Just at this time I came across an interesting discussion proposed by a colleague on the possible presence of a backdoor in the devices of Huawei company. The news in itself is terrifying, even if it is discussed for years. The presence of a backdoor once again raises the issue of qualification of the hardware, especially if the same is an integral part of a country of critical structures such as communication systems.
Huawei (Officially Huawei Technologies Co. Ltd.) is a Chinese multinational networking and telecommunications equipment and services company. It is the second-largest supplier of mobile telecommunications infrastructure equipment in the world (after Ericsson).
The company actually provides a strategic equipment to the major nations of the world and holds relationships with leading global technological providers. The news is very strong and if it should be confirmed could lead to unimaginable consequences.
Having control of all equipment provided to give the company a position of unprecedented control, the dream of managing the communications world, the expression of absolute power which all governments aspire.
The Chinese company has always been a disputed too close to the Chinese government policy and the Chinese People’s Liberation Army. Do not forget that the government of the Rising Sun has always been accused of meddling in the private choices of the national companies, we can imagine the interference in the circumstances. Many point to the company as under a fully government control, pointing out that Ren Zhengfei, the founder of the company, served as an engineer in the Chinese People’s Liberation Army in the early 1980s.
The Chinese company has received numerous allegations in the past, to name a few we think of its proximity to the government and the company has provided support in the implementation of systems of censorship. Also at Huawei has been questioned in the past have supported numerous operations of cyber espionage and cyber attacks such as the operation GhostNet.
To demonstrate the the company is aware of the problem related the hardware qualification in December 2010, Huawei opened a Cyber Security Evaluation Centre where its hardware and software solutions will be tested to ensure their ability to withstand growing cyber security threats. The debate all over the world is really hot, in India for example many exponents are furiour regarding the possible scenario.
How is possible to hide a backdoor inside widely spreaded devices without that any organizzations has been able to prove it? Paranoia or reality? It is almost impossible to know about backdoors, infact nobody will be insane enough to provide the equipment to a customer with a firmware that has backdoors.
So how is possible that hardware provided might be affected by a backdoor? Different as fanciful hypotheses on the subject.
The ability to upgrade firmware present in devices posthumously or the replacement of some components following years. In this way it is possible to avoid all that control that usually are planned for new hardware.
Back in 2005 it is already happened when a Homeland Security official admitted to the threat of destructive coding being embedded in imported software and hardware.
This means that before buying a device would be desirable to have all the code that in hosted in its memory and also the ability to analyze all the source code that will be used for future patch release. But is it really possible? Obviously not if not for very small areas as the military. No vendor ever make public the sources of their firmaware for obvious reasons. So how to procede? Put under close monitoring all communications in which the hardware is involved, using for example sophisticated packet filtering. This process in reality, even if technologically feasible, is never realized.
If Huawei had hidden some backdoor code in its routers it is high probability that someone across the globe would have detected rogue packets being beamed around. Some have raised the possibility that backdoor code could lie dormant in Huawei’s device ready to awake to furtively steals network information and carry out them.
In December 2011, Bloomberg reported that The U.S. is invoking Cold War-era national-security powers to force telecommunication companies to divulge confidential information about their networks. China and other countries may benefit of this decision to introduce built-in spying capabilities in U.S. networks.
The main problem is that in my opinion, regarding critical infrestruttures we can not rely, for safety reasons, to companies too close a government to which you gather too many shadows. My opinion is clear “You can’t trust code that you did not totally create yourself “.
Regarding the Huawei case, I personally think that the world, nations and individuals are motivated by mere self-interest, and in this case we are dealing with a company, Huawei, which would be risking billions of dollars by introducing a backdoor in its devices.
I believe the hypothesis is fanciful unlikely in the light of all the inability to prove the existence of a backdoor.
It ‘sad to say but I fear that disclosure of this information and of this allegations are aimed at undermining the image of a company that in a few decades has remained a leader in throwing out big names in which they had invested many governments, this possibility that the Chinese government did not allow for his companies.
We consider that the presence of a backdoor could gorge beyond the government also crime. Possible uses are varied, from espionage to the commissioning of a botnet that could hold enormous potential, to use to blackmail every kind of organization.
Personally I’m more worried about the hardware that is destinated for a large consume and therefore can not for obvious reasons, be subjected to strict controls. Units of cars, home automation systems, control units for anti-theft devices, network devices for domestic and small business. In these areas, it is relatively easy to infiltrate modified hardware, simply drill a discounted cost. For consumer goods the customs are not equipped for the validation of hardware and we consider that similar devices may also be edited once they arrive at the distributions. The chain is objectively difficult to control.
Pierluigi Paganini