October 24, 2016

No evidence that Huawei was spying for China but vulnerabilities a worry

(LiveHacking.Com) – Earlier this month a report by the U.S. House of Representatives Intelligence Committee said that U.S. telecommunications operators should not buy equipment from Huawei Technologies Co Ltd or its smaller rival, ZTE Corp. because of the security risks posed by potential Chinese state interference. Or to put it simply, worries over electronic spying on U.S. interests.

Now however, two people familiar with a White House-ordered review of the security risks posed by Chinese telecom suppliers have told Reuters that the 18-month review found that relying on Huawei was risky for other reasons, such as the existence of vulnerabilities that hackers could exploit. But there was no evidence of Huawei spying.

It seems that the White House ordered intelligence agencies to conducted a classified inquiry into Chinese telecom equipment makers which investigated reports of suspicious activity and probing nearly 1,000 telecom equipment buyers. “We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there.”

The report from the Republican and Democratic leaders of the House Intelligence Committee criticized Huawei for not providing details about its relationship with Chinese government agencies. Last year, Huawei was banned from bidding for an emergency network for first responders “due to U.S. government national security concerns”.

“The White House has not conducted any classified inquiry that resulted in clearing any telecom equipment supplier,” White House National Security Council spokeswoman Caitlin Hayden said.

Because the White House review did find several security vulnerabilities within Huawei products, questions are being asked about whether Huawei intentionally put the vulnerabilities into its devices as a backdoor for the Chinese Government.

Chris Johnson, a former CIA analyst on China, said officials emerged from the review with “a general sense of foreboding” about what would happen if China asked Huawei for assistance in gathering intelligence from U.S. customers.

ZDNet reported from the  security conference “Hack In The Box” that researcher Felix “FX” Lindner has demonstrated how easy it is to gain access to Huawei routers and telecom equipment. He told the conference in Kuala Lumpur, “I don’t know if there are backdoors – but it doesn’t matter since there are so many vulnerabilities.” According to Lindner the code running on the routers, used by billions worldwide, is out dated and full of security holes.

Around the world, the reaction from other agencies has been mixed. Australia barred Huawei from becoming a contractor on the country’s National Broadband Network, and Canada said last week that Huawei could not bid to help build a secure national network. However Britain has said that  Huawei’s products have been fully vetted and did not represent a security concern.