ZTE, Huawei, Samsung, privacy and national security
Assembled cognoscenti; in the context of the current national security concerns, regarding ZTE and Huawei. 1/ Does anyone know whether these relate to software eg OS or hardware ? 2/ To what extent do these also affect privacy and personal security ? Given the hardware issues (previous thread) discovered in Samsung Galaxy hardware, by Lineage developers; not to mention the proprietary issues with Android "spyware for Google"; might it not be useful to encourage ZTE and Huawei to start a campaign, advertising privacy and security issues in the hardware and software of mobile phones, from non-chinese companies ? regards Rohan McLeod
Hi, On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei.
Any hardware from any supplier is suspect; Intel ME, Spectre, Meltdown .... that's just for starters. Most mobile phones are built on a "base" that the normal OS doesn't have access to as well (like Intel ME). You might have the most secure setup of Android, but still have that underlying layer that we cannot control and which may be vulnerable -- just like the mobile phone network (SS7 vulnerabilities for starters there). With chips (silicon), geting so small, it can hide all sorts of things that can't be detected without super magnification. Heck, with port knocking type of behaviour, a "backdoor" hardware component may be kept completely inactive until a specific set of operations (electrically) pass through it's pins on the motherboard, or even specific NFC type interaction with a close by device. Yep, we've been there, but how far do you want to go? The only secure machine is one that has no microphones, speakers, display or any kind of Internet connection and that still might not be enough due to side channel attacks just listening to the CPU and/or other components and the exact power usage patterns. So, even very much disconnected devices can have very stealth methods of backdoor access with the opportunity to betray it's owner. And none of this is science fiction these days. Oh and then you have implants, like fake USB keybaords or even cables with embedded components. Heck, even changing your touch screen with a third party supplied one could implant new vulnerabilities because the components are so tiny.... Perhaps we need much more dumb devices that can't give our secrets away and betray us in some weird and strange way. Have fun. Cheers AndrewM
Andrew McGlashan via luv-talk wrote:
Hi,
On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei. Any hardware from any supplier is suspect; Intel ME, Spectre, Meltdown .... that's just for starters.
Most mobile phones are built on a "base" that the normal OS doesn't have access to as well (like Intel ME). You might have the most secure setup of Android, but still have that underlying layer that we cannot control and which may be vulnerable -- just like the mobile phone network (SS7 vulnerabilities for starters there).
With chips (silicon), geting so small, it can hide all sorts of things that can't be detected without super magnification. Heck, with port knocking type of behaviour, a "backdoor" hardware component may be kept completely inactive until a specific set of operations (electrically) pass through it's pins on the motherboard, or even specific NFC type interaction with a close by device.
Yep, we've been there, but how far do you want to go?
Well it's not really how far I want to go; if I was a multi-billion dollar company whose market share depends on my credibility; then when some government agency; wants to pressure me into inserting a back-door, into the hardware or software of my mobile phone design, then I am gambling that credibility against the possibility that some time in the future, it will not be discovered, -by a reverse design engineer in a opposition company - by loose talk or whistle-blower in that government agency - by the idle curiosity of some hardware or software hacker ......." are you feeling lucky punk ?:-) regards Rohan McLeod
Rohan McLeod via luv-talk wrote:
if I was a multi-billion dollar company whose market share depends on my credibility; then when some government agency; wants to pressure me into inserting a back-door, into the hardware or software of my mobile phone design, then I am gambling that credibility against the possibility that some time in the future, it will not be discovered,
At Enron, they called that "I'll be gone; you'll be gone." Nowadays, multinationals can have enough money to just change people's minds directly: https://en.wikipedia.org/wiki/Reputation_management ...so they don't need to worry about "being caught" or "looking bad".
Trent W. Buck wrote:
Rohan McLeod via luv-talk wrote:
if I was a multi-billion dollar company whose market share depends on my credibility; then when some government agency; wants to pressure me into inserting a back-door, into the hardware or software of my mobile phone design, then I am gambling that credibility against the possibility that some time in the future, it will not be discovered, At Enron, they called that "I'll be gone; you'll be gone."
Nowadays, multinationals can have enough money to just change people's minds directly: https://en.wikipedia.org/wiki/Reputation_management ...so they don't need to worry about "being caught" or "looking bad".
Yes; well we will just have to agree to disagree about the feasibility of that; to return to my original post : "Given the hardware issues (previous thread) discovered in Samsung Galaxy hardware, by Lineage developers; not to mention the proprietary issues with Android "spyware for Google"; might it not be useful to encourage ZTE and Huawei to start a campaign, advertising privacy and security issues in the hardware and software of mobile phones, from non-chinese companies ? " regards Rohan McLeod
Rohan McLeod wrote:
"Given the hardware issues (previous thread) discovered in Samsung Galaxy hardware, __ by Lineage developers;__ not to mention the proprietary issues with Android "spyware for Google"; _might it not be useful to encourage ZTE and Huawei to start a campaign, advertising_ privacy and security issues in the hardware and software of mobile phones, _from_ non-chinese companies ? "
Useful to whom? I don't own shares in ZTE or Huawei.
Trent W. Buck wrote:
Rohan McLeod wrote:
"Given the hardware issues (previous thread) discovered in Samsung Galaxy hardware, __ by Lineage developers;__ not to mention the proprietary issues with Android "spyware for Google"; _might it not be useful to encourage ZTE and Huawei to start a campaign, advertising_ privacy and security issues in the hardware and software of mobile phones, _from_ non-chinese companies ? " Useful to whom? I don't own shares in ZTE or Huawei.
Useful to those who consider privacy a functional requirement of the modern world; rather than a something to be traded against national security. Useful to those who want security holes and trapdoors prominently advertised; to the end of removing them. .....united the phone manufactures stand; divided they fall !:-) regards Rohan mCLeod
Andrew McGlashan via luv-talk wrote:
The only secure machine is one that has no microphones, speakers, display or any kind of Internet connection and that still might not be enough due to side channel attacks just listening to the CPU and/or other components and the exact power usage patterns.
Not even then. You can make spyware out of wood: https://en.wikipedia.org/wiki/Great_Seal_bug
participants (3)
-
Andrew McGlashan -
Rohan McLeod -
Trent W. Buck