Huawei backdoors explanation, explained

Today Huawei published a video explaining the concept of “backdoors” in telco equipment. Many are criticizing the video for being tone deaf. I don’t understand this concept of “tone deafness”. Instead, I want to explore the facts.


This video seems in response to last month’s story about Huawei misusing law enforcement backdoors from the Wall Street Journal. All telco equipment has backdoors usable only by law enforcement, the accusation is that Huawei has a backdoor into this backdoor, so that Chinese intelligence can use it.

That story was bogus. Sure, Huawei is probably guilty of providing backdoor access to the Chinese government, but something is deeply flawed with this particular story.

We know something is wrong with the story because the U.S. officials cited are anonymous. We don’t know who they are or what position they have in the government. If everything they said was true, they wouldn’t insist on being anonymous, but would stand up and declare it in a press conference so that every newspaper could report it. When something is not true or spun, then they anonymously “leak” it to a corrupt journalist to report it their way.

This is objectively bad journalism. The Society of Professional Journalists calls this the “Washington Game“. They also discuss this on their Code of Ethics page. Yes, it’s really common in Washington D.C. reporting, you see it all the time, especially with the NYTimes, Wall Street Journal, and Washington Post. But it happens because what the government says is news, regardless of its false or propaganda, giving government officials the ability to influence journalists. Exclusive access to corrupt journalists is how they influence stories.

We know the reporter is being especially shady because of the one quote in the story that is attributed to a named official:

“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” said national security adviser Robert O’Brien.

This quote is deceptive because O’Brien doesn’t say any of the things that readers assume he’s saying. He doesn’t actually confirm any of the allegations in the rest of the story.

It doesn’t say.

  • That Huawei has used that capability.
  • That Huawei intentionally put that capability there.
  • That this is special to Huawei (rather than everywhere in the industry).

In fact, this quote applies to every telco equipment maker. They all have law enforcement backdoors. These backdoors always hve “controls” to prevent them from being misused. But these controls are always flawed, either in design or how they are used in the real world.

Moreover, all telcos have maintenance/service contracts with the equipment makers. When there are ways around such controls, even unintentional ones, it’s the company’s own support engineers who will best know them.

I absolutely believe Huawei that it has done at least as much as any vendor to prevent backdoor access to it’s equipment.

At the same time, I also know that Huawei’s maintenance/service abilities have been used for intelligence. Several years ago there was an international incident. My company happened to be doing work with the local mobile company at the time. We watched as a Huawei service engineer logged in using their normal service credentials and queried the VLR databases for all the mobile devices connected to the cell towers nearest the incident in the time in question. After they executed the query, they erased the evidence from the log files.

Maybe this was just a support engineer who was curious. Maybe it was Chinese intelligence. Or, maybe it was the NSA. Seriously, if I were head of the NSA, I’d make it a priority to hack into Huawei’s support departments (or bribe their support engineers) in order to get this sort of backdoor access around the world.

Thus, while I believe Huawei has done as much as any other vendor to close backdoors, I also know that in at least one case where they have abused backdoors.

Now let’s talk about the contents of the video. It classifies “backdoors” in three ways:

  • law-enforcement “front doors”
  • service/maintenance access
  • malicious backdoors

I think their first point is to signal to the FBI that they are on law-enforcement’s side in the crypto-backdoor’s debate. The FBI takes the same twisted definition, that law-enforcement backdoors aren’t backdoors, but front-doors.

It’s still a backdoor, even if it’s for law-enforcement. It’s not in the interests of the caller/callee to be eavesdropped. Thus, from their point of view, the eavesdropping is “malicious”, even if it’s in the interests of society as a whole.

I mention this because this should demonstrate how Huawei’s adoption of the law enforcement point of view backfires. What happens when Chinese intelligence comes to Huawei and demands access in a manner that is clearly legal under Chinese law. By accepting that all law-enforcement demands are legitimate, it means all Chinese government demands are legitimate.

Huawei may be no worse than any other company, but China is worse than free democracies. What is legitimate law-enforcement demands in their country are intolerable in free countries. We’ve had six months of protests in Hong Kong over that issue.

In other words, Huawei is saying they don’t have backdoors because, in fact, they are front-doors for the Chinese government.

In conclusion, I don’t find that Huawei video to be “tone deaf”. Huawei has good reason to believe it’s being unfairly portrayed in “fake news” articles, like the WSJ article I cited above. At the same time, the threat posed by Huawei for Chinese spying is real.


*** This is a Security Bloggers Network syndicated blog from Errata Security authored by Robert Graham. Read the original post at: https://blog.erratasec.com/2020/03/huawei-backdoors-explanation-explained.html