FCC Poised To Ban All US Sales of New Huawei and ZTE Equipment - Slashdot
source link: https://tech.slashdot.org/story/22/10/13/1118245/fcc-poised-to-ban-all-us-sales-of-new-huawei-and-zte-equipment
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
FCC Poised To Ban All US Sales of New Huawei and ZTE Equipment
FCC Poised To Ban All US Sales of New Huawei and ZTE Equipment (axios.com) 39
Posted by msmash
on Thursday October 13, 2022 @10:40AM from the shape-of-things-to-come dept.The Federal Communications Commission plans to ban all sales of new Huawei and ZTE telecommunications devices in the U.S. -- as well as some sales of video surveillance equipment from three other Chinese firms -- out of national security concerns, Axios reported Thursday, citing sources. From the report: The move, which marks the first time the FCC has banned electronics equipment on national security grounds, closes a vise on the two Chinese companies that began tightening during the Trump administration. The ban marks the culmination of years of warnings from security researchers, analysts and intelligence agencies that the Chinese government could use Chinese-made telecommunications equipment to spy on Americans. The price could come in higher costs for some smaller telecommunications providers that favored the Chinese companies' products thanks to their aggressive pricing. On Oct. 5, FCC Chairwoman Jessica Rosenworcel circulated a draft order among her fellow commissioners. The order -- which still needs to be voted on -- would effectively ban new equipment sales in the U.S. from firms that pose a threat to national security, two sources with direct knowledge told Axios.
Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms. Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics. Sync Now
›
- The idea the Chinese need a Chinese-owned company to spy on Americans and that they can not trivially implant insiders into any US company they want, is hilarious.
- The idea that the Chinese can somehow create technology that can be embedded into smartphones and 5G equipment, that somehow violates physical laws and/or is impossible to detect by the NSA and other US intelligence apparatus, should be considered an insult to said apparatuses. Essentially you are saying the Chinese are way smarter than Americ
-
None of these things are black boxes whatsoever. They are all wide open to inspection, especially by the intelligence apparatus.
-
> None of these things are black boxes whatsoever.
Most chips are rectangular (boxes with minimal depth) covered in a ceramic housing that is black. They are literal black boxes.
And no they aren't meant to be opened. It takes a great deal of time, expense and expertise to reverse engineer these chips. That would be like saying any commercially compiled code is open to inspection because you can go through the effort of tracing and reverse engineering it.
-
And most of the firms which do it... are Chinese.
-
Most chips are rectangular (boxes with minimal depth) covered in a ceramic housing that is black. They are literal black boxes.
Ah... You get a million points for being TECHNICALLY correct.
However, they aren't actually black boxes to the FCC. TBH the most likely place for an implant of any kind is in a Software update to be distributed later (Possibly after exploiting a security vulnerability) -- the Chinese can do this to US equipment too.. they just need to find a suitable "bug" and keep it under wrap
-
The unspoken answer to "why not", is because this is all about money, not about security.
-
And of course there is zero chance that design and samples submitted for testing differ in any way from what actually gets sold, right? You'd have to be pretty daft to believe that.
-
No. The FCC can't afford to de-lid ICs and analyze dies.
-
> ensure the design matches what is on file
Yeah, for every router in the shipping container, "ensure" that this SOIC is the same chip that's specified in the approved design. You do that by - magic?
Or are you suggesting decapping every chip in every router so you can look at them under a microscope - thereby destroying them?
You can either have a chip that works, or a chip that has been decapped and examined by experts (at very high unit cost) - but not both. You can't both perform forensics on the chip
-
-
Not so much these days. Take a photo of the die with a high resolution microscope and a computer vision system can reverse engineer all the logic, ROM contents and more.
It's not really necessary though. If any of these chips were transmitting information back to the Chinese it would be detectable. And you can bet that the NSA know all the ways it could be done, and what to look for.
At worst there might be some kind of hidden kill switch that only triggers when it sees specific sequences of data or something
-
> It's not really necessary though. If any of these chips were transmitting information back to the Chinese it would be detectable.
Because steganography doesn't exist or because China can only use Chinese IP addresses? Which or both of these do you believe?
-
As I said, I'm sure the NSA has developed all the steganographic tricks and knows how to look for them.
The basic technique for finding this stuff is to look for unexpected traffic.
-
-
-
It does take time, expertise, and expense to do it but if we're talking national level concerns fielded by the NSA and FCC, that's not a barrier. Same with compiled code, really. Once you start getting to state actor levels of these kind of things, the only real barrier is how obfuscated things are.
But like the AC down below said, just because a sample device or three are clean, or even randomly selected from retail pipelines, there's no way to guarantee they all are. But that'd be a pretty scattershot way
-
And yes, the NSA manages to handily replace firmware and put in its own backdoors in these boxes. I wonder who they are doing that...
-
You don't reverse engineer chips to look for security issues. You analyse chip behaviour. Just like I don't need to disassemble the source code of Windows to log on my router that it is pinging datahoover.microsoft.com at regular intervals.
-
Just like I don't need to disassemble the source code of Windows to log on my router that it is pinging datahoover.microsoft.com at regular intervals.
And if that's all it's doing, it's probably harmless, although why it has to make sure that it can reach that host, or keep confirming that it's up and has Internet access isn't exactly clear. However, every ping has (or can have) a payload, and there's nothing to prevent that payload from containing real, possibly important data.
-
-
-
It takes a special kind of stupid to say something like that. Open up any computer and take a look at its circuit board. Nothing but little black boxes (chips) everywhere.
More bullshit. Yes, with specialized equipment and tons of technical know-how, it is possible to decap a chip and look inside. But you will never truly know exactly everything possibily lurking inside, as modern chips with their smallest geometries can pack tons upon tons of circuitry. Nobody can fully reverse engineer all that within thei
-
And yet we still find egregious security issues in open source software. Reverse engineering a chip from decapping is more complicated than analyzing source code for security vulnerabilities, so I don't expect great success.
-
-
This is really about US companies having lost to Huawei and ZTE on 5G and other network technologies. Huawei did the R&D that formed much of the 5G, which means they get patent royalties and they had a head start on everyone else to produce 5G equipment.
For years that meant telcos were installing Huawei gear, and Western companies missed out on all the next generation sales they were hoping for.
So they started whining to the government, and came up with a scheme where Huawei gear gets banned and the gov
-
That's how all technological Nations become technological Nations. They sample and scrape the world for information like any intelligent creature or group of intelligent individuals working together.
Such behavior is normalized and has precedent across history.
That outweighs modern fads of commercial thinking.
What governments label things are not what they are . Those are merely the instructions of what to call things to not be terrorized by the government indirectly through its subjegated social prox
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK