Give poor Huawei a break

10

opinion Australia needs to stop propagating the Fear, Uncertainty and Doubt surrounding Chinese networking vendor Huawei and realise the company is a legitimate player in the telecommunications marketplace.

The company again came under fire yesterday (albeit in a very minor way) when it was revealed that it was one of three suppliers that will take part in a trial of Long Term Evolution mobile technology on Telstra’s Next G network.

Telstra, which has historically favoured vendors from Westernised countries like Alcatel-Lucent (France), Ericsson (Sweden) and even Nortel (Canada), seemed quite happy with its new partner. The telco’s CTO Hugh Bradlow told ZDNet.com.au it was an opportunity to assess and compare the Chinese vendor’s technology.

However as soon as the deal was announced, a bunch of people raised flimsy objections on Twitter, claiming, without a shred of evidence, that Huawei was dodgy because of its historical links to the Chinese People’s Liberation Army and could have left backdoor code in its networking kit to spy on Australians.

I thought that these hoary old allegations had been dealt with over the past year satisfactorily, but apparently not. So let’s get a few facts straight (or, at least my opinion on them). As Huawei itself pointed out yesterday in its own innocuous press release (PDF), the company has already inked nine contracts and carried out over 60 trials for LTE technology alone around the globe.

One of those contracts was with the Swedish and Finnish equivalent of Telstra — TeliaSonera. TeliaSonera is deploying an LTE network in Oslo, Norway with Huawei hardware. Now you would think — and tell me if my logic is not clear here — that TeliaSonera would have a natural preference to use Ericsson technology, given the Swedish networking vendor’s massive presence in … well, Sweden.

Secondly, if Huawei had hidden some backdoor code in its LTE routers, don’t you think that there would be just the slightest possibility that someone — anyone — in those 60 trials with telcos across the globe would have detected rogue packets being beamed around and wondered what was going on?

The last major case we heard of regarding this kind of spying was found in Greece half a decade ago, and that was eventually detected. And, it’s important to point out, it wasn’t Huawei’s hardware involved in that case — it was kit belonging to Ericsson, which Telstra obviously trusted enough to let it build its billion-dollar Next G network.

Some have raised the possibility that backdoor code could lie dormant in Huawei’s routers … awakening in the dead of night like a vampire, to furtively clutch at network packets and carry out the nefarious orders of the PLA.

Well I’m calling donkey twaddle on that one.

The idea that a company as large as Huawei would risk billions and billions of dollars of revenue by hiding backdoors in its routers is simply preposterous. If Huawei was found to have done such a thing — and keep in mind that there has never been a scrap of evidence (that I have seen) that it has — it would instantly lose all credibility with telcos and would lose billions overnight and in succeeding years.

Sure, the ownership of the company is a little different than we’re used to in the West. But that doesn’t mean the Chinese don’t know how to make sure the money keeps coming in. If you’ve spent any time in China you’ll quickly notice it’s a modern country just like any other.

I’m sure the many thousands of Australian businessmen who are constantly making trips back and forth to China (take a holiday there, you’ll see what I mean) aren’t wondering whether the products they are buying and selling are compromised. They’re just looking to make money.

There’s one further common attack on Huawei that I want to address — the claim that it is being investigated by the Australian Security and Intelligence Organisation. As Huawei itself pointed out in September 2009, it has recently met with ASIO. But this wasn’t a case of ASIO dragging some of Huawei’s 230 Australian staff down to Canberra for a medieval-style grilling behind closed doors.

Actually, it was Huawei who instigated the meeting — it wanted to clear the air after a series of newspaper articles calling the networking vendor’s credibility into question.

Now it must be said, there is one dodgy story in Huawei’s past that it would probably rather people forget. In 2003 Cisco took the company to court for allegedly copying the US networking giant’s Internet Operating System doe and using it in its routers. At the time Huawei admitted it had inadvertently used some of Cisco’s code.

The irony here is that far from inserting rogue Chinese code in its hardware, Huawei was actually inserting rogue code from the United States.

Now I’ve been covering Huawei in Australia for about five years, and I’ve never witnessed anything from the company that might be the kind of unethical behaviour it is accused of.

When it first entered Australia Huawei was a fair bit more guarded than it is now — but that’s not unusual for a multinational setting up shop locally, and its openness to talking publicly and granting interviews to the press has only increased steadily since that time.

I would put a lot of Huawei’s initial quietness in the local market down to cultural issues. It’s a fairly tightly controlled company and my impression is that when it first set up shop locally it didn’t have a great deal of understanding of how open Australia’s culture is compared with China’s.

However, that attitude has changed a great deal over the past half-decade. Huawei has taken journalists on trips to tour its massive manufacturing plants in China, invited Australian government officials to do the same, and even hired public relations staff such as senior Telstra officials and the editor of stalwart industry newsletter Communications Day.

Along the way it’s picked up deals with Optus, Powertel (now part of AAPT) and now appears to be on the inside track with Telstra and VHA.

