A recent report by the Langley Intelligence Group Network (LIGNET) raised concerns about electronic backdoors in Huawei and ZTE telecoms components, potentially giving these companies the ability to compromise or even shut down networks which use their equipment.
LIGNET and other sources raised concerns that Huawei and ZTE have direct links to the Chinese government and the People’s Liberation Army (PLA).
According to the reports, these companies can remotely access communications technology that could “disable a country’s telecommunications infrastructure before a military engagement” or “steal technology and trade secrets”.
According to LIGNET, a US based service providing global intelligence and forecasting from former CIA, U.S. intelligence and national security officers, several countries (including Australia and the UK) have already limited their involvement with Huawei because of security concerns.
“New information from a sensitive LIGNET source associated with Huawei seems to validate security concerns about Huawei,” said LIGNET.
“This insider recently told LIGNET that Huawei breached protocol, if not security, in dealing with a foreign telecommunications company by using an undisclosed electronic backdoor that allowed it remote access to the company’s equipment without permission, a capability Huawei denied having,” said LIGNET.
The Chinese provider ZTE also made headlines when a backdoor was discovered on one of their Android smartphones.
South Africa’s strong relationship with Chinese vendors
If the reports regarding the security concerns prove to be true, large parts of South Africa’s telecommunications networks may be at risk.
Vodacom, Cell C happy with network security
Andries Delport, Vodacom’s chief technology officer, said that network security is one of their highest priorities.
“We’re always looking at ways to ensure that our network has a high level of protection and that our security measures are world class. We’ve recently worked with Vodafone to identify and address potential security concerns and we’re confident that our network is secure,” said Delport.
Joe Brittz, Cell C’s chief technical officer, said that they are not particularly concerned about their network security following the recent reports about backdoors.
“Network operators are reliant on vendors to provide a certain amount of high-level support and Research and Development (R&D) functions to support their networks. However, there are checks and balances in place to ensure these types of risks are minimized,” said Brittz.
“Our network is as secure as a network can be. Remote access to the network is controlled and when a risk has been identified, access can fairly easily be removed. The network is monitored 24/7 and our systems are able to pick up any changes that are made on the system.”
MTN, Telkom, Neotel and 8ta mum on security concerns
South Africa’s other large network operators were also asked about their network security and whether there are concerns about backdoors in their network equipment, and here is their feedback (or lack of it):
- Telkom: No comment
- MTN: No comment
- 8ta: No comment
- Neotel: No comment
Huawei and ZTE were also asked for comment regarding these serious allegations and covert backdoors in their equipment, and here is their feedback (or lack of it):
- Huawei: No comment
- ZTE: No comment
According to LIGNET the number of internet security breaches coming from China is increasing, even though not directly related to Huawei, which will keep the issue of security and Huawei in the public eye.
“In the absence of transparency from the Chinese company, security questions will remain and will continue to dissuade foreign governments from buying Huawei technology,” LIGNET concluded.
Who do you trust?
According to one network security expert, who asked not to be named because of his relationship with local telcos, it is very easy to place an undetectable backdoor in the firmware of telecommunication equipment.
He explained that current firmware from vendors is so closed and protected that it is virtually impossible to do a worthwhile audit on the security of such firmware and equipment.
The only way to check the firmware, he said, is if the full source code is provided, with the ability to compile the code and install it without the assistance of the vendor.
But even if the firmware is secure it does not mean that a backdoor does not exist. The security expert explained that it is possible to create hardware based security holes and backdoors, which is virtually impossible to detect, on routers and related telecoms hardware.
The way forward
Van de Vyver explained that while it may be more expensive to use two or more vendors to build a network, it provides an added layer of redundancy to guard against security and other problems.
“Security is a state of being – we should not expect any system to be infallible (intentional of otherwise) and should design and implement with that in mind,” van de Vyver concluded.