A little pain to Huawei

Yes, there is finally a moment where we need to ask Huawei questions. Bloomberg reported (at https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment) that backdoors have been found. More accurately: “Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show“, yet knowing the track record of Vodafone, that is not the whole story. Is there an issue? Seemingly not, as the headline gives us: ‘While the carrier says the issues found in 2011 and 2012 were resolved at the time‘, so an issue found 7 years ago was resolved at the time. Is that issue there now? Bloomberg does not really give us that do they? It gets to be a larger issue of what is seemingly called reporting when we see the ZDNet report from 2017 (5 years after the Bloomberg reported issue: “Thousands of routers, many of which belong to AT&T U-verse customers, can be easily and remotely hacked through several critical security vulnerabilities“. that as well as: “Among the vulnerabilities are hardcoded credentials, which can allow “root” remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem’s menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network’s setup, such as rerouting internet traffic to a malicious server“, these are much larger issues and were they resolved? We would think yes, but the article did not give us that. They did give us: “The report said Arris NVG589 and NVG599 modems with the latest 9.2.2 firmware are affected, but it’s not clear who’s responsible for the bugs“. The small fact that this constituted 5 flaws as well as a reported statement of: ‘the vulnerabilities are not limited to the hard-coded credentials flaw‘ give rise to a whole range of issues. So even as we might think that this one flaw is a stitch in the high regard for Huawei, the fact that an American solution has well over 500% the amount of vulnerabilities and as stated on several levels give rise to the reliability of Huawei. Moreover, the length of the issue is also a given at times as well as the need for better 5G equipment. Yet in all this, how much actual damage has either caused, Bloomberg was willing not to disclose that either. Yet Huawei is not out of the woods yet. The article gives us ‘further testing revealed that the security vulnerabilities remained, the documents show‘ and that is indeed a larger problem, yet these documents were from 2012, when was it actually resolved? The fact that we do not see that it was never ‘not resolved’ implies that it was, in addition, the 2012 issues in Italy were resolved that year. Then there is the quote ‘it couldn’t find evidence of historical vulnerabilities in routers or broadband network gateways beyond Italy‘ making it a localised temporary issue.

In all this Huawei has an issue to deal with and even as we see the lack of comparison flaws (I added the AT&T issue so you can be aware), the unbalanced reporting, as well as the clarity that there is to some extent an issue remains. The fact that the huge AT&T disaster was never called to answer questions might be equally a consideration to make. All computers and most software have bugs and security flaws. When I looked this morning, I found a list of 845 vulnerabilities in Windows 10, some of them critical. So when we compare these issues, we should consider that your Huawei router is not the largest problem and that is merely the beginning of the issue. Historically speaking, from 1999 we see that Windows have had 113,811 vulnerabilities; 4911 vulnerabilities regarding the ability to gain privileges, 10377 on getting information and 6001 on bypassing options. So in all we need to consider that your choice of Windows is a much bigger concern than your Router is, if the Chinese government wants to get access to your data they merely need to wait for you to switch on your windows machine, there are plenty of options to get to the stuff no matter which router you buy and if you got the Arris NVG589 or NVG599 modem it would have seemingly been easy as pie to just copy whatever you had, so in the end can you see that the entire Huawei mess is merely an American mess to project the notion that you should not buy Chinese, but consider the optionally more flawed American solutions?

And whilst I got to AT&T, the news (three days ago) was ‘AT&T claims title as first U.S. carrier to hit 2Gbps on 5G network‘, yet when we consider the quote by VentureBeat: “It’s great in the abstract that some businesses in Atlanta may be able to get 2Gbps speeds on a 5G device regular consumers can’t buy. But what really matters is the actual speed normal 5G users across multiple cities will see on actual consumer devices. Verizon has provided a sub-1Gbps sense of what to expect, but AT&T hasn’t.

We see that what is regarded as reliable in America is a bit of a stretch at some point, for the most I was most disappointed with is the fact that the Bloomberg article should be regarded as an attack on Huawei whilst there is no comparison given as to how that flaw related to the flaws others had, more important the fact that there were larger flaws from others much more recent is a missed part. Still Bloomberg did raise a really valid point on a flaw that Huawei seemingly has, with the perception that the news could have been given in 450 words, the rest was a lot of smoke around an issue that dwarves against some of the other issues, issues where there is actual fire, not merely smoke.

But that is merely my $0.02 on the situation.

 

Advertisements

Leave a comment

Filed under Finance, IT, Media, Science

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.