UK to allow Chinese into 5G network

So do you really think going with the Chinese is going to be a much better option for the UK?
i think that whoever we go with we ought to do so with the most rigorous security procedures possible. At the moment Huawei is the only company that offers up their hardware and software for inspection by GCHQ.

Do I trust them? No. Do I trust you lot? No. Do I think that your protestations about security are true? Partly but I also think that you're using them as a smokescreen to try and catch up with Huwaei's undoubted technical expertise in the 5G arena.

Guns sums it up in his post above.
 
i think that whoever we go with we ought to do so with the most rigorous security procedures possible. At the moment Huawei is the only company that offers up their hardware and software for inspection by GCHQ.

Do I trust them? No. Do I trust you lot? No. Do I think that your protestations about security are true? Partly but I also think that you're using them as a smokescreen to try and catch up with Huwaei's undoubted technical expertise in the 5G arena.

Guns sums it up in his post above.

Sad, very sad.
 
Whilst earning the title Blue Falcon.
Or my favourite pisstake, that from the Roy Scheider classic about surveillance and its abuses, dressed up as a whizzy uber-capable helicopter flick, "Blue Thunder". As the UK will be JAFO as far as Five Eyes goes.

Just Another F'ng Observer.
 
Last edited:
Or my favourite pisstake, that from the Roy Scheider classic about surveillance and its abuses, dressed up as a whizzy uber-capable helicopter flick, "Blue Thunder. As the UK will be JAFO as far as Five Eyes goes.

Just Another F'ng Observer.
It will make life very hard. When you are out of the circle of trust it is damn near impossible to get back in.
 

Cutaway

LE
Kit Reviewer
Or my favourite pisstake, that from the Roy Scheider classic about surveillance and its abuses, dressed up as a whizzy uber-capable helicopter flick, "Blue Thunder". As the UK will be JAFO as far as Five Eyes goes.

Just Another F'ng Observer.
But didn't the EU, as part of one of the many, many, Brexit "options" or packages require insight into Five Eyes ?
 
It will make life very hard. When you are out of the circle of trust it is damn near impossible to get back in.





Yeah. Must be tricky.
 





Yeah. Must be tricky.
I see that and raise you Hollis, Blunt, Burgess, Maclean, Philby, Norwood, Fuchs and so on. Or does a loss of trust in an ally only count if that ally isn't Britain?
 
I see that and raise you Hollis, Blunt, Burgess, Maclean, Philby, Norwood, Fuchs and so on. Or does a loss of trust in an ally only count if that ally isn't Britain?
First, one was never proven. And spycatcher is a pretty shit book

You missed Cairncross, the often overlooked member of the Cambride spy ring who compramised Lorenz intercepts to the Soviets!

Just reminding the cousins that their shit stinks too.
 
First, one was never proven. And spycatcher is a pretty shit book

You missed Cairncross, the often overlooked member of the Cambride spy ring who compramised Lorenz intercepts to the Soviets!

Just reminding the cousins that their shit stinks too.
I've never read Spycatcher, so you may think that, but I couldn't possibly comment. The whole "Hollis was a Russian spy" thing is one of those things that to me on a balance of probabilities level seems more plausible than the alternative.
 
I was going to post this one, but you beat me to it.

For the sake of those who just want the brief explanation of what this is about, Cisco is the top end professional grade American network company. A German security company (ERNW Enno Rey Netzwerke GmbH) found what is the classic definition of a "back door" in some of their hardware.
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.
SSH was previously mentioned in this thread as being a newer and more secure equivalent of the telnet interface that was present in some older Huawei, Nokia, and Ericsson kit (who also have ssh). The ssh "key" is a type of password that is used to control access. With the aforementioned telnet interfaces you would need to know the password before you could log in.

You would normally need a password or key for ssh as well, but in this case Cisco have helpfully pre-installed a key which lets anyone who knows the key to log in remotely. This is the classic definition of a "back door" - which is a hidden means of access.

Is this a serious problem? Well, Cisco rates it as a 9.8 out of 10 in terms of severity. Or in other words, this is about as bad as it can imaginably get. If this had been found in Huawei kit, this would be trumpeted from the roof tops as the definitive smoking gun of spying. But since it's Cisco that was found (by the Germans) doing this, it's "oh well, I guess we better fix that".

Personally, I don't think it's a deliberate back door. I suspect rather that it's the result of incompetence, lax management, and poor software quality control. You know, the same sort of problems that GCHQ said they found with Huawei? This isn't a one-off in the case Cisco by the way, problems with their kit are found routinely. This is why you need competent IT staff who can understand the nature of these problems, make plans to mitigate them, and stay on top of fixing them when problems are found.

Oddly enough the hounds that have been baying throughout this thread (and the Williamson one) about the need for security seem to be oddly quiet about this one. I wonder why that is?
 
just a view from the side. I am an embedded firmware/code monkey.
I normally work with ARM based microcontrollers from EU, US or Jpn companies, but due to the demands of the smartphone markets, most IC suppliers are redirecting the fabs to supply that market. We were told order a years worth now, for delivery in 8 months if we are lucky.

So in trying to second source similar devices, we are now seeing Chinese based devices being provided to UK industry. Some of the Chinese devices are outstanding eg more FLASH/RAM/peripherals Faster clock speeds and better low power behaviour. ( £3 compared to £5 for EU device that's slower and less capable.

There is an IOT dual core (200Mhz+) device with a ULP that's drives LAN/WLAN/BT Classic /BTLE with huge RAM and FLASH resources (8mb Flash 500K ram) for less than £2.40 a device ( compared to £21 odd for similar functionality from western sources)

In looking further into this device ( eg securing IP from competitors) all the Device support packages' were open source. ( written in C and easy to follow). There is complexity in how they have linked stuff together eg FreeRtos, Lwip, FsFat bootloader etc but it hasn't taken me long on getting a feeling how it all hangs together.

They do make some good stuff for crazy low prices. I can see why western companies are desperate to keep Chinese technology out of their markets. Because once the chips are designed in we wont be going back.
The intent is to undercut & destroy manufacturers outside China, as when they're gone, they wont be coming back, thus leaving China as the sole source of pretty much everything.
Hardly a position one wants to see.
 

Latest Threads

Top