The Macrosite for News, Analysis and Opinion about the Future of the Internet
Alan Reiter

Huawei's US Sales Push Raises Security Concerns

Written by Alan Reiter
9/10/2010 36 comments
no ratings
DISCUSS     Email This

Should United States telecommunications companies consider purchasing -- or even be allowed to purchase -- infrastructure equipment from a major Chinese company that could, maybe, be a significant national security risk?

Some US government officials and security experts are concerned about products from Huawei Technologies Co. Ltd. , which has begun more actively courting US customers.

A letter last month from eight Republican senators asked whether Timothy Geithner, US Secretary of the Treasury, and retired Gen. James Clapper, Jr., Director of National Intelligence, should prohibit Sprint Nextel Corp. (NYSE: S) from purchasing products from Huawei. The letter expressed concern that Huawei products "could create substantial risk for US companies and possibly undermine US national security."

Reasons for the concern include Huawei selling communications equipment to Saddam Hussein, the Taliban, and Iran, including Iran's military. The senators also are concerned that Huawei's CEO, Ren Zhengfei, was an officer in China's military, the People's Liberation Army (PLA). In addition, Motorola Inc. (NYSE: MOT) is suing Huawei and former Motorola employees for allegedly selling proprietary information.

Although the Republicans are no doubt playing politics, the letter serves to highlight legitimate concerns about types of Chinese infiltration in critical US infrastructure. For example, the FBI and other government agencies have been concerned about the possibility of back doors and other potential security problems from counterfeit Cisco routers (not related to Huawei) installed on US government and corporate computer systems.

At least one expert, Gordon Housworth, founder of the management consulting and technology services firm Intellectual Capital Group, characterized the firms that developed the counterfeit routers and the router architectures as “reasonably having a connection to the Chinese military.”

Housworth, who is a former member of the intelligence community, is not alone in considering Huawei, in essence, an arm of the PLA. He says "that risk is highest when purchasing equipment from Chinese or Israeli vendors because of the possibility of hidden firmware, software, or post-installation intervention that could compromise security."

Another security expert concerned about foreign tampering is Bruce Schneier, chief security technology officer at BT and a well known blogger about security. Although he doesn't have any proof, Schneier says it "certainly wouldn't surprise me at all" if Huawei installed software that could endanger US security. He would "think twice" before buying equipment from Huawei.

If Huawei's hardware, such as cellular switches for voice and data, are possible security threats, why would any cellular operators even consider them? One major reason is price. Huawei is extremely price competitive, which could outweigh potential security concerns. However, as Housworth emphasizes, "low cost is not low risk."

In the US, Huawei is working with a Kansas company, Amerilink Telecom, to help win contracts from American companies. Several top Amerilink executives are former Sprint executives, which certainly helps to get their phone calls answered when courting Sprint.

But couldn't cellular operators just employ security experts to tear apart Huawei equipment to search for potential security problems? Schneier says it's possible, but it's like trying to find every insect in your house. It's "very, very hard" to find every bug -- insect or computer-related.

So why not purchase from one of the other top vendors, such as Ericsson AB (Nasdaq: ERIC) or Nokia Siemens Networks ? That's safe, right? Uh, no.

In 2006, one of the most infamous cellular wiretapping cases in the world erupted when more than 100 people in Greece had their conversations monitored, including the Greek prime minister and other officials, military officers, and journalists. An Ericsson switch (or switches) on Vodafone's network was (or were) hacked. Hackers exploited a legitimate software upgrade that was designed -- legally -- to allow Greek law enforcement personnel to tap into conversations.

No one knows (or is saying) who was involved -- Ericsson, Vodafone, contractors servicing the equipment, the CIA, Greek government spies, or a combination thereof. But it highlights Housworth's warning that even if hardware is secure when it's initially installed, it could be compromised in many ways after installation, on-site and/or remotely.

So forget Huawei and Ericsson. Let's pick Nokia Siemens for cellular infrastructure. Don't concern yourself with Nokia Siemens being sued over its telecom hardware used by the Iranian government to persecute political dissidents.

The sad fact is any computer system and telecommunication infrastructure can be hacked to endanger national security. Indeed, governments are increasingly demanding access to secure or relatively secure systems, which creates more potential backdoors for hackers to exploit.

Perhaps all these real and possible infrastructure attacks don't concern you. After all, I'm sure your Huawei Android phone could never be compromised. It's not as if you'd need to take some precautions.

— Alan Reiter, President, Wireless Internet & Mobile Computing
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 4   Next >
Mr. Roques
Researcher
Friday January 14, 2011 10:21:17 AM
no ratings

They can? If the company is traded in the NYSE, the US can block who can invest in it? (just asking, don't know how that works).

