Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Android Businesses Government United States Apple Hardware

FBI, CIA, and NSA: Don't Use Huawei Phones (cnbc.com) 238

The heads of six top U.S. intelligence agencies told the Senate Intelligence Committee on Tuesday they would not advise Americans to use products or services from Chinese smartphone maker Huawei. "The six -- including the heads of the CIA, FBI, NSA and the director of national intelligence -- first expressed their distrust of Apple-rival Huawei and fellow Chinese telecom company ZTE in reference to public servants and state agencies," reports CNBC. From the report: "We're deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunications networks," FBI Director Chris Wray testified. "That provides the capacity to exert pressure or control over our telecommunications infrastructure," Wray said. "It provides the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage."

In a response, Huawei said that it "poses no greater cybersecurity risk than any ICT vendor." A spokesman said in a statement: "Huawei is aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei's business in the U.S. market. Huawei is trusted by governments and customers in 170 countries worldwide and poses no greater cybersecurity risk than any ICT vendor, sharing as we do common global supply chains and production capabilities."

This discussion has been archived. No new comments can be posted.

FBI, CIA, and NSA: Don't Use Huawei Phones

Comments Filter:
  • Huawei competes with the likes of Samsung, LG, Motorola and all other Android phones. Apple really has no rival as they control the entire garden within their walls.
    • by thegarbz ( 1787294 ) on Wednesday February 14, 2018 @05:29PM (#56125207)

      Just because someone has their own ecosystem doesn't mean they aren't competing with single vendors from other ecosystems.

      • by bjwest ( 14070 )
        There may be crossover customers that purchase an Apple or Android phone based on some whim and go back and forth often, but most Apple users would never use an Android device, and vica versa. This isn't counting the people who can't afford an Apple. If you want to disregard the OS and hardware, then Apples main and major competitor would be Samsung. Huawei, I don't think, would make it very far from the bottom of the list of would be competitors.
      • Or with multi-vendor stacks from other architectures.
  • by Anonymous Coward on Wednesday February 14, 2018 @04:52PM (#56124875)
    Immigration shouldn't use Chinese phones as they go after Mexican illegals on the order of our Russian controlled president.
    • You are mistaken about the Russian-controlled President. Hillary lost the election.
  • by Anonymous Coward on Wednesday February 14, 2018 @04:52PM (#56124877)
    They are simply bypassing adding a barrier of entry which would be illegal by pretending they are a security risk. That could backfire a lot though, because so far only the US was caught with the hand in the malware cookie jar, and massively intercepting comms. That could turn around and bite the US in the ass, why trust anything including new computer plateform when it is spied upon NSA, subpoenaed even if server are not physically in the US, and most probably bugged to hell by the NSA ? Huawei was never caught red handed. The US and NSA was. By using this tactic , the US may remind OTHER countries who was the one governement which was caught doing what they pretend Huawei is doing....
  • Translation: (Score:5, Insightful)

    by Anonymous Coward on Wednesday February 14, 2018 @04:53PM (#56124885)

    We've begged this company to allow backdoors in their products and they have refused, so please don't use their products, m'kay!

    • Re: (Score:3, Interesting)

      by ArhcAngel ( 247594 )
      This is the most plausible explanation I have seen to the argument.
      • by Anonymous Coward

        Exactly. If you're doing something the Chinese government would be interested in, sure, I can see avoiding their stuff. However, since most US citizens don't engage in anything that's of interest to a foreign power, it seems to me that using something one's own government hates is actually a good thing.

        That statement would be unnecessary and wrong if one could trust said government, but where law enforcement is concerned one hasn't been able to trust the US government since at least the 1960s if not earli

        • Re:Translation: (Score:4, Insightful)

          by Obfuscant ( 592200 ) on Wednesday February 14, 2018 @06:01PM (#56125455)

          Exactly. If you're doing something the Chinese government would be interested in, sure, I can see avoiding their stuff.

          Malware doesn't always have to be watching users and grabbing their data. They can also be getting hooks into the US wireless infrastructure.

