A Blog by Jonathan Low

 

Jun 1, 2018

Are Huawei and ZTE A Real Cybersecurity Threat?

The technological capability exists.

And given the Chinese government's dominance of the companies operating under its aegis and its aggressive stance towards the US and Europe, why would any enterprise be less than vigilant? JL


Stu Woo reports in the Wall Street Journal:

Is the threat real? Telecommunications cybersecurity experts say yes—with caveats. “Could they have the capability that’s tapping into a call or recording a call?”Absolutely. They own that software.” Mobile phones could turn into weapons that could cripple a cellular network.“When you’re dealing with millions of lines of code, there’s always going to be a vulnerability. A piece of code could look legitimate, but it could be a back door."
The U.S. government’s remarkable campaign against Huawei Technologies Co. and ZTE Corp. , which has involved a series of actions aimed at limiting the Chinese manufacturers’ business in the U.S. and elsewhere, is rooted in a cybersecurity fear.
Huawei and ZTE are the world’s No. 1 and No. 4 makers of telecommunications equipment, such as the cellular-tower electronics that wireless carriers need. Washington worries that the Chinese government could order the companies to tap the products they make to spy, disable communications or launch other cyberattacks. Among other steps, the Trump administration has banned U.S. suppliers from selling components to ZTE, a move that could shut down the company, though U.S. and Chinese officials are negotiating a reprieve for ZTE.
Huawei and ZTE say the concerns about them are unfounded. But is the threat real?
Telecommunications cybersecurity experts say yes—with caveats. A manufacturer could easily disable telecom equipment that it made, but using the equipment to spy would be difficult. And any incursion would be quickly detected and would work only once.
How systems work
To better understand the risks, and their limitations, first consider how mobile-phone calls work. Suppose someone in Seattle uses a cellphone to call someone in Miami. After the caller dials, the phone connects to a nearby cellular tower. That tower is connected to wires, which are connected to a giant network of wires across America that zap the call to a cellular tower near the person in Miami. Then the tower will beam the call to that person’s phone.
Huawei and ZTE, along with Finland’s Nokia Corp. NOK 0.90% and Sweden’s Ericsson ERIC -0.69% AB, are four major manufacturers of cellular-tower equipment. Typically, antennas on the tower are connected by wires to electronics in a shed at the tower’s base. Those electronics are basically computers with complex software that zap a call (or Google search or whatever people do on their mobile phones that use the internet) to the correct destination.
Not only do the electronics run on software with possibly millions of lines of code, but it is frequently updated by the manufacturer remotely, experts say. That makes it nearly impossible for a wireless carrier or a government to detect whether there is a “back door” that could allow the manufacturer to remotely switch off a tower’s electronics, or send data to somewhere it shouldn’t go.
“When you’re dealing with millions of lines of code, there’s always going to be a vulnerability,” says Darien Huss, a researcher at Sunnyvale, Calif.-based cybersecurity firm Proofpoint Inc. “A piece of code could look legitimate, but it could be a back door. There are a lot of ways to hide it.”
Inserting a back door that would allow a manufacturer to remotely shut off cellular-tower electronics, or all the related equipment, would be easy—and potentially devastating. Studies show it takes about five days to recover from an infrastructure cyberattack, says Simon Church, a general manager at Denver-based cybersecurity firm Optiv Security Inc. and a former security executive at Vodafone Group PLC, the British-based wireless carrier.
The doomsday scenario is turning off network communications,” Mr. Church says. “You turn off traffic lights—that’s five days. You turn off the subway system—that’s five days.”
It would be much more difficult for a telecom-equipment manufacturer to spy. Most wireless carriers use sophisticated software that can automatically detect anomalous behavior, such as equipment that sends data to unexpected places. In addition, some organizations, such as the U.S. military, heavily encrypt their communications, so anyone who intercepts that data might find it indecipherable anyway.
Insider needed
“Getting data would be nearly impossible without a cooperating insider,” says David Mihelcic, a former Defense Department cybersecurity expert who is now federal chief technology and strategy officer for Juniper Networks Inc., which is based in Sunnyvale, Calif., and competes with Huawei and ZTE in the telecom-equipment market.
Given the sophisticated monitoring systems that wireless carriers and internet providers use, any cyberattack from a manufacturer that involves shutting down electronics or spying would be quickly detected, Mr. Mihelcic says. A wireless carrier could then patch the software on the equipment, to remove the back door. “Those are one-time weapons, and there would be political fallout, and maybe military fallout,” he says.
In addition to telecom equipment, Washington also fears that Huawei and ZTE, which are also major smartphone manufacturers, could spy using those devices. That was the rationale behind the Pentagon ordering retail stores on military bases to stop selling Huawei and ZTE phones to troops who wanted to use them as personal phones. U.S. military leaders worried that smartphone manufacturers could, for example, track soldiers and decipher base operations, or see when soldiers attend off-base gatherings, according to people familiar with the matter.
Tapping into a smartphone is easier than infiltrating telecom equipment, which is in a secured and closed environment, experts say. Smartphone manufacturers own and frequently update the core software on their devices. “Could they have the capability that’s tapping into a call or recording a call?” says Kevin Riley, chief technology officer of Ribbon Communications Inc., a telecommunications-focused cybersecurity firm based in Westford, Mass. “Absolutely. They own that software.”
Evading detection
While a wireless carrier could easily detect whether a smartphone manufacturer is tapping every call and sending data to somewhere it shouldn’t go, it would be much harder to detect if the manufacturer only occasionally tapped a call, Mr. Riley says.
The other cybersecurity threat that mobile phones present is their manufacturer could turn them into weapons that could cripple a cellular network.
As Mr. Riley says, “You can weaponize a handset and turn it into a bot that generates a lot of traffic, so the cellular-tower equipment becomes massively congested.”

0 comments:

Post a Comment