 

Thanks for the reply and don't worry about the response time.

Alan Reiter
Thinkernetter
Monday December 20, 2010 8:28:07 PM
no ratings

Hi schneier (Bruce),

I appreciate having been able to interview you, and I'm sorry you feel your comments were taken out of context.  That's not my intention, of course.

When I interviewed you on the phone, I specifically said I was writing about Huawei, and I asked about the possibility of security problems with that company.  You said you would think twice about purchasing from Huawei, but you did not add that you would think twice about purchasing such equipment from any company.

Perhaps that's what you were thinking and what you meant, but you didn't say that to me, which is why I didn't include that information from you.  I'm glad you noted what you meant in your comment below.

Alan Reiter
Thinkernetter
Monday December 20, 2010 8:09:14 PM
no ratings

Hi Mr. Roques,

I'm sorry I took so long to reply!  I didn't realize you had added another comment.

The U.S. government would be able to block companes for security reasons from doing business in the country.

Also, the government could put pressure on companies -- covertly -- to not purchase specific products or products from specific companies.  The U.S. is believed to have put pressure on Sprint not to purchase from Huawei.

schneier
Rank: Cave Painter
Saturday December 18, 2010 9:47:58 AM
no ratings

Hi,  Some of this is right, but some of my comments about Huawei have been taken out of context and, as a result, the meaning has been lost.  I'm generally "not surprised" by anything in the world of security and I would "think twice" before buying equipment from anybody.  Huawei are a trusted partner of BT.

Mr. Roques
Researcher
Saturday October 16, 2010 9:56:01 PM
no ratings

And what can the US do? They don't have any power over Huawei, and I can't think of any policy that can block foreign companies from doing business in the US - that would be the end for the US.

Blocking them from working with the US Government? Probably, but what if they are the best at what they are doing? Pay the price and go for ... ? 

Alan Reiter
Thinkernetter
Saturday September 25, 2010 7:53:01 PM
no ratings

Hi Phavanhna,

Yes, that's the point:  Huawei is a Chinese company, and if it wants to survive, let alone thrive, it has to play by the government's rules.  And those rules could be installing malware on its hardware.

 

Phavanhna
Researcher
Wednesday September 22, 2010 10:32:39 PM
no ratings

Chinese companies like Huawei is different. Dont forget, it's China.

Mr. Roques
Researcher
Monday September 20, 2010 10:49:25 AM
no ratings

Well, the US better get on China's side soon... 

Alan Reiter
Thinkernetter
Sunday September 19, 2010 11:27:55 PM
no ratings

Hi kenton,

Many U.S. government agencies are very concerned about outsourcing of components and entire systems.

Costs are a huge consideration, though.  If every product that could be a potential security threat was manufactured in the United States -- with constant supervision by U.S. security personnel -- the cost  as well as the supervision probably wouldn't be financially or politically acceptable.  And Americans can be bought, too.

Even if cellular operators purchased equipment from Alcatel-Lucent, Nokia Siemens or Ericsson, the components probably are made in Asia.

I don't see a conspiracy lurking under every bed, but computer espionage is a reality, and will get worse.  There are no easy answers.

kenton
IQ Crew
Wednesday September 15, 2010 7:37:38 PM
no ratings

To me this article raises a broader question than; Is China putting backdoors in their hardware? It is whether we should allow critical infrastructure to have key components made in a country that clearly would have an interest in installing those backdoors. Should electric systems operators, financial institutions, and government agencies be required to use homegrown equipment that they know (to the best of their ability) is clean? You can't just say, only buy Cisco or Nortel routers as much of that hardware or components are also made in China or Taiwan. It would have to require that the hardware is actually made in approved factories by screened personnel. Is that too much to ask? I don't know the answer but I think it should be a serious consideration.

Page 1 of 4   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Alan Reiter
Alan Reiter
Alan Reiter   6/13/2013   28 comments
In the past few weeks, Evernote, Twitter, and LinkedIn have implemented an optional security feature: two-step verification. It's time -- perhaps even past due -- for enterprises to consider offering this feature as well.
Alan Reiter
Alan Reiter   5/28/2013   91 comments
A horror story could unfold if Gartner is correct that many businesses will soon be forcing their employees to bring their own devices to work. It might seem like great news to people who want to use their own gear, but the policy could turn ugly for both employees and IT departments.
Alan Reiter
Alan Reiter   5/16/2013   32 comments
The apartment and house sharing service, Airbnb, now requires members to verify their identities by demonstrating a presence on the web, and by either scanning a government ID or entering detailed personal details. Other enterprises should take a close look at Airbnb's verification policies.
Alan Reiter
Alan Reiter   5/6/2013   46 comments
Enterprises must keep a close eye on the Marketplace Fairness Act, now before Congress, which would allow a nationwide sales tax on US online purchases. The bill's enactment will affect every business that operates or buys from an e-commerce website.
Alan Reiter
Alan Reiter   4/30/2013   57 comments
Samsung Electronics recently announced two Galaxy Mega branded phones with enormous screens -- 5.8 inches and 6.3 inches -- that could be useful for enterprises, especially those in vertical markets.
5
of
Beau Brendler
Terrorism Expert Says US Gave Away Stuxnet Tech
4|4|12   |   3:29   |   9 comments

US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Wisdom of the Big Chair
Mobile Burnout Could Slow BYOD
1|11|13   |   2:44   |   No comments

Saturation in the mobile phone market could bring welcome relief to IT managers overwhelmed by the pace of BYOD.
Wisdom of the Big Chair
FBI Turns Attention to Mobile Security
10|30|12   |   3:45   |   8 comments

The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
Wisdom of the Big Chair
Facial Recognition Looms on the Horizon
7|27|11   |     |   4 comments

Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
Second Shooter
Firefox OS Points to Possible New Directions for Google
3|4|13   |   2:08   |   6 comments

A "Chromephone" would allow Google to regain the control it lost from Android.
Reiter's Block
Free BlackBerry 10 Phones for Enterprises
1|18|13   |   3:06   |   No comments

Enterprises that fulfill certain requirements may receive a free BlackBerry 10 phone as part of RIM's new BlackBerry 10 Ready Program.
Mary E. Shacklett
Financial Services Policies Lag Tech Advances
12|4|12   |   2:18   |   6 comments

Regulations haven't kept up with advances in mobile devices and credit cards.
Wisdom of the Big Chair
Price, Not Features, Driving Smartphone Sales
11|29|12   |   2:01   |   7 comments

A survey by JD Powers found that customer interest in product features is lessening as phones evolve. Rather than features, price is driving purchases, and that change could have a dramatic impact on how IT departments secure these devices.
Reiter's Block
Amazon's Kindle Whispercast Targets Enterprises
10|29|12   |   3:05   |   No comments

Amazon's Kindle offerings typically are aimed at consumers, but its new Whispercast content management service is for businesses and non-profits.
Wisdom of the Big Chair
Wireless Data Growth Is Wild!
4|30|12   |   2:50   |   9 comments

The amount of data traffic running over US wireless networks grew 123 percent from 2010 (388 billion MB) to 2011 (866.7 billion MB), according to the CTIA. Carriers have tried to prepare for the change by moving from 3G to 4G networks. But with data rates increasing so rapidly, will there be enough bandwidth to meet future demand? Doubtful!
IETV: the thinkerNet on film
5
of
John Kennedy
How Big-Data Is Changing Marketing
6|13|13   |   1:07   |   1 comment

Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   10 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   1 comment

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
2pm EDT
Fri
Jun 21st
an IBM information resource
sponsored content
big blue blog
Todd Watson
Todd Watson   6/18/2013   Post a comment
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
Checklist for a Watertight Cloud Computing Contract
Charlotte Erdmann
Midsize businesses rarely achieve the same standards of security in their own datacenters as professional providers that specialize in delivering these services to organizations.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
The One Thing Your Customers Want (& How To Give It to Them)
Kevin Jacoby
It's safe to assume Microsoft isn't going anywhere.
CLICK FOR MORE
NSA Leaks Shine Spotlight on Perils of Contractor Partnerships
Jason Mick
The US National Security Agency learned the hard way that it can be dangerous to give a contractor too much money and access, with too little scrutiny. The NSA and other government agencies hire tens of thousands of contractors a year to analyze data. Edward Snowden -- who revealed himself as the NSA leaker after fleeing the country -- was one such contractor, reportedly holding a $122,000 salaried position at Booz Allen Hamilton at the time of his departure.
CLICK FOR MORE
Amazon Revolutionizes Book Publishing
Mansur Hasib
The publishing world has long been controlled by powerful companies with high costs, barriers to access, restrictions on distribution, one-sided copyright ownership contracts, and lengthy delays in getting critical information and knowledge out to a broad audience. In this world it often seemed all but the most famous of authors controlled little while publishers controlled everything. In the academic community, the sad result has been an excessive price increase in the cost of textbooks. Technology is finally empowering authors.
CLICK FOR MORE