          But if it is ok that the Chinese do watch everything you do, that's ok with me.

          it seems to me that using something one's own government hates is actually a good thing.

          So when the FDA or EPA bans something you run right out and start downing massive quantities because anything the FDA hates must be a good thing?

        • by tlhIngan ( 30335 )

          Exactly. If you're doing something the Chinese government would be interested in, sure, I can see avoiding their stuff. However, since most US citizens don't engage in anything that's of interest to a foreign power, it seems to me that using something one's own government hates is actually a good thing.

          Most Americans don't work? Because what most Americans do at work might be of interest to foreign nations. It's called industrial espionage, after all. Let's say you work at Tesla, on the line putting screw A

        • Ahhh yes this is what East Germans thought about their stasi records. It's a common coping mechanism.

      • Unbreakable encryption is already an easy add-on. That hasn't been the worry in years*. It's the underlying backdoors that should scare you. And there is very good reason to believe that these phones have backdoors built into them. The Chinese government is far stricter in terms of control of cellphones than the US is, for one. For another, Chinese companies are far less independent.

        * Plus or minus new inventions. But the same algorithms are used everywhere, so once they are compromised they all fall

    • Re:Translation: (Score:5, Interesting)

      by Excelcia ( 906188 ) <slashdot@excelcia.ca> on Wednesday February 14, 2018 @05:27PM (#56125197) Homepage Journal

      Let's take it as a given that Huawei does indeed have spyware/tracking hooks in their phones right down to the hardware level. Let's also take it as a given that the NSA, therefore, doesn't have hooks into those phones. What does that mean for us?

      Will Chinese authorities arrest someone in US, UK, or Canada if they find out someone here is doing a Google search for Al Qaeda on a Huawei phone? Unlikely. WIll they turn over GPS tracking of me to law enforcement?

      If I take it as a given that someone will be watching everything I do on my phone, I can't think of anyone I would rather have watching than a government that is antagonistic to the NSA.

      I know what my next handset will be.

      • Let's take it as a given that Huawei does indeed have spyware/tracking hooks in their phones right down to the hardware level. Let's also take it as a given that the NSA, therefore, doesn't have hooks into those phones. What does that mean for us?

        It means that not only does NSA have the ability to track you, you're giving the Chinese the ability to do that, along with letting them have access to the wireless infrastructure from thousands of different places.

        The excuse that "A can do it, so why worry if B can do it, too?" is pretty silly.

        I can't think of anyone I would rather have watching than a government that is antagonistic to the NSA.

        Antagonistic to the USA. You're part of the target.

        • The excuse that "A can do it, so why worry if B can do it, too?" is pretty silly.

          Except that doesn't seem to be the point the previous poster was making. It took it to mean the choice of the lesser evils, in terms of personal risk. One side being spied on by a foreign country where it is highly unlikely you will be extradited and imprisoned in their gulags, or the other being completely exposed where you may be subject to one or all of the following depending on the government's level of interest:

          early-am no-knock raids by heavily armed paramilitary police
          taken to court where you wil

      • Like the NSA doesn't have the resources to reverse engineer a back door if they wanted too.... Shesh..

    • Re:Translation: (Score:5, Insightful)

      by Archangel Michael ( 180766 ) on Wednesday February 14, 2018 @05:33PM (#56125255) Journal

      The scary thing is, we have all the evidence we need that they (The US Government) can spy on anyone they want. And they lie about it. And nothing happens when they do lie about it. Why anyone trusts anything they say is beyond me.

      • Re: (Score:3, Insightful)

        by Obfuscant ( 592200 )

        Why anyone trusts anything they say is beyond me.

        It is pretty well accepted as fact that the Chinese manufacturers can insert all kinds of backdoors into the networking hardware they manufacture. The US government saying that a Chinese phone manufacturer can do that, too, does not take a real leap of faith.

        I've used Chinese-made network hardware that I've seen sending data back to an unidentified server in China. I don't doubt that a cell phone manufacturer might be able and willing to do the same. The difference is that it is trivial to install a firewa

    • by outlaw ( 59202 )

      Indeed !

      AKA: We want to be the only ones who can spy on *our* citizens - and these bozos will not sign a reciprocity of data collection with us (5 eyes and all).

    • We've begged this company to allow backdoors in their products and they have refused, so please don't use their products, m'kay!

      LOL... Unlikely.. If the NSA wanted a back door, they could put one in themselves. They have the resources to reverse engineer something as simple as a phone and get the wireless carriers to push it with their next software update....

      Take this at face value but I've heard that some Huawei network components have a "phone home" feature built in that provides information about the network traffic it's working with to some location for less than clearly defined reasons. I don't suppose a phone would be any

  • by Archtech ( 159117 ) on Wednesday February 14, 2018 @04:54PM (#56124891)

    '"We're deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunications networks," FBI Director Chris Wray testified'.

    I wonder if Mr Wray would care to state exactly what "our values" are. I suspect the reason why politicians (and make no mistake, the FBI Director is a politician first, last and foremost) never list "our values" is either because they have forgotten what they are supposed to be, or because they are afraid listeners would burst out laughing.

    Democracy? The USA was never meant to be a democracy - quite the contrary - and it is now definitely a plutocracy.
    Freedom? That depends, doesn't it - whose freedom to do what to whom?
    Freedom of speech? "It is by the goodness of God that in our country we have those three unspeakably precious things: freedom of speech, freedom of conscience, and the prudence never to practice either of them". - Mark Twain, Pudd'nhead Wilson's New Calendar, Ch. XX
    Freedom of assembly? Not anywhere near where any politicians are having a meeting, or anywhere the armed forces say you can't go.
    A free market? Everything is rigged, starting with interest rates and including the stock and bond markets.

    I could go on but I don't want to bore anyone.

    • Re: (Score:3, Insightful)

      by sit1963nz ( 934837 )
      Um it think those values are "We come in peace, shoot to kill" Lets face it, any country that will elect a sexual predator as its leader lacks any moral stance worth emulating.
  • Well.... (Score:4, Insightful)

    by Anonymous Coward on Wednesday February 14, 2018 @04:55PM (#56124905)

    Honestly, the Chinese government has no power or authority over me, so if that government took my data I'd mind a whole lot less than if it was my own government.

    I'm not really sure what the risk level is here for the average person while using a product from Huawei, it just doesn't seem any more significant than using Google, Facebook, Apple, or other tech company products that already surveil the hell out of you.

    • Technically, the powers of the US government are supposed to be limited too. After all, it is "We the People" that are supposed to have the power of governance.

    • Re:Well.... (Score:4, Interesting)

      by farble1670 ( 803356 ) on Wednesday February 14, 2018 @05:41PM (#56125313)

      Honestly, the Chinese government has no power or authority over me, so if that government took my data I'd mind a whole lot less than if it was my own government.

      So you won't mind if (chinese) hackers get your financial data and empty your bank account or charge up your cards?
      You don't mind if they get personal data and sell it off at a price to whoever wants it?
      You don't mind if they use it to perform corporate espionage, if you have work data on your device?

      If it was a US corporation doing something illegal, you'd have legal recourse (at least in theory). Here you do not.

      I think you need to think about that one a little harder.

      • Honestly, the Chinese government has no power or authority over me, so if that government took my data I'd mind a whole lot less than if it was my own government.

        So you won't mind if (chinese) hackers get your financial data and empty your bank account or charge up your cards?
        You don't mind if they get personal data and sell it off at a price to whoever wants it?
        You don't mind if they use it to perform corporate espionage, if you have work data on your device?

        I would mind just as much as I mind when US-based entities do it.

        If it was a US corporation doing something illegal, you'd have legal recourse (at least in theory).

        Haaaaaaaaaaaaaaaahahahahahahaahahaaaaaaa!!!!

        • I would mind just as much as I mind when US-based entities do it.

          So you are of the mindset that as long as one person is raping you anally, it's all good if more join in?

          • I am of the mindset that it's just as bad regardless of who is doing it. Trading one for another doesn't matter much. If anything, being raped by a stranger is better than being raped by someone who could put you in prison if they don't like your performance during the rape.

      • So, what you are saying is that the 96% of the worlds population that don't live in the USA should be suspicious of US products.

        Just look at the number of data breaches, illegal activities by banks, corruption by politicians in the US and you will quickly figure out you actually have no more "rights" in the USA than you do in most of the rest of the world. And any punishment/legal action in the USA means the lawyers will get rich and victims will get about $1 if they are lucky.

        Why do you think they ta
        • So, what you are saying is that the 96% of the worlds population that don't live in the USA should be suspicious of US products.

          Yes of course they should.

          Good luck with your trolling. You're doing a great job.

          • Statement of facts, not a troll.
            • Still waiting for the links, to reputable sources. Or is that impossible considering all of the "fake news" nowadays?

  • by ArhcAngel ( 247594 ) on Wednesday February 14, 2018 @04:56PM (#56124909)
    By their logic we shouldn't be buying Lenovo, Motorola, Apple (Foxconn), or any of over a hundred other Chinese OEM's devices. The excuse that Apple controls the OS isn't even a solid argument as the firmware is still in the hands of the OEM and susceptible to tampering. There's something else pushing this narrative. Be interesting to find out what it is.
    • by ArhcAngel ( 247594 ) on Wednesday February 14, 2018 @05:19PM (#56125121)
      As AC posted above perhaps they refuse to allow a back door into the system. Everyone remembers when India threatened BlackBerry with banishment if they weren't allowed access.

      It's funny how everybody points to BlackBerry giving in to the pressure from India while completely ignoring the fact they were the ONLY company that publicly refused to give access in the first place.
    • The excuse that Apple controls the OS isn't even a solid argument as the firmware is still in the hands of the OEM and susceptible to tampering.

      That's almost certainly not the case. The firmware images must be signed by Apple. It may be flashed by the OEM but unless they have Apple's private keys they aren't modifying it.

      • It may be flashed by the OEM but unless they have Apple's private keys they aren't modifying it.

        You don't have to modify the OS if you've modified the BIOS or what is used to verify the BIOS signature. Before you say "phones don't have a BIOS", then replace "BIOS" with "boot code".

        • You don't have to modify the OS if you've modified the BIOS or what is used to verify the BIOS signature. Before you say "phones don't have a BIOS", then replace "BIOS" with "boot code".

          I can only speak about Android, but I assume Apple devices work in a similar manner.
          https://source.android.com/sec... [android.com]

          • I can only speak about Android, but I assume Apple devices work in a similar manner.

            I do too, which is why I pointed out that if you create the hardware you can have it do anything you want and no signed operating system later will be able to prevent or detect it. Who watches the watchers? Or, if it is turtles all the way down, who verifies the signature on the bottom of the bottom turtle?

            • who verifies the signature on the bottom of the bottom turtle?

              I think the point is that if the bottom signature is verified with software and a signature that's fused into a chip, you need to replace that chip to defeat it. If you can physically modify the hardware, all bets are off.

              Who watches the watchers?

              If you don't trust the Apples, Googles, HTCs, and Samsungs, the folks that are fusing keys into chips, don't buy these products. I guess I'm comforted by the fact that if these guys like money, and if they screwed up it'd be the death of them.

    • > the firmware is still in the hands of the OEM and susceptible to tampering The physical phone is in your hands right now. Try to tamper with the firmware and see what happens.
    • Like somebody else already posted, Foxconn = Taiwan, and believe me last I heard they hate the People's Republic of China, the commie bastards that the US is, I think, simultaneously doing business with and keeping at arms length with all the cyber war stuff.

    • By their own logic the 96% of the worlds population who do not live in the USA should avoid US made products. This is backed up by the number of times the alphabet agencies have been caught illegally spying on their own people.
      • By their own logic the 96% of the worlds population who do not live in the USA should avoid US made products.

        Fortunately for us, there are no "made in the USA" products actually made in the USA - they are all made in China anyway. The USA economy would appear to be entirely composed of fake news, Gangsta Rap and Hollywood Movies, all of which are much easier to pirate than get legally.

        And If I had a secret, I probably would not discuss it on my phone.

