Category Archives: Huawei

No Proof Against Huawei Says BSI Chief

In a recent disclosure, Arne Schoenbohm, who heads Germany’s Federal Office of Information Security (BSI), made an alarming revelation.  According

No Proof Against Huawei Says BSI Chief on Latest Hacking News.

Germany’ BSI chief says ‘No Evidence’ of Huawei spying


The head of Germany’s BSI admitted that since now there is no proof espionage activity conducted through Huawei technology.

US first, and many other countries after, have decided to ban network equipment manufactured by the Chinese telecom giant Huawei.

In November 2018, the Wall Street Journal reported that the US Government is urging its allies, including Germany, to exclude Huawei from critical infrastructure and 5G architectures.

The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

Chinese equipment is broadly adopted in many allied countries, including Germany, Italy an, Japan.  Currently main mobile network operators in Germany use Huawei technology for their infrastructure.

Now Germany’s IT watchdog has expressed its opinion about the ban of the Huawei technology, it has highlighted that there is no evidence that the equipment could be used by Chinese intelligence in cyber espionage activity.

On Friday, the head of Germany’s Federal Office for Information Security (BSI), Arne Schoenbohm admitted that since now there is no proof espionage activity conducted through Huawei technology.

“For such serious decisions like a ban, you need proof,” Arne Schoenbohm, told news weekly Spiegel, confirming that the BSI had no such evidence.

Huawei was already excluded by several countries from building their 5G internet networks. The United StatesAustralia, New Zealand, and Japan announced the exclusion of Huawei technology for their 5G internet networks.

Schoenbohm explained that BSI experts assessed the Huawei products from around the world and hasn’t found suspicious components or backdoors.
BSI experts also visited a recently opened Huawei Security Innovation Lab in Bonn, a center that will work closely with German customers, partners, research institutions as well as government and supervisory authorities.

Commenting on the opening of the laboratory, BSI President Arne Schönbohm said: “We welcome the opening of this laboratory, which will allow further and deeper technical exchange between Huawei and BSI to address the future challenges of cyber security”.

BSI huawei

Many security experts continue to express their concerns about Huawei products.

“I believe it’s wrong to suggest that the concerns about Chinese espionage are unfounded and easy to detect,” telecom security expert Ronja Kniep told AFP.

“Even if Huawei has no official relationship with the Chinese government, that doesn’t mean Chinese services aren’t using the company and its technology as vehicles for espionage.”

Pierluigi Paganini

(SecurityAffairs –BSI, Huawei)



The post Germany’ BSI chief says ‘No Evidence’ of Huawei spying appeared first on Security Affairs.

Huawei CFO Granted Bail. China Threatens US and Canada of Dire Consequences

The Huwaei CFO has pleaded innocent, following which she has been granted bail. However, Meng Wanzhou would be required to

Huawei CFO Granted Bail. China Threatens US and Canada of Dire Consequences on Latest Hacking News.

Smashing Security #108: Hoaxes, Huawei and chatbots – with Mikko Hyppönen

Smashing Security #108: Hoaxes, Huawei and chatbots - with Mikko Hyppönen

The curious case of George Duke-Cohan, Huawei’s CFO finds herself in hot water, and the crazy world of mobile phone mental health apps.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guests Mikko Hyppönen from F-Secure and technology journalist Geoff White.

Week in Review: Carnage Engulfs Cryptocurrencies and Stocks; Bitcoin Mining Difficulty Plunges 24%

From a risk-on perspective, the global financial markets took a beating this week. Digital assets like bitcoin, EOS and bitcoin cash plunged anew while equity prices slid back into the abyss following a strong end to November. Seasonal influences that normally accompany the holiday season have thus far eluded the market, leaving investors with a […]

The post Week in Review: Carnage Engulfs Cryptocurrencies and Stocks; Bitcoin Mining Difficulty Plunges 24% appeared first on Hacked: Hacking Finance.

Trade war tensions with China rise following arrest of Huawei CFO in Canada

Wanzhou Meng, Huawei’s CFO and the daughter of the company’s founder, was arrested at the Vancouver airport on Dec. 1 and is awaiting extradition to the US to face trial on accusations that the US export sanctions against Iran were breached, writes the Globe and Mail. Her bail hearing is on Dec. 7.

Further details were not provided due to Meng’s request for a publication ban.

“She is sought for extradition by the United States, and a bail hearing has been set for Friday,” Justice Department spokesman Ian McLeod said in a statement to the Toronto-based newspaper on Wednesday. “As there is a publication ban in effect, we cannot provide any further detail at this time. The ban was sought by Ms. Meng.”

The US government released several warnings advising consumers to not purchase Huawei smartphones as it considers them a threat to national security. In April it was announced that the company was already under investigation for illegal sales violating US sanctions against Iran, following similar allegations against Chinese company ZTE. The use of Huawei devices has been banned in the US government, which has also sought to persuade other countries to ban the Chinese manufacturer.

“After the Trump Administration imposed a ban on the sale of American technologies to ZTE last week for similar export violations, this latest development feels like deja vu all over again and could cast a serious shadow over the business of the $92.5 billion Chinese company,” wrote Forbes at the time.

In 2016, the US government issued a subpoena to investigate Huawei’s export of US technology over the previous five years to advocates of international terrorism or nations under US trade sanctions and economic embargo such as North Korea, Iran, Cuba, Sudan and Syria.

Regarding Meng’s arrest, Canadian Prime Minister Justin Trudeau said the Canadian government is not involved, and the arrest happening following an extradition request from the US government.

Calling it a human rights violation, the Chinese embassy in Ottawa demanded her immediate release because she did not break the laws of the US and Canada.

“The detention without giving any reason violates a person’s human rights,” responded a Chinese foreign ministry spokesperson. “We have made solemn representations to Canada and the US, demanding that both parties immediately clarify the reasons for the detention, and immediately release the detainee to protect the person’s legal rights.”

Source: Twitter

According to Reuters, Meng has been associated with Skycom Tech and a 2010 deal, which was not finalized, to sell HP equipment to Iran with the approval of Huawei. This may or may not have a connection with the charges brought against her now, details have not been released.

Security Affairs: New Zealand Security Bureau halts Spark from using Huawei 5G equipment

New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure.

According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company.

The announcement follows the decision of the Australian Government to ban Huawei equipment from Australia’s 5G network due to security concerns.

New Zealand is a member of the FiveEyes intelligence alliance, the remaining countries (UK, US, Australia), except Canada, banned Huawei over security fears.

The Chinese company has been founded by a former People’s Liberation Army official in 1987. The US was the first country that warned of the security risks associated with the usage of the products manufactured by the Chinese telecommunications giant.

The Chinese firm denies having shared Australian customer data with the Chinese intelligence, but it is not enough for the Australian Government.

Australian authorities also banned the Chinese firm ZTE Corp.

Huawei was already helping Spark to build 5G mobile networks.

“In New Zealand, Huawei has previously helped build mobile networks. In March, Spark and Huawei showcased a 5G test site across the street from the Parliament, in a publicity move that was attended by then Broadcasting Minister Clare Curran.” reported the Associated Press.

China and New Zealand have a good commercial partnership and the ban imposed by the government could have severe repercussions on it. In 2008, New Zealand signed a free-trade deal with China.

“The economic and trade cooperation between China and New Zealand is mutually beneficial in nature,” said Foreign Ministry spokesman Geng Shuang.

“We hope New Zealand will provide a level-playing field for Chinese enterprises’ operation there and do something conducive for mutual trust and cooperation.”

Which is the Spark’s opinion on the ban?

The company is disappointed with the decision by New Zealand’s Government Communications Security Bureau, it is doing all the best to launch the 5G network by July 2020.

“Spark said it had wanted to use Huawei 5G equipment in its planned Radio Access Network, which involves technology associated with cell tower infrastructure.” concludes the AP.

“The company said it has not yet had time to review the detailed reasoning behind the spy agency’s decision, or whether it will take further steps.”

Pierluigi Paganini

(Security Affairs – New Zealand, Huawei)

The post New Zealand Security Bureau halts Spark from using Huawei 5G equipment appeared first on Security Affairs.



Security Affairs

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure.

According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company.

The announcement follows the decision of the Australian Government to ban Huawei equipment from Australia’s 5G network due to security concerns.

New Zealand is a member of the FiveEyes intelligence alliance, the remaining countries (UK, US, Australia), except Canada, banned Huawei over security fears.

The Chinese company has been founded by a former People’s Liberation Army official in 1987. The US was the first country that warned of the security risks associated with the usage of the products manufactured by the Chinese telecommunications giant.

The Chinese firm denies having shared Australian customer data with the Chinese intelligence, but it is not enough for the Australian Government.

Australian authorities also banned the Chinese firm ZTE Corp.

Huawei was already helping Spark to build 5G mobile networks.

“In New Zealand, Huawei has previously helped build mobile networks. In March, Spark and Huawei showcased a 5G test site across the street from the Parliament, in a publicity move that was attended by then Broadcasting Minister Clare Curran.” reported the Associated Press.

China and New Zealand have a good commercial partnership and the ban imposed by the government could have severe repercussions on it. In 2008, New Zealand signed a free-trade deal with China.

“The economic and trade cooperation between China and New Zealand is mutually beneficial in nature,” said Foreign Ministry spokesman Geng Shuang.

“We hope New Zealand will provide a level-playing field for Chinese enterprises’ operation there and do something conducive for mutual trust and cooperation.”

Which is the Spark’s opinion on the ban?

The company is disappointed with the decision by New Zealand’s Government Communications Security Bureau, it is doing all the best to launch the 5G network by July 2020.

“Spark said it had wanted to use Huawei 5G equipment in its planned Radio Access Network, which involves technology associated with cell tower infrastructure.” concludes the AP.

“The company said it has not yet had time to review the detailed reasoning behind the spy agency’s decision, or whether it will take further steps.”

Pierluigi Paganini

(Security Affairs – New Zealand, Huawei)

The post New Zealand Security Bureau halts Spark from using Huawei 5G equipment appeared first on Security Affairs.

Huawei is testing Google’s Fuchsia OS on the Honor Play

Google’s Fuchsia OS is being tested on the Kirin 970-based Honor Play

Chinese smartphone maker Huawei’s sub-brand Honor might end up being the first OEM that will be testing Google’s secretive upcoming operating system (OS) Fuchsia, according to a report by 9To5Google.

For those unaware, Huawei in the past has collaborated with Google to create the popular “Nexus 6P” smartphone.

Spotted on a new commit on Fuchsia’s official Gerrit source code management page, an engineer from Huawei directly disclosed that all the devices running Huawei’s Kirin 970 chipset will be able to run Fuchsia OS.

However, the testing will begin with the Honor Play smartphone, which would make it the first consumer Android device to be tested on Fuchsia.

The Huawei Engineers were able to add support to the Kirin 970 SoC within Fuchsia and were able to booth the Honor Play with Fuchsia’s Zircon kernel.

The other handsets running the Kirin 970 chipset include Huawei’s Mate 10, Mate 10 Pro, Mate 10 Porsche Design and P20 among others, which means that they could be compatible with Fuchsia OS in the future.

It is important to note that Fuchsia OS is still in its infancy stages with Google and it could take possibly 2 or 3 years to materialize. However, looking at the solid history between Google and Huawei and the latter’s involvement in the project, it would be interesting to see the two companies work together once again.

The post Huawei is testing Google’s Fuchsia OS on the Honor Play appeared first on TechWorm.

US Government is asking allies to ban Huawei equipment

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal

The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.

The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

Chinese equipment is broadly adopted in many allied countries, including Germany, Italy an, Japan.

Many countries are going to build 5G infrastructure, but the approach of their governments is completely different. Italian politicians seem to completely ignore the importance of 5G infrastructure for the growth of the country and the potential effects on national security, while senior German officials are planning to exclude Chinese firms such as Huawei from the tender because worried of potential compromise of national security.

Huawei

According to the Wall Street Journal, the US government is planning to offer financial aid for telecoms development in countries that don’t using the Chinese-made equipment.

Germany is not the first country to ban Chinese firms from the 5G auction, Australia and the US already announced the same decision.

Huawei always denied links to the Chinese intelligence services.

US officials are concerned for the use of Chinese telecom equipment in countries with US military bases, including Germany, Italy, and Japan.

Pierluigi Paganini

(Security Affairs – intelligence, cyber espionage)

The post US Government is asking allies to ban Huawei equipment appeared first on Security Affairs.

Security Affairs: US Government is asking allies to ban Huawei equipment

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal

The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.

The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

Chinese equipment is broadly adopted in many allied countries, including Germany, Italy an, Japan.

Many countries are going to build 5G infrastructure, but the approach of their governments is completely different. Italian politicians seem to completely ignore the importance of 5G infrastructure for the growth of the country and the potential effects on national security, while senior German officials are planning to exclude Chinese firms such as Huawei from the tender because worried of potential compromise of national security.

Huawei

According to the Wall Street Journal, the US government is planning to offer financial aid for telecoms development in countries that don’t using the Chinese-made equipment.

Germany is not the first country to ban Chinese firms from the 5G auction, Australia and the US already announced the same decision.

Huawei always denied links to the Chinese intelligence services.

US officials are concerned for the use of Chinese telecom equipment in countries with US military bases, including Germany, Italy, and Japan.

Pierluigi Paganini

(Security Affairs – intelligence, cyber espionage)

The post US Government is asking allies to ban Huawei equipment appeared first on Security Affairs.



Security Affairs

Cyber Security Roundup for October 2018

Aside from Brexit, Cyber Threats and Cyber Attack accusations against Russia are very much on the centre stage of UK government's international political agenda at the moment. The government publically accused Russia's military 'GRU' intelligence service of being behind four high-profile cyber-attacks, and named 12 cyber groups it said were associated with the GRU. Foreign Secretary Jeremy Hunt said, "the GRU had waged a campaign of indiscriminate and reckless cyber strikes that served no legitimate national security interest".

UK Police firmly believe the two men who carried out the Salisbury poisoning in March 2018 worked for the GRU.

The UK National Cyber Security Centre said it had assessed "with high confidence" that the GRU was "almost certainly responsible" for the cyber-attacks, and also warned UK businesses to be on the alert for indicators of compromise by the Russian APT28 hacking group.  The NCSC said GRU hackers operated under a dozen different names, including Fancy Bear (APT28), had targetted:
  • The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes' data was later published 
  • The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia.
  • Ukraine's Kyiv metro and Odessa airport, Russia's central bank, and two privately-owned Russian media outlets - Fontanka.ru and news agency Interfax - in October 2017. They used ransomware to encrypt the contents of a computer and demand payment 
  • An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen

Facebook was fined the maximum amount of £500,000 under pre-GDPR data protection laws by the UK Information Commissioner's Office (ICO) over the Cambridge Analytica Scandal. Facebook could face a new ICO fine after revealing hackers had accessed the contact details of 30 Million users due to a flaw with Facebook profiles. The ICO also revealed a 400% increase in reported Cyber Security Incidents and another report by a legal firm RPC said the average ICO fines had doubled, and to expect higher fines in the future. Heathrow Airport was fined £120,000 by the ICO in October after a staff member lost a USB stick last October containing "sensitive personal data", which was later found by a member of the public.

Notable Significant ICO Security Related Fines

Last month's British Airways website hack was worse than originally reported, as they disclosed a second attack which occurred on 5th September 2018, when the payment page had 22 lines of malicious Javascript code injected in an attack widely attributed to Magecart.  Another airline Cathay Pacific also disclosed it had suffered a major data breach that impacted 9.4 million customer's personal data and some credit card data.

Morrisons has lost a challenge to a High Court ruling which made it liable for a data breach, after an employee, since jailed for 8 years, stole and posted thousands of its employees' details online in 2014.  Morrisons said it would now appeal to the Supreme Court., if that appeal fails, those affected will be able to claim compensation for "upset and distress". 

