Suddenly they "found out" that the US wasn't looking as much for terrorists but more for industrial secrets. Ups, who would've thought.
I don't want to spied on by the Chinese government but it doesn't matter much when I'm 100% spied on by at least the USA and the UK.
ESA headquarters is listed as in Paris. I'm not seeing any US bases near Paris. Orly used to be a US base but was shutdown in 1967 and is now a civilian airport.
Sorry I meant the European Space Operation Centre (ESOC) in Darmstadt, Germany. Its almost neighboring the dagger complex [https://en.wikipedia.org/wiki/Dagger_Complex] of the US INSCOM/NSA.
You haven't worked for large companies have you? Intel ME is NOT a backdoor. It may have vulnerabilities, sure. But none explicitly put in there.
It was designed for a specific purpose- troubleshooting enterprise computers. And it does that job amazingly well. No more IT guy guiding me when he can just do all the clicks himself.
I think this is one of those cases where you need to take into account the intent of the Intel ME and whether or not you can consider it a backdoor. Surely it's a useful tool in corporate environments but to any other average individual it's definitely a backdoor. It's a "feature" of nearly every modern x86 CPU that undoubtedly has capabilities of a backdoor that cannot be turned off or disabled by regular means. If I wanted to be able to remotely manage my machines out of band then I would've asked for it, but instead I foolishly bought myself into a very easy way for vendors to maintain control over me and my data.
It doesn't matter if it's a deliberate backdoor or not. It's a door, and I want to be able to close that door if I'm not using it, and Intel won't let me. Reducing attack surface is a security best practice exactly because any software can have bugs.
An allegory: imagine if an OS ran an SSH server and there was no way to turn it off or to control the keys it accepts. Maybe it has no bugs (you can't see the source code). Maybe it has no malicious intent or backdoors. As a security conscious computer owner, I still view its existence as a negative. I would like to be able to provably turn it off or control the keys it accepts.
Forcing upon users is wrong but calling it backdoor, as someone who sounds reasonably intelligent to other reasonably intelligent people is misleading and wrong too.
A backdoor is access to a computer which the legitimate owner cannot control. Intel ME fits this very well. Let me switch it off (verifiable) and we can talk.
If it was for troubleshooting enterprise computers, it would be opt in. At this point I assume bad faith.
This article dances back and forth between saying "vulnerability" and "backdoor", which while they may have the same end result wildly differ in intent.
I can't tell the seriousness of this except for the telnet one.
How anyone trusts Bloomberg after the Seamicro chip story is beyond my understanding. (and specially the way it was handled and not retracted — anyone can make mistakes, but owning them is most important).
Even the title could have been something else. Like this excerpt from the article:
> "Vodafone has defended Huawei against the U.S. onslaught"
Ah, but the article said that the telnet server "could still be launched," not that it was necessarily open. It could be one of those "magic knock" packets that 'launches' telnet, like the backdoor found in some Cisco routers a while back.
Also weird is that Huawei insisted on keeping it open until they'd completed testing... does that mean it's phoning home? Or that they have their own technicians coming around to service it?
Such a crappy article. Bloomberg should have learned from the Supermicro fiasco to include more details and not parrot a single source. At this point if IC is serious about Huawei posing a national security risk they should arrange a leak of their actual intel to force real public discussion..
"Never attribute to malice that which is adequately explained by stupidity"
Some lazy engineer probably added the feature as a remote monitoring/debugging tool with no regard for security because it needed to work before the next big release. Disabling the feature before the next release would probably break all kinds of support and monitoring, potentially leading to instability or them being unable to service failing equipment.
Whether or not it was the intention here, leaving a common or garden vulnerability as a backdoor gives excellent plausible deniability. "Whoops, we overlooked that" is much easier to explain away than an obviously designed remote access mechanism
Has anyone else noticed the increased "scrutiny" the US has been putting on Chinese companies recently?
Huawei seems to be the biggest example and its worrying me because they are starting to strong arm EU allies to follow in their footsteps. Both Germany and the UK have cleared Huawei to take put in 5g rollouts against the USA's wishes.
I'm not sure who to side with here, the company with multiple allegations against it or the country which is known to do exactly the same thing except maybe worse...?
Try not to dismiss this because its not dripping in pro-usa sentiment, i'm interested to hear what people inside the bubble think.
