US Reportedly Gave Allies Evidence of Huawei Backdoors

· Andrew Orr · Link

Although the U.S. hasn’t shared it publicly, it claims to have found actual evidence of Huawei backdoors.

The United States has long claimed that Huawei can secretly access networks through the networking gear it sells to telcos, but the goverment previously argued that it doesn’t need to show any proof. US officials still are not providing such evidence publicly but have begun sharing their intelligence with other countries.

The best part is that, according to The Wall Street Journal, the origin of this report, these backdoors were intentionally put into place for law enforcement. And yet, the DoJ wants Apple to put backdoors in iOS that they swear can only be accessed by law enforcement, and definitely not foreign state hacking groups.

Huawei Equipment Backdoor Found in HiSilicon Chips

· Andrew Orr · Link

Hardware researcher Vladislav Yarmak found a Huawei equipment backdoor used in video recorders and security cameras.

To be clear, this security vulnerability is said to be present in the software HiSilicon provides with its system-on-chips to customers. These components, backdoor and all, are then used by an untold number of manufacturers in network-connected recorders and cameras.

It’s not a major threat, or anything people need to fret about, it’s just another indicator of Huawei’s piss-poor approach to security.

AKA do not let Huawei build your 5G infrastructure.

Ruby 11 Libraries Found to Contain Backdoors

· Andrew Orr · News

The RubyGems package repository removed 18 backdoors from Ruby 11 software libraries meant to launch secret cryptocurrency mining.

William Barr Wants You to Accept Encryption Backdoor Security Risks

· Andrew Orr · News

U.S. Attorney General William Barr suggested that Americans should just accept encryption backdoor security risks (via TechCrunch). Encryption Backdoor Risks In a speech today, William Barr called on tech companies to help the federal government to access devices with a lawful order. In other words, ignore the security risks and put a backdoor into their…

Vodafone Denies Huawei Italy ‘Backdoor’

· Andrew Orr · Link

A report from Bloomberg says software flaws found in Vodafone’s Huawei equipment back in 2011-2012 were backdoors. Vodafone, while admitting that the equipment did have security flaws, denies that Huawei could have used them as such.

The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012. The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet. Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorised access to the carrier’s fixed-line network in Italy’.

The BBC article is worth the read. Also keep in mind that this isn’t the first time Bloomberg has reported on alleged backdoors by a Chinese company. They provided no evidence the first time and so far have refused to issue a retraction.