There’s one other important fact to note about Huawei. Customers want to buy its equipment. With the demise of global giant Nortel and consolidation going on in the market with the mergers of Alcatel-Lucent and other sell-offs, there was clearly a space for a strong challenger to come from the Asian market and give other networking vendors a run for their money.

It’s exactly what happened with vendors like HTC in the consumer technology area.

Now I’m sure the Huawei nervousness has been fuelled by sensitivity around Australia’s dealings with China because of a number of events — not least the case involving employees of Rio Tinto accused of espionage. But it’s unfair to taint all Chinese companies and organisations with the same brush, just as not all Australian investment houses stack their offshore accounts like Rene Rivkin did.

Telstra isn’t dealing with Huawei because it’s a charitable organisation. Telstra (and other companies) are interested in buying the Chinese vendor’s products, and Australians should stop making up stories about mythical back doors in Huawei code and let the company get on with selling its products to customers who clearly want to buy them.

Image credit: dbaron, Creative Commons 2.0

10 COMMENTS

  1. Renai,

    To be clear, I was disputing the claim you made that Telstra/Optus’s engineers could detect dodgey code – Dodgey, in this context meaning backdoors. (Ref: http://twitter.com/renailemay/status/10645716719 )

    With a sufficiently complex closed-box system, though, it is improbable that you will be able to detect all possible ways the system can run without opening the box. Modern communications equipment surely qualifies as highly complex systems.

    I’m not saying that Huawei has or will insert code to permit compromise of their equipment. Indeed, from all evidence and behavior to date they’re operating like any other large multinational company.

    • Ah no worries Will. I see your point there, although certainly others did question Huawei itself.

      Re Telstra or Optus being able to detect dodgy code, I think the kicker for me is that at some point the box would need to send packets to or from some sort of server operated by Huawei or the PLA for any sort of backdoor code to be effective.

      Yes, for a single box, this might be tough to detect. But when you’ve got hundreds of them sitting around on a telco’s network, I reckon eventually it would get detected. The larger telcos have incredibly sophisticated views of their network.

      When you factor in that multiple telcos deploy the same Huawei kit, it then becomes even more unlikely that such a situation wouldn’t be detected.

      Is this hard? Yes. Impossible? No. And write large, over a long period of time? Virtually inevitable, in my view.

      • There doesn’t have to be any active monitoring, or for that matter any form of ongoing two-way comms.

        For a practical example of how you can compromise a system using only one-way delivery of commands, look up the DirecTV Black Sunday ‘hack’. This was DirecTV’s way of fighting back against cable card fraud, but aptly demonstrates what you can achieve.

        See here for a summary/starting point: http://www.codinghorror.com/blog/2008/05/revisiting-the-black-sunday-hack.html

        With any black box system, as long as you have some form comms, you can’t be 100% sure of exactly what it’s capable of doing.

        This doesn’t have to be an ongoing phone-home system, it could be completely passive monitoring for a trigger – such as a call between two phone numbers that match a particular formula.

        The likelihood of discovery goes up the longer any such system is in place, obviously – but these things can be extremely simple, and hidden in the way the hardware operates (when pattern X appears in memory, write Y code at position Z), or not delivered except in a later software patch.

        I would be surprised if there weren’t some level of snooping happening by other vendors — getting a look at the hardware/software running on the other guy’s boxes is always interesting. So, perhaps those vendors would raise the alarm if they found such code in another’s boxes.

        Again, to date there’s no evidence or even substantive hinting that I’ve heard, that indicates Huawei has or might do such a thing. My claim is purely that you can’t determine ahead of time what a black box will do with an arbitrary set of inputs.

  2. “I’ve never witnessed anything from the company that might be the kind of unethical behaviour it is accused of”

    Case closed then, I guess if you’ve never seen it happen, it must all be FUD.

    Oh wait, what about this small security breach:

    http://www.businessinsider.com/did-the-chinese-government-hack-google-2010-1

    http://www.securecomputing.net.au/News/167821,google-hack-trail-winds-closer-to-chinese-government.aspx

    Let me guess, you didn’t see the chinese do this either, so it couldn’t have been them…

    • I’m sorry, linking Huawei to the Chinese attacks on Google is frankly ridiculous. You might as well say Microsoft invaded Iraq.

      What happened to the idea of “innocent until proven guilty”?

      • My links were not about Huawei, you linked two separate issues together.

        When it comes to network security everyone is guilty/denied access until they are proved innocent/authorised. Trust must be earned and not taken for granted. If you don’t accept this, then you have no credibility.

  3. Actually, my problem isn’t just with Huawei. It’s with any of the large pieces of critical infrastructure being run on closed source, hideously complicated boxes.

  4. Uninformed twits like Renai LeMay deliver their naive assumptions as if they know what they’re
    talking about, then someone like Will here with some actual knowledge can get a “Hmm I do agree with this Will.”

    And I can easily imagine this pinhead offering a Neville “Simpleton” Chamberlain analysis like that a couple years ago to anyone speculating that the Chinese might someday play piggy with a monopoly on the rare earth trade.

Comments are closed.