Category Archives: Huawei

Huawei Global Analyst Summit: Fibre is gold

Building infrastructure of any kind isn’t cheap, and building communications infrastructure can be especially challenging. Yet carriers can’t afford not to build out capacity; the current COVID-19 pandemic has illustrated the importance of connectivity. Those who can’t provide it are at risk of losing customers to those who can. Omdia (formerly Ovum Research) has noted…

Huawei’s Meng Wanzhou loses first challenge in extradition case

With files from Howard Solomon   The British Columbia Supreme Court has ruled that the extradition process for Meng Wanzhou, Huawei chief financial officer and the daughter of Huawei’s founder Ren Zhengfei, will move forward. The decision Wednesday by B.C. Associate Chief Justice Heather Holmes says the U.S. allegation of fraud would also be considered…

Boris Johnson to reduce Huawei’s role in national 5G network

UK Government will reduce the presence of the equipment manufactured by Chinese Huawei in its 5G network in the wake of the coronavirus outbreak.

UK Government will reduce the presence of the equipment manufactured by the Chinese tech firm Huawei in its 5G network in the wake of the Coronavirus outbreak.

Early this year, the UK Government agreed on the involvement of Huawei in the national 5G network, while the United States expressed its disappointment for the Johnson decision and threatened to limit intelligence sharing with the ally. 

“The Prime Minister plans to reduce Huawei’s involvement in Britain’s 5G network in the wake of the coronavirus outbreak, the Telegraph has learned.” reported The Telegraph.

“Boris Johnson has instructed officials to draw up plans that would see China’s involvement in the UK’s infrastructure scaled down to zero by 2023.”

Prime Minister Boris Johnson has tacked officials to draft plans that would define the way Chinese firms will be involved in Britain’s infrastructure end by 2023.

Next month Mr Johnson will visit the US to participate at the G7 summit, he aims at confirming that the UK jhas reduced its dependecy from the China provisioning of 5G network equipment, a circumstance that could ramp up trade talks with US President Donald Trump.

In January, the EU’s executive Commission presented a set of rules and technical measures aimed at reducing cybersecurity risks from the adoption of 5G. The Commission’s recommendations included blocking high-risk equipment suppliers from “critical and sensitive” components of 5G infrastructures, such as the core.

The EU’s executive Commission did not explicitly mention companies, but a clear reference is to the Chinese firm Huawei.

In January, the British Government also agreed to assign a limited role for Huawei in the country’s 5G network, but highlighted that “high-risk vendors” would be excluded from the building of “sensitive” core infrastructure.

US Government continues to push hard for countries to ban Chinese companies from building their next-generation 5G network, claiming Chinese equipment can be exploited by the Chinese government for cyber espionage.

MPs in Johnson’s party doesn’t agree with the involvement of Huawei in building 5G network.

“He has taken a great many soundings from his own MPs on this issue and shares their serious concerns. The deal was struck before the pandemic hit but coronavirus has changed everything,” an unnamed source told The Telegraph.

Pierluigi Paganini

(SecurityAffairs – 5G, hacking)

The post Boris Johnson to reduce Huawei’s role in national 5G network appeared first on Security Affairs.

Huawei chairman says ‘survival is the keyword’ for the company right now

As U.S. sanctions against Huawei continue, the company is feeling the pain. At its 17th annual Global Analyst Summit this week, rotating chairman Guo Ping said, “Over the past year, many technologies became unavailable to us. Despite this, Huawei struggled to survive and is striving to move forward.”

In a statement released at the beginning of the two-day hybrid (onsite and online) event, Huawei strongly condemned the most recent U.S. actions restricting its ability to use U.S. technology and software in its semiconductor design and manufacturing, calling the decision ” arbitrary and pernicious”, and saying it threatens to undermine the entire industry worldwide.

“This decision by the U.S. government does not just affect Huawei. It will have a serious impact on a wide number of global industries. In the long run, this will damage the trust and collaboration within the global semiconductor industry which many industries depend on, increasing conflict and loss within these industries,” the statement said.

Furthermore, it accused the U.S. of leveraging its own technological strengths to “crush companies outside its own borders”, noting, “This will only serve to undermine the trust international companies place in U.S. technology and supply chains. Ultimately, this will harm U.S. interests.”