  • by Narcocide ( 102829 ) on Wednesday February 14, 2018 @04:57PM (#56124921) Homepage

    Apple phones are still manufactured by a Chinese company. For that matter, how are these one line of Huawei phones different from literally every other phone manufactured in China to be sold worldwide, including in the US?

    What is special about this particular line of phones that they're not telling us?

  • Goose, meet gander (Score:5, Insightful)

    by Archtech ( 159117 ) on Wednesday February 14, 2018 @04:58PM (#56124943)

    Also, of course, if Americans are not to use Chinese devices in case the Chinese government spies on them - who (outside the USA) is going to want to use American devices?

    We know for sure that the US government systematically spies on Americans, and if they spy on Americans they certainly wouldn't baulk at spying on foreigners.

    So, goodbye all Apple sales to China, Russia, India, Europe, Africa, South America...

    • 96% of the worlds population live outside of the USA.

      Its won't take much for "USA First" to become "USA Alone"
    • by HiThere ( 15173 )

      Another question: What phones are "made in USA"? I sure can't think of any. So to me this sounds like "They won't add *our* backdoors, only their own." where apparently with most phones it's both sides have backdoors.

  • by ilsaloving ( 1534307 ) on Wednesday February 14, 2018 @05:01PM (#56124971)

    I don't get this stance. Virtually *everything* used in North America comes from China. Even precious American darlings like Apple make all their stuff in China and ship it over.

    If the US gov't is so worried about Chinese influence, maybe they shouldn't have allowed the overwhelming majority of it's manufacturing capacity to be moved overseas?

    • Most people in their late 40s and 50s, which is how old you need to be to bubble up to the top in just about any large organization, came of age in the late 80s and early 90s when China was a backwater, Russia was a third-world country, and all the cutting-edge good stuff was being manufactured by companies like IBM in places like Lexington, Kentucky.

      For much of the late 90s and 2000s, and even into today, that continued to be true for most (if not all) military electronics. A lot of laws and regulations t
      • I'm going to be off-topic and pedantic here.

        > Russia was a third-world country

        The definition of second world was "the USSR and its allies".
        First world is NATO (US and allies).
        Third world is countries not aligned with either major power, often because they weren't significant enough to make a big difference anyway, so they weren't courted by either the US or USSR.

        • Well, I was going to say shit-hole, but...
    • by AHuxley ( 892839 )
      Re 'manufacturing capacity to be moved overseas?",
      Its not the overseas part the NSA is worried about. Its access to all the US domestic telco systems. Telco systems all over the USA next to U mil sites, ports, bases, production lines. A next gen real time collection network next to a US base for free.
      Think of the way the NSA and GCHQ did global collect it all.
      The sites and telco rooms the NSA needs to collect on all domestic and international networks all over the USA.

      That needs NSA contractors abl
  • by NuclearCat ( 899738 ) on Wednesday February 14, 2018 @05:03PM (#56124985) Journal
    *sniff sniff*, smells like bullshit.
    Isn't such agencies should come up with solid proof first, before accusing anyone? Or they became oligarch/multinationals mercenary - like law enforcement agencies in Putin Russia?
    What if China cut, in retaliation, and in their traditions - much more harsh way, Apple? 1/4-1/3 of profit gone? (and other countries might enjoy following trend)
    • What if China cut, in retaliation, and in their traditions - much more harsh way, Apple? 1/4-1/3 of profit gone? (and other countries might enjoy following trend)

      China (and every other country on the planet) could ban the import of all Apple devices manufactured in the USA and Apple wouldn't even notice. Neither would the US balance of trade monitors.

    • Proof? Who needs proof. As long as you repeat a lie loud and long enough, that becomes the truth.
  • That the products from one country has more back doors than those from another country.

    Yes the hand of the state is deeply involved with corporate enterprises in China.

    But that does not preclude things such as NSL (National Security Letters) and indirect influence via government purchases and tax breaks, which also pressure companies in other countries to install back doors or just implement weak/crippled security.

    Look at the security mess with Intel ME and AMD PSP. Not to mention Microsoft Windows 10, and

  • Is there a reason to single them out? Are their denials insufficiently vehement?

