dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
772

ashrc4
Premium Member
join:2009-02-06
australia

ashrc4

Premium Member

Huawei offers unrestricted access to software code

Huawei fights back over Australia ban.
»www.abc.net.au/news/2012 ··· /4331732

Huawei seeks to counter security concerns
»www.computerworld.com.au ··· oncerns/

»news.smh.com.au/breaking ··· 4ww.html

There has been some controversy about whether Australia and US should allow Huawei to be able to place their hardware/software in critical infrastructure but after reading what their willing to do in OZ perhaps those fears are now worth reconsidering.

Would have posted in the applicable thread but it's now off-limits.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by ashrc4:

... There has been some controversy about whether Australia and US should allow Huawei to be able to place their hardware/software in critical infrastructure but after reading what their willing to do in OZ perhaps those fears are now worth reconsidering. ...

Perhaps. But it will take more than lobbying and profession of honesty to begin convincing national security agencies. Truly clever embedded hardware/firmware backdoors can be triggered by ordinary-looking combinations of obscure software commands that would never, of themselves, trigger any concern during source-code or end-equipment examination. The only thing that might be convincing is full disclosure of hardware chip design, firmware documentation, software source code, end-equipment design, and on-going proofing that what is supposed to be inside the chips and software is what is actually in them. I question if that's what's being offered...
»news.smh.com.au/breaking ··· 4ww.html
quote:
...
"Huawei would never allow any third party, be it a country or individual or anyone else, to interfere with our equipment for an illegal purpose," Mr Lord said.
...
"Good cyber security is good business."
...
"Huawei is willing to offer complete and unrestricted access to our software source code and equipment," the retired Australian navy rear admiral said, asking other vendors to do the same. He said that in the long term there should be an internationally agreed standard for cyber security.
...
Huawei has been working on improving its image by lobbying MPs, government and shadow ministers...

StuartMW
Premium Member
join:2000-08-06

3 edits

StuartMW to ashrc4

Premium Member

to ashrc4
My first thought is that having access to source code doesn't mean that much. These days firmware/software can be updated very quickly and you don't even need physical access to the device. In short what maybe good today maybe uncompromisable tomorrow.

Not sure how many here have ever needed (and I have numerous times) to validate source code against binary image(s) but it is not trivial. Sometimes it is also next to impossible unless you use the exact environment (compiler/linker versions/options etc) that were used in the first place.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 recommendation

jaykaykay to ashrc4

MVM

to ashrc4
"profession of honesty" Considering the country where Huawei is located, my thought is that we have a huge oxymoron here!

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD to StuartMW

Premium Member

to StuartMW
said by StuartMW:

My first thought is that having access to source code doesn't mean that much. These days firmware/software can be updated very quickly and you don't even need physical access to the device. In short what maybe good today maybe uncompromisable tomorrow.

Not sure how many here have ever needed (and I have numerous times) to validate source code against binary image(s) but it is not trivial. Sometimes it is also next to impossible unless you use the exact environment (compiler/linker versions/options etc) that were used in the first place.

you can always compile your own code...
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs

Premium Member

said by AVD:

you can always compile your own code...

So what if you can compile the source?
Ever hear of FPGA's?

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to ashrc4

Premium Member

to ashrc4
See also: (links are not current)
»60 Minutes: Huawei probed for security, espionage risk

xyzzy
@verizon.net

xyzzy to MaynardKrebs

Anon

to MaynardKrebs
Yes, and their programming can be compiled too. Ever hear of VHDL?