> France has as well, as they said that all suppliers will be treated equally and subject to the same security tests.
This is the bit that gets me. I simply don't believe you would approve a supplier with a question mark over them without running it past GCHQ/MI5/MI6 ect..... Presumably Germany and France did the same thing with their security services.
It leaves me wondering if the US know something their 3 closest allies don't or if their position is purely economic/ideological.
I guess it's mostly ideological. The US has been spying on europeans for _years_. All these leaks by Snowden showed really good how they threat europeans.
Everything which has been leaked can't be used anymore. So if you want to continue spying on telecommunications you need to have some control. There's nothing more easy than a smearing campaign against the only other big telecommunications vendor and putting some pressure on the decision makers behind curtains.
For any european country there's no difference between spying equipment from the US or China.
Absolutely, I find the increase of our politics and media attacking 'The Russians' and 'The Chinese' in recent years very concerning. Especially with the lack of reflection on our own actions both nationally and internationally. Like pervasive surveillance, hacking, military aggression and influencing elections, just to name a few.
> Absolutely, I find the increase of our politics and media attacking 'The Russians' and 'The Chinese' in recent years very concerning.
I rather find it concerning that Russia has been financing the far-right, nationalist and anti-European parties that have risen over entire Europe, and that China is using debt as political leverage to gain power over poor African countries.
Add to this that many Western companies and politicians only look for the next quarter/election results and not 10, 20 or heaven forbid 50 years in the future... while this is precisely what Russia and China are doing. A splintered EU won't do a thing when Russia once again screws over human rights, and no one in deep debts to China (or with all manufacturing outsourced to China...) will dare criticize them when they start executing the Uyghur Muslims.
It was Obama that pivoted to putting China in the "big bad" portrait frame, though at the time scary foreigner wasn't an important part of the incumbents political strategy.
China has also relatively recently gotten a more hardliner leader, which is bound to sour relations with "the West" to some degree as he imposes weird restrictions on human rights and reverses the trend towards openness of years prior.
But the US now has an openly racist and explicitly nationalist (in US terms) president, so open conflict with the primary enemy was guaranteed from the start. For deep ideological reasons it is necessary for the current administration that there should be conflict with the rest of the world. With this sort of focus by the administration the media reporting is bound to follow to some extent.
> Try not to dismiss this because its not dripping in pro-usa sentiment
I find your presumption, that other people are more biased than you, somewhat offensive.
> i'm interested to hear what people inside the bubble think.
I find your presumption, that other people are less capable of independent thought than you, very offensive.
My experience from posting elsewhere is that a thoughtful post is surprisingly well taken even if it's not pretty. Actual case, I posted https://news.ycombinator.com/item?id=19783291 last night and expected to get crucified because... well, for obvious reasons. I very nearly didn't post. It actually got upvoted. So, steppenwolf, don't assume the worst of people.
Well I'm from the UK and this was actually a big topic of discussion recently because the Prime Minister was briefed at the National Security Council, made a decision to allow Huawei and then it leaked that she was advised by the NSC not to. So it's not exactly uncontroversial.
In my opinion it's very clear that the Trump admin is willing to just blatantly make up accusations to harm their economic adversaries. We all remember Trump sticking tariffs on goods for "National Security" that were nakedly economic protectionism. Having said that, it's also true that both China and the US are putting backdoors in technology to provide espionage opportunities. The question is though - are we likely to end up on the opposite end of the US in a war, or China? Well at the moment China is definitely more of a threat. So it's more dangerous having the Chinese back doors. That may well change though and the UK should absolutely be developing methods to mitigate all infrastructure attacks like these (and obviously putting our own backdoors in ARM chips where we can).
>Chinese company licensing their technology to a US company
that would be a remarkable plot-twist
On the other hand given how sophisticated these things are , even if all the source code is available you can't be 100% sure to spot all the bugs/vulnerabilities/backdoors. I guess this applies to hardware equally well.
Why not both? Many routers have had remote access vulnerabilities, but there's a clear reason to write about 2012-era vulns about Huawei and not some other manufacturer.