Aaron Shum, senior director and practice lead, security, risk, and compliance at Info-Tech Research Group, remains skeptical about the U.S.’s claims about Huawei technology.

“Obviously the public position against China is tied to concerns about national security.  However, the U.S. has yet to produce hard evidence demonstrating Huawei technology compromising government data,” noted Shum. “These attacks result in a split between U.S. and its allies and the rest of the world in 5G development, though some U.S. allies such as the UK have chosen to allow Huawei into non-core 5G networks.  In Canada, the country’s delayed response in its decision on 5G, combined with U.S. influence on deprioritizing Huawei, will no doubt increase the cost of our deployment while limiting the available options to just two vendors.  Historically, at least Telus has disclosed the use of Huawei equipment.  Interestingly, Telus announced intent to use Huawei technologies for 5G earlier this year.”

Related:

During his keynote, Guo Ping said that to mitigate the impact of the entity listing, Huawei has significantly increased its research and development investments and expanded its inventory.

“Fixing the holes has been our focus,” he said. Over the past year, the company invested over 15,000 man-years to ensure its ICT business continuity, rewriting 16 million lines of code, and redeveloping more than 1800 circuit boards. As well, its procurement department reviewed over 16,000 part numbers.

“Such heavy investments have enabled Huawei to survive under the entity list,” he noted. “Our business has not been disrupted, our supply, our cooperation with partners, and our customer services have not been disrupted.”

He then pivoted to discuss the need for unified global standards, pointing out that while, since 2G days, U.S. carriers adopted competing standards while Europe’s have been unified, allowing its carriers to establish global operations while European equipment providers have remained competitive.

“I remember talking to a country leader last year. And he said to me, ‘I will build two clouds from different countries, as long as they don’t cause trouble at the same time, we are in good shape.'” Guo Ping said. “I believe that many customers would agree with him. More companies may do what we are doing, diversifying globalized supply chains to ensure business continuity. The lesson here is that unified standards are of vital importance to industry development.”

But, he went on, with foundations of trust and global collaboration under attack, the U.S. moves against tech companies in other countries will shake countries’ confidence in American technology.

“Given the changes in the industry over the past a year, it’s dawned on us more clearly that fragmented standards and supply chains benefit no one,” he went on. “If further fragmentation were to take place, the whole industry would pay a terrible price.”

He said he is confident the company will find a solution to the current situation soon; for now, “Survival is the keyword for us at present.”

Huawei Analyst Summit 2020: China’s telemedicine hinges on its 5G development

As 5G deployment plods along in Canada, the next-generation wireless standard has already been adopted by healthcare practitioners in China. At the Huawei Global Analyst Summit 2020, Dr. Lu QingJun, director at China-Japan Friendship Hospital and a full-time remote healthcare practitioner, shared his thoughts on the impact of the higher quality networks on hospitals of the future.

Related:

Lu gave a personal example by describing one of his previous remote cases at a primary care hospital. In his scenario, the patient had to wait for 25 hours to receive a consultation, due in large part to the 12GB of data that had to be sent over the network. Lu said that with 5G, that time can be cut to just “dozens of minutes”. The dataset is amplified for patients who need multiple tests, such as CT scans and electrocardiograms.

Future health care’s success will be intertwined with network quality.

When describing telemedicine, Lu precited that data, technology, and intelligence will become inseparable from healthcare. Although the course has been set, Lu also noted the perpetual battle to improve privacy and secure data transmission, all of which require new infrastructure for the intelligent hospital.

“We’ve always said that it’s not necessary to replace 4G with 5G in all cases, so we need to identify those cases where only 5G is able to support,” said Lu, noting that the introduction of technology built on 5G should not impede the efficiency of existing workflows.

The conversation then naturally leads to whether existing technologies like fibre internet could fill these roles.

“Hospitals already have fibre access, so do we actually need 5G?” Lu asked rhetorically. “You only say that because you don’t understand 5g…we need mobility, but not only that, we need to upgrade our equipment and currently our equipment is wired.”

 

During the presentation, Lu credited telemedicine in China’s battle against the COIVD-19 pandemic.

Network infrastructures will be the backbone to facilitate new communication demands. Thus, its development needs to keep pace with the ICT industry. Because telemedicine is still relatively new, the industry needs to generate new scenarios as testbeds for these newer technologies, Lu explained. These new use cases, whether they’re generated naturally by demand or synthetically, will help push along the development of these new technologies.

For example, 5G’s bandwidth massive bandwidth improvements could remove the bottleneck present in real-time communication and medical imaging. Increased bandwidth enables more immediate, higher quality remote checkups. It could also simplify the diagnostic process by enabling services like real-time remote full-body scanning, a procedure that generates large image files.

4G’s high latency, unreliableness and error rate presents challenges in realising telemedicine’s true potential. These issues could be solved by migrating to 5G.

Another factor that affects performance is latency. The ITU-R defined Ultra-Reliable Low Latency Communications (URLLC) as one of 5G’s main applications. In a highly-technical and mission-critical application like healthcare, low latency is a key concern.

“The 4G technologies are not enough to meet our needs,” Lu pointed out. “In the past, we compressed the data to make it fit into the smaller pipe. And the 4G latency was not acceptable. For 5G, the latency is very low. It’s almost a real-time so the doctors can get real-time data transfer to provide better services to the patients, especially when we talk about the complex and difficult.”

He specified remote monitoring, remote analysis, remote robotics, and remote visit as crucial areas of focus. He said that while doctors understand the benefits of remote practices, vendors are not yet prepared to manufacture this equipment due to inadequate certification and qualifications.

There are more than 13,000 secondary–or specialist–hospitals in China, and adding telemedicine capabilities to them all would incur significant cost. With that said, developing remote healthcare also stimulates new business opportunities for carriers.

Moreover, Lu said that the entire network stack–the slices, transport network and edge computing could all benefit from being supported by 5G technologies. The benefit isn’t limited to telemedicine but the communication industry as a whole.

In addition, 5G could help to streamline a hospital’s logistic operations like payment. China’s mobile payment system is the most established in the world by far. In 2019, over 81 per cent of the country’s smartphone owners frequently pay through proximity mobile systems such as QR codes. But while China’s digital commerce is being developed at an explosive pace, hospitals of the future will demand more robust transaction support.

“We need to have innovation in the healthcare service provision,” said Lu. “And and we also need to have some payment assurance like basic medical insurance, commercial insurance, and also some banking services support. And that has high requirements on computing on storage and on data processing. These requirements will only be satisfied by adding new ICT technologies.”

Cyber Security Roundup for May 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.

As well reported, UK foreign exchange firm Travelex business operations were brought to a standstill after its IT systems were severely hit by the Sodinokibi ransomware at the start of the year. It was reported that
 REvil group were behind the attack and had stolen 5Gbs of customer personal data, and then demanded $6 million (£4.6m) in ransom. The Wall Street Journal reported in April 2020 that Travelex had reached a deal, paying $2.3 million (£1.84m) in Bitcoin to the cybercriminals. This sort of response incentivises future ransomware activity against all other businesses and could lead to an inflation of future cyber-extortion demands in my opinion.

Cognizant, a US large digital solutions provider and IT consultancy, was reportedly hit by the Maze ransomware.  Maze, previously known as the 'ChaCha' ransomware, like the Travelex attack, not only encrypts victim's files but steals sensitive data from the IT systems as well. Enabling the bad guys to threaten the publishing of the stolen data if the organisation cough up to their cyber-extortion demands, so the bad guys are very much rinsing and repeating lucrative attacks.

Microsoft wrote an excellent blog covering the 'motley crew' of ransomware payloads  The blog covers ransomware payloads said to be straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

Researchers continue to be busy in exposing large sensitive datasets within misconfigured cloud services.  In April researchers reported 14 million Ring user details exposed in misconfigured AWS open database, fitness software Kinomap had 42 million user details exposed in another misconfigured database, and Maropost had 95 million users exposed, also in a misconfigured database.

Nintendo confirmed 160,000 of its users' accounts had been accessed, exposing PII and Nintendo store accounts. The gaming giant Nintendo said from April, its user's accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming. The company is unaware exactly how the intrusion had occurred, saying it “seems to have been made by impersonating login to “Nintendo Network ID. “If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said. In response to these issues the company has abolished user’s ability to log into their Nintendo account via NNID and passwords for both NNID and Nintendo accounts are being reset and the company is recommending multi-factor authentication be set up for each account.  The account breaches weren't the only cyber issue affecting Nintendo in April, it reported that a bot, dubbed 'Bird Bot' was used by a reseller to buy up Nintendo Switches before customers could make their Switch purchase from Nintendo. The bot using reseller benefits at the expense of consumers, in buying up all available Switches directly from Nintendo, they are able to sell them on for higher prices, so making a quick and easy tidy profit, due to the current high demand of Switches and lack of supply.

April was a busy month for security updates, Microsoft released security patches fixing 113 vulnerabilities on Patch Tuesday and an out-of-band patch for Teams found by researchers at CyberArk. Patch Tuesday for a quiet one for Adobe, though they released fixes for 21 critical vulnerabilities in illustrator and Bridge at the end of the month.  Oracle released a huge 397 fixes for 450 CVEs in over 100 products, which I think is a new record for a patch release!  

Sophos said it and its customers were attacked when a previously unknown SQL injection vulnerability in their physical and virtual XG Firewall units was exploited. “The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN) to the WAN zone that shares the same port as the admin or User Portal were also affected,Sophos said.

There were security critical patch releases for Mozilla Firefox, Chrome (twice), and for 8 Cisco products. A bunch of VMware patches for including a CVSS scored 10 (highest possible) in vCenter, a critical in vRealize Log Insight and a critical cross-site scripting vulnerability in ESXi 6.5 and 6.7. And finally, on the patch front, Intel decided to discontinue multiple products, as it was unable to keep ahead of patch their vulnerabilities.

Stay safe, safe home and watch for the scams.

BLOG
NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

    Cyber Security Roundup for March 2020

    A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2020.

    Redcar and Cleveland Borough Council became the latest UK organisation to become the victim of a mass ransomware attack which started on 8th February.  The north-east Council's servers, PCs, mobile devices, websites and even phone lines have been down for three weeks at the time of writing. A Redcar and Cleveland councillor told the Guardian it would take several months to recover and the cost is expected to between £11m and £18m to repair the damage done. A significant sum for the cash-strapped council, which confirmed their outage as ransomware caused 19 days after the attack. The strain of ransomware involved and the method initial infiltration into the council's IT systems has yet to be confirmed.


    The English FA shut down its investigation into allegations Liverpool employees hacked into Manchester City's scouting system. The Manchester club also made news headlines after UEFA banned it from European competition for two years, a ban based on alleged stolen internal email evidence obtained by a hacker.  Read The Billion Pound Manchester City Hack for further details.

    The UK government said GRU (Russian military intelligence) was behind a massive cyber-attack which knocked out more than 2,000 websites in the country of Georgia last year, in "attempt to undermine Georgia's sovereignty". Foreign Secretary Dominic Raab described it as "totally unacceptable".

    The United States deputy assistant secretary for cyber and communications, Robert Strayer, said he did not believe the UK government's January 2020 decision to allow Huawei limited access to UK's 5G infrastructure was final. 'Our understanding is that there might have been some initial decisions made but conversations are continuing," he told the BBC. Read The UK Government Huawei Dilemma and the Brexit Factor for more on UK government's Huawei political, economic and security debate.

    Following Freedom of Information requests made by Viasat, it reported UK government employees had either lost or stolen 2,004 mobiles and laptops between June 2018 and June 2019.

    According to figures by the FBI, cybercriminals netted £2.7bn ($3.5bn) from cyber-crimes report 2019, with phishing and extortion remaining the most common method of scamming people. These FBI reported cybercrime losses have tripled over the past 5 years. The FBI concluded that cyber scam techniques are becoming more sophisticated, making it harder for original people to tell "real from fake".  A new Kaspersky report backs up the FBI, finding a 9.5% growth in financial phishing during the final quarter of 2019.

    The Labour party is facing data protection fines of up £15m for failing to protect their members' personal data. The Information Commissioner's Office confirmed the Labour Party would be the focus of their investigation since it is legally responsible for securing members' information as the "data controller".

    This month's cloud misconfiguration breach award goes to french sports retail giant Decathlon, after 123 million customer records were found to be exposed by researchers at vpnMentor .  Leaked data included employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses and birth dates. “The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor.

    If you have a 'Ring' smart camera doorbell (IoT) device then may have noticed Two-Factor Authentication (2FA) was mandated in February.  Ring's stance of enforcing a strengthening of security may be related to several recent high-profile home camera hack reports.
    Ring: An IoT device's security improved by mandated 2FA

    The facial recognition company Clearview AI advised a hacker stole its client list database. The firm works with law enforcement agencies and gained notoriety after admitting it had scrapped billions of individuals photos off the internet.

    BLOG
    NEWS
    VULNERABILITIES AND SECURITY UPDATESAWARENESS, EDUCATION AND THREAT INTELLIGENCE

    Huawei set for limited UK 5G role, but can we Trust Huawei?

    Today the UK Government decided Huawei can be allowed to help build the UK's 5G network, but remain banned from supplying kit to "sensitive parts" of the core network. The Prime Minister Boris Johnson made long await decision to ends months of concern for the Chinese telecoms giant. 

    The PM had briefed US President Donald Trump about the decision. Trump has been very vocal on his stance exclaiming, “we are not going to do business with Huawei”, and recently Trump’s administration is reportedly nearing publication of a rule that could further block shipments of US-made goods to Huawei. Trump administrator has said it 'is disappointed' with UK government decision. China had warned the UK there could be "substantial" repercussions to other trade and investment plans had the company been banned outright.

    There was ferocious debate in the UK parliament post the government announcement, with MPs calling into question the cybersecurity risks which could prevail – the US says the cybersecurity risks are severe, the UK’s security services say they can be managed, whereas Australia has opted for an outright ban. There’s a clear disconnect and the decision today could cause turmoil to the US/UK working relationship that could ultimately impact a post-Brexit trade deal.

    Can Huawei be trusted or will using its equipment leave communication networks, and our own mobile phones, vulnerable? The US says Huawei is a security risk, given the firm is heavily state supported and is run by Mr Ren who served in the Chinese military. Huawei 5G equipment could be used for spying and negatively impacting critical national infrastructure. 

    The National Cyber Security Centre (NCSC) published a document which says UK networks will have three years to comply with the caps on the use of Huawei's equipment.

    "Huawei is reassured by the UK government's confirmation that we can continue working with our customers to keep the 5G rollout on track. It gives the UK access to world-leading technology and ensures a competitive market." the firm's UK chief Victor Zhang said in a statement.

    UK security professionals have reported significant concerns around how digital transformation projects and the implementation of 5G will affect their risk posture. 89% of UK businesses said they have concerns around the implementation of emerging technologies and essential digital transformation projects and almost four in ten (38%) expect digital transformation and 5G to offer cybercriminals more effective and more destructive methods of achieving their nefarious goals, according to research from VMWare Carbon Black.

    A10 Networks' VP of Strategy, Gunter Reiss said “The global dispute over whether tech giant Huawei should be used in national 5G networks has created a lot of geopolitical conversations around the 5G build-out, security to Critical National Infrastructure, and generally whether certain vendors should be included or excluded. However, operators need to base their decisions not on these opinions but on technology – the strength, innovation and security capabilities. With the massive increases in bandwidth, number of devices predicted to be on these networks and the growing security requirements, the technology being used must meet these needs.


    A Security Compromise on Economical Grounds
    "This is a good compromise between alleviating 'security' concerns and making sure that the 5G UK market is not harmed," commented Dimitris Mavrakis, a telecoms analyst at ABI Research. Previously I posted about National Security Vs Economic argument which has been behind the UK government decision - see The UK Government Huawei Dilemma and the Brexit Factor 

    Boris Johnson gets final warning with Huawei 5G verdict imminent

    Former senior government figures voice security fears as PM chairs meeting of NSC

    Former ministers have sounded their final warnings to Boris Johnson about the Chinese telecoms firm Huawei ahead of his expected decision on whether it will play a part in the UK’s 5G network.

    The prime minister will chair a meeting of the national security council (NSC) later on Tuesday before making a judgment on the firm’s future in the country after months of concern around security, including from the US president, Donald Trump.

    5G is the next generation mobile phone network and it promises much higher connection speeds, lower latency (response times) and to be more reliable than the creaking 4G networks we have now.

    Huawei is a Chinese telecoms company founded in 1987. US officials believe it poses a security risk because the Chinese government will make the firm engineer backdoors in its technology, through which information could be accessed by Beijing. Donald Trump has banned US companies from sharing technology with Huawei and has been putting pressure on other nations to follow suit.

    Continue reading...