Published on the 18/06/2018 | Written by Pat Pilcher
US intelligence agencies add to Chinese tech giant’s conspiracy theories…
The rumour mill has kicked into overdrive amidst speculation that Australian intelligence agencies are recommending the Australian government ban Chinese telco Huawei from bidding for 5G contracts.
It isn’t the first time that the Chinese network equipment manufacturer has been blocked from participating in the Australian market. Huawei, who accounts for the lion’s share of New Zealand’s mobile and fixed telecommunications infrastructure, was banned from competing for contracts in Australia’s NBN build in 2012.
Speculation intensified earlier this week when Australia intervened to prevent Huawei from taking part in a submarine cable project. The scheme links the Solomon Islands and Papua New Guinea to Australia.
Huawei’s Australian corporate affairs director, Jeremy Mitchell, confirmed that Huawei was unaware of any decisions to bar them from participating in a 5G network build: “Huawei remains in productive discussions with the government. It has not been informed of any decision to exclude it from 5G networks.”
“Ironically…US intelligence agencies planned to exploit Huawei network hardware for intelligence gathering purposes.”
Speculation is mounting that US intelligence agencies are pushing Australia to block Huawei.
Earlier this year, the directors of six major US intelligence agencies warned the US Government that American citizens shouldn’t use telecommunications equipment made by Huawei and ZTE.
Chief amongst the concerns cited by US intelligence agencies is the belief that Huawei could exploit their position inside telecommunications networks to gather intelligence for the Chinese government.
So, is the paranoia of the Australian Government and US intelligence agencies warranted?
Do businesses have anything to fear from Huawei?
One threat commonly cited is the “Kill Packet”. It’s an over-used trope in Hollywood as it is a quick and convenient way of swinging movie plots over in favour of the “good guys”. In movies, a hacker crashes networks by uploading malicious code.
The reality is that, like most Hollywood stories, it doesn’t hold up to scrutiny. The control plane for enterprise routers is usually separate and firewalled away from the data plane. To drop a Kill Packet where it could do any damage would require that the hacker had already gained full network access. It would require bypassing access control lists, firewalls and NAT. In short, it is unlikely that a Kill Packet could shut down an entire network as each part of the corporate network would have to be hit with a specific attack.
Another oft-cited threat involves hidden backdoors built into the firmware of Huawei hardware. In theory, these hidden backdoors would allow a hacker to gain administrator access and wreak havoc. In the real-world, hidden backdoors don’t stay hidden for long. A more common danger exists in the form of factory default passwords left unchanged. Simply put, unchanged factory default passwords are not a Huawei issue.
The other scenario cited by the anti-Huawei camp involves a hidden intentional bug that could, in theory, allow a hacker in the know to gain access.
Just like the Kill Packet scenario, intentional bugs would only exist for a short time before being patched. Also, if such a bug went undetected, it would probably be limited to a tiny part of any network.
It is hard to arrive at any conclusion other than that these threats make little sense. Huawei dominates the Chinese marketplace, so in theory, backdoors and intentional bugs are also accessible to other governments.
The reality is that Huawei or the Chinese government are probably unlikely to risk installing backdoors unless they alone could take full advantage of it and could keep it hidden. Wikileaks and strong social media communities make keeping such secrets an incredibly tricky thing to achieve.
A more realistic scenario that is already of enormous concern to businesses is unintentional bugs. Even though intentional backdoors are improbable, what about those bugs that seem to exist on most hardware?
Nearly every single piece of software, hardware and silicon launches with some bugs. These bugs are so widespread that they have an entire industry behind them. Most anti-malware, patch management and intrusion prevention software exists because it is almost impossible to keep bugs out of the tens of millions of lines of code used in enterprise software and hardware.
Add in poor configurations, and potential vulnerabilities are everywhere. These issues are not just around Huawei, they are industry-wide, regardless of geographic borders.
Additionally, no real evidence of spying by Huawei has surfaced over the past decade. The only example of espionage involves the USA spying on Huawei. It comes from documents leaked in 2010 by Edward Snowden. These detailed operation “ShotGiant” in which the NSA hacked the main PABX at Huawei’s Shenzhen HQ.
Ironically, one of the documents leaked by Snowden detailed how US intelligence agencies planned to exploit Huawei network hardware for intelligence gathering purposes: “Many of our targets communicate over Huawei-produced products. We want to make sure that we know how to exploit these products”, to “gain access to networks of interest”.
Sceptics say that the US’s anti-Huawei stance taps into xenophobia and competitor lobbying that is more about racism and money than security. The lobbying is more reflective of US and European network equipment suppliers having been frequently outbid by Huawei on significant infrastructure projects.
During an interview on ABC’s Radio National, Huawei Australia chairman John Lord refused to discuss what Huawei’s options would be if Huawei were prevented from participating in the Australian 5G rollout. While he declined to speculate, he did say that it would be a sizeable blow to the company.
Lord noted that mobile telecommunications infrastructure accounts for at least 70 percent of Huawei’s Australian business which employs around 750 staff. Huawei currently supplies network equipment to both Optus and Vodafone in Australia and is also rumoured to be a supplier to TPG for their soon-to-launch Australian mobile network.