I believe it's both. I mean there could be some backdoors and there are some vulns portrayed as backdoors but probably the situation is no different for any other manufacturer. But since there is a campaign against Huawei everyone is concentrated on researching and reporting problems with that particular brand while ignoring all the others
My guess is it's not an organized smear campaign. Rather, it just happens to be a hot topic these days, an easy way to gain some clicks and subscriptions. Kinda like UFOs, government conspiracies, "Elvis Presley Seen Alive" etc., but for a slightly more sophisticated audience.
With 5G the architecture is far more sophisticated and wide reaching. Companies are also looking at containerisation to go with it which means that vulnerabilities can do far more damage and stay hidden far longer.
Telcos are very much looking out for the interests of their users because once you're known as not being private and secure your business will be finished.
You mean the same telcos that sell location data of their users to third parties. Using dubiously marketed plans. List goes on. I think they are far away from making a case for looking out for their users.
As Jon Gruber says: "Bloomberg, of course, is the publication that published “The Big Hack” in October — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services."
"The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources."
"By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true."
So like any other media publication? They are all in the business of lying, for profit or otherwise. I assume people at Bloomberg shorted Huawei stock before they published that.
Consider that some of these parties you're throwing mud at, based on assumptions, might not be deserving of mud. If news is making one cynical, maybe take a break, and look for parties deserving of flowers, keeping the mud in reserve.
Many people in tech, including John Gruber, seem to lack a basic understanding of who makes decisions concerning national security and international politics.
I think your argument is the security services or the US government would tell them to deny it but I don't see why. Google 'Chinese hacking' and there are hundreds of stories. It's not a big secret. I can't see why they'd censor it.
How do you know for sure that the story is false? As you've mentioned Bloomberg hasn't corrected or retracted the story. Governments and companies have in the past denied things that have been true.
Do you seriously think Huawei vehemently denying that it has backdoors in its technology makes it true all of a sudden?
If Bloomberg is going to make serious claims like that they NEED TO BACK IT UP with some evidence.
Not a damn thing came out of the Supermicro story. And now this story about Huawei where it's unclear if they're talking about bugs, vulnerabilities or deliberate back-doors--- three very very different things.
It's not that I trust Huawei either, but if Bloomberg is going to make claims like that they better be fucking true and verifiable.
Because an actual review by Super Micro did not find any chips like that [0]. Unlike the Bloomberg article, they also released which company did the audit, while whoever was behind the Bloomberg article couldn't even supply a sample of these chips to any other security researches.
Which was just very weird: On one hand you claim to have discovered this extraordinary thing trough physical evidence, yet when asked to produce said physical evidence, you can't. That alone was reason enough to trigger several red-flags.
If one mistake tarnished reputation forever then after Iraq war none of CNN, Fox, NYT, MSNBC, WaPo should be in business, specially since all of these were accomplices in and not victims of falsehoods.
You are allowed to objectively criticize the Iraq war any more as it's been endorsed by both major political parties at this point.
It's sad that the major news outlets are complete propaganda machines at this point. Nobody is taking the government to task for it's continued wars in the Middle East. The only angle I ever see is how some 'atrocity' has taken place and how we need to bomb them even more.
Bloomberg publishes what thousands of articles a year. Some percentage of them are guaranteed to be wrong. That doesn't meant that the burden of truth should instantly shift towards them being untrustworthy based on a single article.
Journalism depends on the public trusting them and in the current environment in which that trust is being eroded to have comments like this that dismiss Bloomberg entirely is reckless and pretty disgraceful to be honest.
> That doesn't meant that the burden of truth should instantly shift towards them being untrustworthy based on a single article.
How many very high-profile articles need to be complete bullshit before it's time to start questioning the integrity of Bloomberg?
The Supermicro nothing-burger was supposedly the culmination of a year of effort by top-shelf journalists. They knew what they were doing, they had NOTHING to show for it and published anyway. I think that's irresponsible at best and more likely had ulterior motivations.
b) You have no evidence that that they didn't have sources, no evidence that they have ulterior motives and no evidence that they published the article without evidence.
c) Like you said if it was a year of effort by top-shelf journalists surely there is more to the story than simply "nothing".
> ...there is more to the story than simply "nothing".
Well, where is it? Seriously, where?
Bloomberg made the assertion, a serious one that moved markets, and now it's on them to prove it. Or at least someone needs to step forward with something that remotely corroborates the story.
It's a hard-to-believe claim on a technical basis alone like something straight out of James Bond story. It was a year in the making and now approaching 5 months later and still nothing?
> Abandoning Huawei for 5G, with Europe already lagging behind China and the U.S., could force them to rip out the supplier’s 4G gear
Does anyone know what this is about? Both the need to rip out 4G gear if they don't want to use the new 5G stuff, and also the statement about Europe being behind China and the USA?
I think the idea is that Europe would rip out all Huawei components after the scandal, requiring a revamp of both 4G and 5G networks.
I doubt the US is that much ahead of Europe. It's true 5G networks are yet to really roll out, but with the higher population density the 4G coverage and residential internet is better in most of Europe, making the current 4G network suffice for now for many people.
Yeah, Bloomberg themselves list Nokia and Ericsson as the next largest actors on the market after Huawei in an infographic, and I don't think those count as US companies so I'm not sure what that comment was about.
Supposedly higher density makes 5G more important, not less, since it supports way more devices in the same area, while it doesn't really improve on the coverage distance, which is more important for more rural areas.
Chinese intelligence joins US and Five Eyes coalition in public-private partnership global surveillance program, information sharing agreement to be discussed in upcoming trade talks.
Whataboutisms only work when the accuser is assuming something un-ordinary is happening, after knowingly or unknowingly exempting themselves from the behavior they already practice.
I was skeptical about "boycotting" China and Huawei for a long time; just thought that they make cheap phones, and innovative tech, so why not.
I changed 180 degrees when I started learning about the growing Chinese influence, how politically corrupt they are, and the excessive violence and human rights violations exercised against minorities.
China is growing its economic dominance very quickly. They are gaining many growing Asian and African countries under their belts (pun intended with the belt & road initiative [1])
These poor counties don't really have a say when offered china's generous offers, but we do.
It is going to be expensive, just like trying to fix climate change is: We have to be willing to pay to fix our mistakes (or other people in our society, if we want better future for our [grand]kids.
But we will only be paying the price of our mistakes: depending that much on sweatshops, factory workers who are paid next to nothing, and collaborating with an authoritarian regime that clearly opposed our values for the longest time.
What do you suggest we do? I'm asking in good faith; I think the worries of the influence of the CPC in the world are valid, but China can't simply be boycotted like any small country, and it's also not clear to me those boycotts (Cuba, Iran, etc) really effect change.
I think it's important to show our governments that we're worried about this influence. Hopefully they'll react to that and move closer to the people's wants (you know, like democracies are supposed to work)
> Google, Apple etc are public companies. Huawei is state controlled.
Citation needed - Huawei denies being under state control and there is no evidence of any direct state involvement in their day-to-day decisions. Maybe the Chinese state makes secret demands of them occasionally - but maybe the US state makes secret demands of Google/Apple occasionally.
Honestly, China is probably worse, but it's not like the USA is the shining beacon of freedom and democracy. Or is Brett Kavanaugh an honorable man?
We are all sort of guilty, we want our cheap goods (clothes, smartphones) and look away when the news talks about garment factories collapsing in Bangladesh, or when the Chinese phone factory workers commit suicide. I enjoy a high living standard, I don't think the way the West (me included) is living is sustainable and it's built on the blood and suffering of so many around the world (like the news the other day how electronic waste exported from Europe are poisoning Ghanaians), but well, isn't ignorance bliss...
"Chinese influence, how politically corrupt they are, and the excessive violence and human rights violations exercised against minorities."
I know your heart is in the right place, but you could replace China with "The US" or "Russia" or "North Korea" or "colonial Britain" or almost any other country and it would be true. Those who wouldn't be worthy of the list are those who've never had the resources or opportunity to make the list.
It's sad, but I believe it's pretty close to the truth.
In relation to China, "The West" gifted it the power it now wields by outsourcing manufacturing there because cheap labor meant much higher percentage profits for all the savvy business owners who didn't want to pay local rates. And didn't they do well over the last 40-odd years! Can't deny it being smart business back then. Also can't deny that China's current world power status wasn't predictable 40-odd years ago if businesses everywhere decided to follow suit. And they did, and here we are, and all the countries that host companies that contributed to this are now having a cry about the actions of the monster they profited from creating.