    • Is there a reason to single them out? Are their denials insufficiently vehement?

      It's likely because they would not compromise the security of their products for the US in the manner that US TLAs demanded.

      As a US citizen I feel safer using products that *I know* are back-doored by the Chinese or Russians than I do using products possibly back-doored by US TLAs.

      Strat

  • by WolfgangVL ( 3494585 ) on Wednesday February 14, 2018 @05:13PM (#56125059)

    FBI, CIA, NSA: Encryption bad! Spying good! Privacy bad!

    They almost got it right. I'll fix it.

    "We're deeply concerned about the risks of allowing any company or entity that is beholden to ANY government, as NONE OF THEM share our values, to gain positions of power inside our telecommunications networks," FBI Director Chris Wray should have testified. "That provides the capacity to exert pressure or control over our telecommunications infrastructure," Wray should have said. "It provides the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage that is currently only OK for Uncle Sam and his secret courts"

  • "We cannot spy on you as easily if you use Chinese Phones".

  • First: Start making these devices in the USA, then I might buy one. As a a member of the manufacturing sector, location of production matters to me. I don't care about where the engineers work, that doesn't help me at all. As far as I'm concerned "designed in Cupertino" or whatnot has precisely zero value to me. Heck, I'd rather see "designed in Zhensong, made in USA" on the packaging. I don't see these engineers clamoring to bring manufacturing back to the USA, so why should I care about the plight of
  • I read "they have unbreakable encryption and the foreign company behind them isn't easy to coerce into letting us have our way".

  • The summary talks about advising Americans against using Huawei phones, but then quotes telecommunications infrastructure. These are two very different applications with very different risk profiles.

    For the average American an American made device likely poses a higher risk than that made under the influence of a foreign power.
    For a nation's infrastructure the influence of a foreign actor posts a higher risk than in-sourcing as much as possible. And that would make America consistent with other countries. A

    • The summary talks about advising Americans against using Huawei phones, but then quotes telecommunications infrastructure. These are two very different applications with very different risk profiles.

      You cannot imagine a situation where 1,000,000 users of Huawei phones could result in an impact on the telecom infrastructure?

      Can you easily differentiate the millions of users with Nest thermostats, internet controlled lighting, etc, from a potential botnet using IoT devices? Are the users part of the problem or are they a completely different application with a very different risk profile?

      • You cannot imagine a situation where 1,000,000 users of Huawei phones could result in an impact on the telecom infrastructure?

        I can. And I can also imagine a situation where if you control the telecom infrastructure that you can manage this. However if you don't control the infrastructure then you're well and truly up shit creek.

        Can you easily differentiate the millions of users with Nest thermostats, internet controlled lighting, etc, from a potential botnet using IoT devices?

        If they are doing something abnormal that is screwing with the infrastructure then yes you can differentiate them. Infrastructure has quality of service built in on many different levels. Worst case scenario from a terminal perspective is a very localised denial of service through the pollution of spectrum

  • "We're deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power ..."

  • Almost all the chips and the internet of things can be made into spyware. So essentially we need to ban all Chinese made chips and software and routers and devices ...
  • ... don't give contractors and entry-level peeps the keys to the fucking gate re: Manning, Snowden, Winter, et al.

  • ... no one should use products or services from Microsoft, Apple, Intel, Google, Facebook, ...

    This recommendation smacks of good old protectionism, and if the US want to play it that way I'm sure other countries will follow suit.

  • The irony here. The FBI would love to have a backdoor to encryption on Apple devices - and keeps pressuring them to do it.

    But watch out for those Chinese guys. We can't trust them.

  • Lev Andropov: "Components? American components, Russian components, ALL MADE IN TAIWAN!"

    Uh, they do know that all phones, not just Huawei are made in China right? If they are determined to install malicious stuff they have the physical contact to enable them to do so presumably to any brand of phone. Unless of course someone from Apple or others do deep inspection audits of the phones when they arrive in America... (no they are not)

An adequate bootstrap is a contradiction in terms.

Working...