S. Korea Diverts Network From Huawei Networks

An anonymous reader writes with this excerpt from The Verge: "The South Korean government has decided to route sensitive data away from networks operated by Huawei, amid longstanding fears from the U.S. that the Chinese company's infrastructure could be used to spy on communications. As the Wall Street Journal reports, the U.S. had been urging its South Korean allies to route government communications away from Huawei networks, claiming that the infrastructure could be used to spy on communications with American military bases there. As a result, Huawei equipment will not be used at any American military base in South Korea. The Obama administration denies playing a role in the decision, and South Korean officials have not commented. The Journal reports that the White House made a point of keeping the talks private because it didn't want to be seen as meddling in its ally's business affairs."

Who cares

[boorack]

Thank tho Snowden we now know that Cisco is even worse in that regard. So the only thing one can choose is who will be sucking one's data - US or China. There best way to keep networks safe is to roll one's own equipment (eg. PC-based with OpenBSD or something, sourced from local vendor) but it has its own limitations.

Re: Use Cisco instead...

[chill]

Uh, no. You just read the *headlines* on Snowden articles and not the details, didn't you?

Backdooring Cisco or Juniper equipment required physical access or someone to upload a Trojan firmware.

Huawei has a *remote upgrade* feature that allows remote firmware programming. They are very..."user" friendly.

Cisco?

[Anonymous Coward]

Thank tho Snowden we now know that Cisco is even worse in that regard.

[citation needed]

In what way? I am not aware of any backdoors being reported from the Snowden documents. I've seen Chinese media say that Cisco helped the NSA, but not any reports from Greenwald et al:

http://news.yahoo.com/chinese-media-snowden-says-cisco-090020241.html

There are reports of exploits against Cisco equipment by the NSA, but they've also attacked Juniper, Huawei, and many other vendors. So again: [citation needed].

So while I'm not a fan of Cisco gear for other reasons (primarily budget/value proposition), from a security POV there shouldn't be much of an issue AFAICT.

Re: Use Cisco instead...

[EmperorArthur]

Huawei firmware is not known for its quality. It has so many nasty bugs and security holes, the remote firmware programming interface is just a safer way to do it.

Cisco and Juniper are much better (at least their boxes crash or do idiotic things a lot less than Huawei boxes), but still not anywhere close to safe enough for the job, as one can easily check by hunting for C and J firmware exploits in several sites.

I always point to this video when people ask what my big deal with Huawei is. The takeaway, they found early 1990s bugs and security everywhere, including all memory being world accessible and mapped read, write, execute. That means you just need an exploit, no privilege escalation necessary. Also, not only are these exploits easy to find, Huawei doesn't publish CVEs or changelogs for their new firmware. Combine that with most debugging features only being available in Chinese.... Yeah, I'll pass.

http://www.youtube.com/watch?v... [youtube.com]