Tuesday, November 26, 2019

Links - 26th November 2019 (2) (China's "Peaceful" Rise - Huawei)

Huawei North Korea ties revealed in Washington Post report - "Huawei secretly helped build North Korea's cell phone network, potentially in violation of sanctions aimed at pressuring the regime to stop developing nuclear weapons... the US government added Huawei to a trade blacklist, saying it had reason to believe that Huawei had been involved in activities contrary to the national security or foreign policy interests of the United States. The blacklist prevents US companies from selling tech and supplies to Huawei.Washington has long suspected Huawei of skirting US sanctions on certain countries. In January, the Department of Justice charged Huawei with violating sanctions on Iran, stating in court documents that the company had been under investigation for violating US export laws since at least 2007. Huawei has pleaded not guilty. "

Huawei staff CVs reveal alleged links to Chinese intelligence agencies - "Huawei staff admitted to having worked with Chinese intelligence agencies in a “mass trove” of employment records leaked online... The CVs of the Huawei employees appear to show “far closer links” between the telecommunications company and military-backed cyber agencies than previously thought, a think tank has warned.According to the study, the employment files suggest that some Huawei staff have also worked as agents within China’s Ministry of State Security; worked on joint projects with the Chinese People’s Liberation Army (PLA); were educated at China’s leading military academy; and had been employed with a military unit linked to a cyber attack on US corporations.The analysis of the CVs found 11 Huawei staff had graduated from the PLA’s Information Engineering University, a military academy reputed to be China’s centre for “information warfare research”... “What is surprising about all this is that anyone should find it surprising.  Intelligence services always want, and often get, help from telecommunications companies.  The same is surely the case in the US or Europe.  The differences are two: the Chinese Communist Party can make demands without restraint, and they can do so without any accountability.”"

Google has blocked Huawei from using Android in any new phones - "The impact: Huawei is the second biggest smartphone maker in the world, and losing access to the Android operating system could jeopardize its smartphone business beyond China (where most Google mobile apps are banned anyway). Being blacklisted makes it very difficult for Huawei to do business with US firms, although it says it has prepared for this eventuality.
Chip supply chains: Arguably, a bigger problem for Huawei may be the loss of access to US-made chips. Chipmakers Intel, Qualcomm, Xilinx, and Broadcom have told their employees they won’t sell software and components to Huawei until further notice"
"basically China prohibits a multitude of American companies to do business inside China then claims that it’s not fair for US to ban a Chinese company from doing business inside US."

Indulekshmi on Twitter - "Thread. As a data privacy lawyer, I don’t trust Huawei, ZTE or other Chinese tech companies. Is that rational? Maybe, maybe not. But what we are seeing is not about Huawei, but proof that China actually can’t have its cake and eat it. What do I mean?...
Intelligence can be collected many ways but this active control can only be exerted by controlling or threatening the big tech companies. So we *know* that the big Chinese tech companies have weird problematic relationships with the govt. we also know that these relationships aren’t just normal regulatory oversight relationships but also likely shady because the company heads have close ties with CCP and will likely do things to curry favor with them. All fine when all they were doing was playing in China. now those companies who have cozied up to the Chinese govt are finding out that their cozy relationship isn’t seen so positively outside, again because of China’s active control and apparent threat to the world. This is China’s fault. China can’t have it all - they can either control their own people or they can let their (tech) companies compete on a global scale. So long as Chinese leadership reacts to threats to their power like a toddler guarding its toy in a daycare, it can never have any soft power. and by extension their companies will be seen as simply the Chinese govt in a private shell. Again, this is all the fault of the Chinese government for cultivating such a problematic relationship with their entrepreneurs."

Why American credit card companies can't break into China - "Beijing has repeatedly signaled it will open up foreign access to its credit card market, and in 2017 it opened the door for American card companies to apply for licenses.But those applications are still under government review, and there's scant insight on when, or if, they'll be pushed along, especially amid the broader trade war with the United States.Meanwhile, state-controlled China UnionPay has solidified its hold on the bank card industry. And mobile payments have skyrocketed, dominated by services from rival powerhouses Tencent and Alibaba."Visa and Mastercard might have had a shot if they got in, in a real way, 10 or 15 years ago," Sandler O'Neill analyst Christopher Donat said. "But it feels to me like the window is closing for them."The struggle is emblematic of what many Western companies must contend with when trying to break into the world's second-largest economy. Government regulation is often opaque and the state itself in many cases backs Chinese companies in the same industry"...  When China joined the World Trade Organization in 2001, it indicated that it would remove restrictions on foreign payment processors by 2006.But that deadline came and went. In 2010, the United States filed a WTO case against China over its treatment of US card companies.It won the case two years later. Still, China continued to drag its feet. "

Huawei's Android loss: How it affects you - "the core operating system is an open source project. Any manufacturer can modify it and install it on their devices without having to get permission. But in practice, all the major vendors rely on a lot of support from Google. In addition, Google controls access to several add-on bits of software, including:
    the Play app store
    its own apps
    the Google Assistant virtual helper
    the Gmail email service
    tools that allow third-party services access to certain functions...
Google gives Android device-makers the code for its software fixes about one month before it reveals details to the public about the vulnerabilities involved.This gives manufacturers time to check the patches do not cause problems for their own proprietary software, and then to package up a customised version of the fixes as a download.Huawei will now only learn of the patches on the same day they are released to the Android Open Source Project (AOSP), meaning there will be a lag before it can distribute them. That could theoretically result in a situation in which a serious flaw is revealed and Huawei's devices remain exposed for several days or weeks... Google prevents its own apps being installed on uncertified devices.Furthermore, losing access to GMS also means that third-party developers would not be able to tap into Google's application programming interfaces (APIs) on new devices.The consequences would be that their apps could lose some functions. "Let's say an app wants to send a notification to your device," Mishaal Rahman, editor-in-chief of the news site XDA-developers.com, explained to the BBC."There's a really, really good chance that it's using Google Play Services for its push notification service. So any apps - even Twitter - could stop working with push notifications."... it would also face a marketing nightmare."Android is actually a brand, and in order to use it your software must [be certified]," he explained."So, even if Huawei continues to sell devices using the open source code, it cannot legally call its devices Android.""

Update: New Huawei P30 Pro found to be queryi... - "A brand new Huawei P30 Pro smartphone has been found to be sending queries and possibly data to Chinese government servers, without the user having signed up for any Huawei services, reported OCWorkbench.The Facebook page ExploitWareLabs at 5:32 p.m. on Sunday uploaded a post which included a list of DNS (Domain Name System) queries being delivered behind the scenes from a new Huawei P30 Pro. A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server.In layman's terms, it means the phone could potentially be automatically transferring user data back to cloud servers run by the Chinese government, unbeknownst to the device's owner. The list of DNS addresses includes beian.gov.cn, which was registered by Alibaba Cloud and managed by China's Ministry of Public Security, according to Whois.com. Another frequently listed request was sent to china.com.cn, which was registered by EJEE Group and operated by China's state-run mouthpiece the China Internet Information Center, according to Whois.com.According to ExploitWareLabs, all of these queries were sent to Chinese government-run servers despite the fact that the user had not configured the phone for any Huawei services, such as Huawei ID or any Hi services... One Facebook user also described their experience buying in house video cameras made in China for security, only later to find that they had been sending data to a location in Beijing. "Take care and consider it carefully when buying China-Made electronic products," wrote the user."
Yet China lovers claim it's all a conspiracy to hobble China's lead in 5G

CIA Offers Proof Huawei Has Been Funded By China's Military And Intelligence - "Huawei has taken money from the People’s Liberation Army, China’s National Security Commission and a third branch of the Chinese state intelligence network"

Vodafone Found Hidden Backdoors in Huawei Equipment - "Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China’s global technology prowess... Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said... Vodafone said Huawei then refused to fully remove the backdoor, citing a manufacturing requirement"

Huawei exec shocks the world: Hongmeng is not an Android alternative - "Liang Hua said at a Friday press conference in Shenzhen that the Hongmeng OS was developed for IoT devices, and not smartphones. When it comes to phones, Huawei prefers Android. If that is really the case, Huawei not only does not have a plan B, even though we were lead to believe that, but the future of its smartphone business is in real danger."
So much for that

BBC Radio 4 - Best of Today, Thursday's business with Dominic O'Connell - "‘They're making bold statements saying, first of all, they have no connection to the Chinese government. But that is quite carefully framed around, you know, there's no one with an official position and there's no ownership’
‘And they talk about Huawei USA don’t they? They don't try and draw too much about the parent company back in China.’...
‘The writ is saying that there is a law which effectively shuts Huawei and one other supplier out of government contracts, very valuable for government contracts in the US, it's saying that's unconstitutional, because it is specifically targeting an individual. And then we get these colorful, harking back to the original framers of the US Constitution. It's clear that the lawyers who wrote this had a good time.’"

Former Nortel exec warns against working with Huawei - "Canadian companies should not work with Chinese telecommunications giant Huawei, a former security adviser at Nortel warns.Brian Shields, who was the senior systems security adviser at failed Canadian telecommunications company Nortel, says working with Huawei is too big a risk. Shields alleges Huawei spent years hacking into Nortel's system and stealing information so it could compete with Nortel on world markets."These kind of things are not done by just average hackers. I believe these are nation-state [kinds] of activity""
blog comments powered by Disqus