China has millions of Uighur Muslims, journalists, dissidents etc in detention centres in the Western Xinjiang region. Some of whom were even fellow Australian citizens kidnapped that are still missing.
China has a surveillance network and social credit system that is unparalleled by anything in the entire history of this planet.
China is right now a Xi dictatorship that has no independent judiciary, no free press, no independent companies, censored internet and the most sophisticated and efficient crackdown mechanisms known to man.
And you actually think that the US or Britain is equivalent ? Ridiculous.
Maybe your memory of history is very short, but the US pretty much championed a lot of the things you rail against China for in their "war on terror".
Torture camps and abducting people into them included, just like Internet-censorship (to prevent the spread of "terrorist propaganda") and pretty much the biggest and most sophisticated global surveillance system in human history, facilitated through the FiveEyes cooperation.
A lot of the things China does on a domestic basis, the US has been doing for decades on a global basis.
The absurd thing about this all being: They all use the same reasoning to sell this authoritarian creep to the population, the "fight against terrorism".
And people gobble it up like it's the most normal thing ever, regardless of them being Chinese, US American or British.
Given the choice, I would much prefer to live in the US (or US-dominated/sponsored West) than in China, Russia, Middle East etc. US has better economic, legal and political systems. It doesn't discriminate against foreigners or religions, allows foreigner people and companies to compete in the markets and make enormous amounts of money, it has one of the most transparent and stable political systems in the world (which allows immigrants to participate in partially, and 2nd generation immigrants completely).
Sure, the US is not perfect, but that's why I support the US and am in favor of boycotting China (and other less-free countries).
> And they did, and here we are, and all the countries that host companies that contributed to this are now having a cry about the actions of the monster they profited from creating.
But did they really profit? Let's assume for a second that the media isn't one monolithic entity governed by suits in a smokey board room but by many competing entities with opposing and dynamic economic incentives, like the public's fatigue and need for novelty. Let's assume that these changing media narratives are purely a result of inter/intra-generational variance in upbringing and other effectively random factors (accumulation of wealth and social mobility among them).
Has the general public truly profited from the movement of manufacturing over seas? I don't mean intangible improvements like higher resolution televisions and thinner smartphones and cheaper everything - just because they can be measured in SI units or dollars doesn't mean that they tangibly improve someone's life. I mean by the cold hard numbers. Is the average middle class family healthier than they were before? Are they spending less money to stay healthy? Are they more secure in their finances? Can they take longer vacations? Can they afford to send their kids to college without them having to balance study and worm time? Are they happier?
I intended my point to be that the individuals at the top profited (those making the decisions to take advantage of cheap overseas labor) in terms of money / wealth.
No, happiness has not increased (maybe fairly-floss happiness has increased, that short term heavy-crash happiness that people get from new/shiny things - but I don't count that towards general societal happiness). Fear and paranoia has increased. (my opinion).
> you could replace China with "The US" or "Russia" or "North Korea" or "colonial Britain" or almost any other country and it would be true. Those who wouldn't be worthy of the list are those who've never had the resources or opportunity to make the list.
Many Western countries have a checkered past, but it's not exactly as though present citizens of the West were directly involved in the atrocities committed in the past by the West. Every sufficiently long lived state has had its dishonorable days, but it's not like we can't criticize both the past and current behavior of these nations and the /current/ behavior of China.
On the other hand, it is to the current Western climate's benefit that many dare make such criticism openly on the record and without fear of persecution (e.g. Gitmo). The same cannot be said of China.
> And didn't they do well over the last 40-odd years!
While your paragraph has the tone that the West is simply getting its just desserts, I find it unwarranted. This criticism, at its best, is criticism of past bad realpolitik policy by the West. People like the parent comment are only just learning of how woeful it is that Chinese influence is spreading, when Chinese influence is that unjust. It is useful to know that the West may have fed the beast. But the parent comment you are replying to was likely ignorant of the situation then and likely had no decision-making power then anyway. Thus adopting such a tone is in quite bad taste, since the parent comment is likely a victim of someone else's poor decisions and not their own.
"the tone that the West is simply getting its just desserts"
That wasn't my intention, although it can easily be read like that. My intention is for the potentially "ignorant of some history" parent-poster to be provided with some context around the current situation, ie. it does not exist in a vacuum, and has been strongly influenced by the actions and policies of the leadership of non-Chinese countries and companies.