Interesting article on Bloomberg on "How China Used a Tiny Chip to Infiltrate U.S. Companies". However, there was a counter-narrative to the Bloomberg article on Sky News. But didn't stop Ex-Security Minister Admiral Lord West calling the Chinese when he said Chinese IT Kit 'is putting all of us at risk' if used in 5G.  He raises a valid point, given the US Commerce Department said it would restrict the export of software and technology goods from American firms to Chinese chipmaker Fujian Jinhua BT, which uses Huawei to supply parts for its network, told Sky News that it would "apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government". Recently there have been warnings issued by the MoD and NCSC stating a Chinese espionage group known as APT10 are attacking IT suppliers to target military and intelligence information.

NCSC is seeking feedback on the latest drafts 'knowledge areas' on CyBOK, a Cyber Security body of knowledge which it is supporting along with academics and the general security industry.

Google are finally pulling the plug on Google+, after user personal data was left exposed. Google and the other three major web browser providers in the world said, in what seems like coordinated announcements, businesses must accept TLS Version 1.0 and 1.1 will no longer support after Q1 2018.

So its time to move over to the more secure TLS V1.2 or the more secure & efficient TLS V1.3.

NEWS

Cyber Security Roundup for August 2018

The largest data breach disclosed this month was by T-Mobile, the telecoms giant said there had been "unauthorised access" to potentially 2 million of their 77 million customer accounts. According to the media, a hacker took advantage of a vulnerability in a T-Mobile API (application programming interface). It was a vulnerable API used by Air Canada mobile App which was also exploited, resulting in the compromise of 20,000 Air Canada customer accounts. Air Canada promptly forced a password change to all of its 77 million customer accounts as a result, however, the airline faced criticism from security experts for advising a weak password strength. Namely, a password length of 8, made up of just characters and digits. Both of these hacks underline the importance of regularly penetration testing Apps and their supporting infrastructure, including their APIs.

Hackers stole up to 34,000 Butlin guest records, reportedly breaching the UK holiday camp firm through a phishing email. Dixons Carphone upped the estimated number of customer records breached in a hack last year from 1.2 million to 10 million, which includes 5.9 million payment cards. There was no explanation offered by Dixons to why it had taken so long to get a grip on the scale of the data breach, which was reported as occurring in July 2017.

Huawei continues to face scrutiny over the security of their products after the UK National Cyber Security Centre (NCSC) issued a warning about using the Chinese tech manufacturing giant's devices in a security report. Huawei recently took over from Apple as the world's second largest provider of smartphones. A 16 year old Australian 'Apple fanboy' found himself in court after hacking into Apple's network.

On the international scene, Microsoft announced it had thwarted Russian data-stealing attacks against US anti-Trump conservative groups, by taking down six domains which hosted mimicked websites, which were likely to be used in future phishing campaigns. The Bank of Spain's website was taken out by a DDoS attack, and a Chinese Hotel Group's 140Gb customer database was found for sale on the dark web. The PGA golf championship was hit by a ransomware, and the FBI arrested three key members of the notorious FIN7 hacking group, the group is said to be responsible for stealing millions of credit card and customer details from businesses across the world.

On the personal front, the EC-Council confirmed my Computer Hacking Forensic Investigation (CHFI) certification had been renewed until 2021. I dropped into B-Sides Manchester this month, the highlight was a demonstration of a vulnerability found by Secarma researches, namely a PHP flaw which places CMS sites at risk of remote code execution

There was plenty of critical security patches released by the usual suspects, such as Microsoft, Cisco, and Adobe, the latter firm released several out-of-band patches during August. A critical update was released for Apache Struts (popular web server) and a reminder that Fax machines and all-in-one devices network devices could be used as a way into corporate networks by hackers.

Finally, there were a couple of interesting cybercrime articles posted on the BBC's news website this month,  Cyber-Attack! Would your firm handle it better than this? and Unpicking the Cyber-Crime Economy

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE