Tag Archives: VxWorks

Rocking the bullshit

There has been a massive issue with Huawei, the accusations by the US is the largest one, one of its sheep (aka Australia) has been on the same post on how Huawei is such a large danger to the safety and security of a nation. It gets ‘worse’ when we see ‘The DNC tells Democrats not to buy Huawei or ZTE devices ever’, (at https://www.theverge.com/2018/8/3/17649920/dnc-democrats-huawei-zte-devices-ban-china-hacking-threat). Here we see the quote “people shouldn’t be using devices from either Chinese company for work or personal use. The words echo what federal officials have already said about Huawei and ZTE posing possible security threats to the US. In February, CIA, NSA, and FBI chiefs testified in front of a Senate committee that the two companies were beholden to the Chinese government and the devices could become tools for undetected espionage“, my issue has always been: ‘show me the evidence!’ Basically EVERY phone can be used as a spying device, that is one clear thing we got out of the Cambridge Analytica part, in addition, the Fitness tracking app Strava was a great way to find CIA black ops bases, so even as Strava merely mapped ‘a regular jogging route’, using Google or Apple maps, you would be able to map out the base, the supply routes and so on, the Apple Fitbit would be there for the Russian government knowing where these specialists were and when the were there. So in all that, and all the security transgressions seen here, not of the were Huawei or ZTE, yet, how much noise have you heard from the CIA, NSA, or FBI on Apple? Even now, they are that one Trillion dollar company, are they too big to mention?

I wonder why?

Yet, Huawei is not out of the hot water yet, they are actually in deeper hot waters now but this time it is allegedly by their own actions. Reuters is giving u mere hours ago: ‘Huawei in British spotlight over use of U.S. firm’s software’, the news (at https://www.reuters.com/article/huawei-security-britain-usa/huawei-in-british-spotlight-over-use-of-us-firms-software-idUSL5N1US343) gives us: “One of those is due to Huawei’s use of the VxWorks operating system, which is made by California-based Wind River Systems, said three people with knowledge of the matter, all of whom spoke on condition of anonymity when discussing details which were not made public in the report“, which now leads me to the setting that the American accusations are set on the premise of American Software used? How dopey is that?

Then we get: “the version of VxWorks being used by Huawei will stop receiving security patches and updates from Wind River in 2020, even though some of the products it is embedded in will still be in service“. In all this, the fact that it is still serviced for another 2 years, how are we now in the stage of: “potentially leaving British telecoms networks vulnerable to attack“? Is that not equally a questioning setting? Do we not have enough issues out there with Microsoft which has been nearly forever a security concerns, at this point, 2 years early we get the security warning on Huawei, yet not on Microsoft or Apple for that matter, in all this Google is equally a place of patches, and in all this, Huawei is the one getting unbalanced and unfairly burned at the stake like a Catholic at an Elisabeth I barbecue gathering.

Yet the good stuff is “All three sources said there was no indication that the VxWorks mismatch was deliberate. There is also no suggestion that the software itself represents a security risk“, this now leads us to two parts. The first is if it is true that ‘no suggestion that the software itself represents a security risk‘, does this mean that Huawei never had a security risk and if that is incorrect, why not present that evidence so that every Huawei Owner can test for this transgressions ending whatever future Huawei had in the first place.

In the second part, if there is no proven security flaw in the Huawei on hardware, is the security flaw a software one, or better stated an American software one, and if so, why are these people only going after Huawei and not after a dozen American firms?

The one part that we see in Channel News Asia is “Consultant Edward Amoroso, a former chief security officer at AT&T, said Huawei’s experience in Britain showed the challenges of securing international supply chains. Although no one should dismiss Huawei as a supplier solely because of its geographical location, reliance on software that is going out of support is a legitimate concern, Amoroso said“, the news (at https://www.channelnewsasia.com/news/business/huawei-in-british-spotlight-over-use-of-us-firm-s-software-10590268) gives the part that does matter, in this Edward Amoroso is right, software at the end of its reign is often the true safety concern, not merely because of the time frame, but in extent the time required to properly update the software on all the devices, which is not always a smooth path and tends to open up additional security gaps. In that part of the equation Huawei does have a legitimate problem to address. The second part to all that is “In addition to the issue with VxWorks, this year’s report also cited technical issues which limited security researchers’ ability to check internal product code“, I believe it to be a minor part and the proper investigators could seek or test for the issues, not merely that, the limitations also remove whatever options there are for zero day breaches, which has a much larger legal frame to address. So even as we agree that the US setting of accusation without evidence (proper presented evidence is merely the stuff that makes the grass grow in Texas). We also get that the US is giving us: “In the United States, the Pentagon is working on a “do not buy” list to block vendors who use software code originating from Russia and China“, there is an actual thing called national security and as such, it is their right to implement that part, I do believe that in the end it might be somewhat counterproductive, but it is still within their rights to be in such a setting nor no other reasons.

In the end there are a few issues in the field and some are out there, but with a lack of technical details, some cannot be proven, yet the fact of what some have done in the past might give the setting of ‘is it more likely than not that some do not really have 5G‘ is a true setting, yet I prefer to have the actual evidence, that some are trying to keep buried, and the media is part of that chase, which is odd to say the least. Huawei is bouncing back and forth and their hold to grow fast via the UK will be there, but from my point of view, they will need to fix the VxWorks part a lot faster than they think they need. From my estimation a new software solution should be well beyond the Beta stage in Q1 2019 if they want to have any chance of keeping their lucrative growth contracts in place. In equal measure we need to look at Canada and Australia, as they are currently set to be nothing more than US tools in all this. In all respects no actual and factual evidence was thrown out in the open. If that was done Huawei would have lost pretty much every non-Chinese contract, the fact that the BS is spread even larger with absence of evidence gives more reliability that there is no real security danger and it is more a tool for some to get the slice of 5G pie, probably at the expense of a monthly data dump, nicely mailed via UPS to: N 11600 W, Saratoga Springs, UT 84045, USA. That alone should give us the goods on who to trust and who to be cautious of. In all this, no evidence has been presented to the public (and their right to know) on how Huawei is a threat to our security. The fact that I believe that this is all bogus in one thing, the issues seems to be blown up as everyone takes a queue from John Bolton, that whilst the setting “Five Eyes is an alliance between Canada, New Zealand, the United States, Australia, and the United Kingdom that facilitates collaboration in intelligence activities” gives us that there are three in the dark, the UK might be around with the knowledge and the rest merely takes a queue form the US, which has seemingly been whispering like they did in the WMD in Iraq phase, you do remember that in the end, they were never found and it was merely bad intel. So in that setting whilst Corporate America, Canada and Australia are all in fear of their gap against leading Huawei, in that setting we are supposed to have faith on the American gospel on what constitutes a danger from Huawei? And now that we are made aware that the software solution used is an American one?

Yup, we have all kinds of problems and some are valid issues of concern as Edward Amoroso phrases it. Yet between a setting of concern and an actual concern is a mile long gap and whilst we acknowledge that Huawei has some fixing to do, until actual evidence is shown that there is a security breach, the only thing that the US can do is to offer a $229 instant price match for the Apple, or an $100 instant price match for the Google Pixel 2, or a $400 instant price match for the Samsung 9, why would anyone in this day and age pay more for the same, actually, with the enhanced batteries of Huawei you will still miss out, but that might be the smallest cross to bear. All this because some players just didn’t get the pricing right, too many fingers on the margin pie, that alone seems to unbalance the entire equation, because all these players will miss out when Huawei is given free reign there. In this the equation is no longer about security, it will be merely about greed and those enabling for it. Is that not equally important an element to consider?

I’ll be honest, I am still happy with my Huawei P7, it was really affordable against anyone offering anything and after 3 years working 24:7, where would you think I would look first? The one who had proven himself, or the one overpricing its brand (OK, with the Pixel at a mere $100 more, that is still an awesome deal).

When we decide on pricing it is one, when unreliable players in the game force us away from the affordable option it becomes a different stage and so far, the US has proven to lose reliability again and again when it comes to their version of security. To emphasize on that, check on all the printing regarding the Landmines in Yemen placed by the Houthi and the amount of articles that we see in the NY Times, the LA Times and the Washington Post. Now consider the impact of mines and why Americans seem to be eager not to inform you. By the way, that setting was almost certain a setting that Iran enabled, if you questions that (which is fair) then answer the simple question, where did the Houthi forces get 1,000,000 mines from?

We are kept in the dark on the wrong topics and it is time to set the limelight on those people keeping us knowingly in the dark.

 

Advertisements

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science