The citizens of all countries are the victims in this. The significant majority (99+%) of the world population are caught in situations created or influenced by a very small minority of people (some of which were democratically voted for, but then that turns into a much more complex debate).
I intentionally started my comment with "I know your heart is in the right place" to make it (hopefully) clear that I wasn't directing any accusations toward the parent poster.
It would be nice if they compare Huaweii to other vendors. I am quite sure Erricson and Nokia had some backdoors/critical vulnerabilities as well. It is quite common if the policies are poor and they skip some penetration tests. I don't think anyone would make such silly backdoors on purpose (like unsecured telnet connection).
- The SIM card for remote operator app provisioning.
- The baseband processor (that supports over-the-air
fireware updates, "typhoon boxes", and other horrible crap)
- The GSM spec, lulz (that allows for binary SMS app pushes signed by certain keys, "silent" SMS to track location, and so on by protocol standard.)
- Obsolete, broken, and purposefully weakened crypto that remains in use for backwards compatibility (and spying.) Not that it would matter anyway because traffic is unencrypted over core links.
Vodafones entire business model depends on backdoors for controlling customer equipment and tracking subscribers. Also, China numba wun!
>Vodafone said in the report that Huawei would need to remove or inhibit a so-called telnet service—a protocol used to control devices remotely—that the carrier said was a backdoor giving Huawei access to sensitive data.
This seems like a diagnostic telnet port left open by accident. I'm very sceptical at this point at any American government or media finding a 'backdoor' in Huawei.
A backdoor implies this is intentionally left open to later get unauthorized access.
Why would anyone build a 'backdoor' on an open telnet port?
This seems intentionally blown out of proportion to fit a narrative.
Australia, New Zealand, and Canada are only on your list because of the American government's narrative.
The UK are being threatened by the American government because the UK intends to continue using Huawei equipment.
EU has specifically said the American government's narrative will NOT be taken into account. The EU will do their own due diligence.
As an aside:
I would hazard a guess that Germany isn't paying much attention to the American government's narrative due to the well-documented bugging of Angela Merkel's phone by US spooks.
I have been playing VikingMUD for more than a decade. I have been 'backdoor/hacking' it when I was using telnet to connect?
I have been audit in IT/IT Audit/IT Security for quite a while. Having ability to telnet in is not a crime. We got firewalls for stuff like that. Even if it is not documented in whatever paperwork have been provided, it takes 5 seconds on a scan to pick this up. There also a bunch of IDS/IPS out there that would spot and kill such a connection attempt in a millisecond.
Also, telnet is unencrypted. Who attacks something when everything is readable? It beats the purpose.
This story has so many holes that a junior net-admin could prevent in their first week. I will assume that Vodafone has 'an army' of highly skilled network and security administrators that have "block telnet" in the first page of their checklists.
I am not taking sides. I am just thinking of ways I have reacted in the past when I found on firewall logs blocked connect attempts.
I also think Bloomberg should stick to what they do best, money. Let the IT Sec to far more qualified outlets. Or if they really want to do this right, and not just aim for clickbaits, get a team of experts to go through their material before they post.
I don't think you have an idea of how a telco works.
There isn't some giant firewall that every request goes through so you can say "block port 21" and your problem is fixed. Most of the equipment is talking directly to each other on many different private networks some of which may be managed by third parties. And as companies shift towards virtualised, container based architectures it can become harder as there is more complexity as companies transition.
And not sure if you've worked at a large company before but the idea that they have this army of highly skilled people who just make sure everything works perfectly isn't what happens.
Actually I have, most of my employers and clients the past few decades have 80k++ employees. I understand that there are PLENTY of interfaces on a company on the size of Vodafone (let's call them that) that have live access to networks, infrastructure, and what have you (e.g. Huawei, Nokia, Ericsson to name the big whales) and myriad other smaller ones monitoring, fixing, live, a million moving parts.
The responsibility and accountability remains though. I do not accept the 'we are big and busy so we drop the ball'.
leaving un secure stuff open is not the same as a damn backdoor
BUT, being lax in rigour concerning what ports, etc are left open and the security reasons why is just at some point a question of are they an unknowing asset of China Gov...
reply