Nokia's CTO Accuses Huawei of Both 'Sloppiness' and 'Real Obfuscation' (bbc.com) 67
Nokia's CTO Marcus Weldon "told the BBC that the UK should be wary of using the Chinese hardware" -- though Nokia rushed to assure the BBC that Weldon's remarks do "not reflect the official position of Nokia."
Forbes reports: On the security front, Weldon referred to analysis suggesting Huawei equipment was far more likely to have vulnerabilities than technology from Nokia or Ericsson. "We read those reports and we think okay, we're doing a much better job than they are," Weldon said, describing Huawei's failings as serious and claiming Nokia's alternatives to be a safer bet. "Some of it seems to be just sloppiness, honestly, that they haven't patched things, they haven't upgraded. But some of it is real obfuscation, where they make it look like they have the secure version when they don't...."
The comments from Nokia's CTO came in light of research from Finite State, which published a scathing report claiming that "Huawei devices quantitatively pose a high risk to their users. In virtually all categories we examined, Huawei devices were found to be less secure than those from other vendors making similar devices." And this included the potential backdoors that lie at the heart of the U.S. government's security case against the Chinese company. "Out of all the firmware images analyzed, 55% had at least one potential backdoor," Finite State found. "These backdoor access vulnerabilities allow an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log into the device."
Nokia's later statement insisted that their company "is focused on the integrity of its own products and services and does not have its own assessment of any potential vulnerabilities associated with its competitors."
Forbes reports: On the security front, Weldon referred to analysis suggesting Huawei equipment was far more likely to have vulnerabilities than technology from Nokia or Ericsson. "We read those reports and we think okay, we're doing a much better job than they are," Weldon said, describing Huawei's failings as serious and claiming Nokia's alternatives to be a safer bet. "Some of it seems to be just sloppiness, honestly, that they haven't patched things, they haven't upgraded. But some of it is real obfuscation, where they make it look like they have the secure version when they don't...."
The comments from Nokia's CTO came in light of research from Finite State, which published a scathing report claiming that "Huawei devices quantitatively pose a high risk to their users. In virtually all categories we examined, Huawei devices were found to be less secure than those from other vendors making similar devices." And this included the potential backdoors that lie at the heart of the U.S. government's security case against the Chinese company. "Out of all the firmware images analyzed, 55% had at least one potential backdoor," Finite State found. "These backdoor access vulnerabilities allow an attacker with knowledge of the firmware and/or with a corresponding cryptographic key to log into the device."
Nokia's later statement insisted that their company "is focused on the integrity of its own products and services and does not have its own assessment of any potential vulnerabilities associated with its competitors."
So a Hasbeen company accuses communists... (Score:1, Funny)
Of incompetence? Nokia hasn't been relevant for over 10 years.
Re: (Score:2)
Re: (Score:1)
Nokia does not even make phones. They just license the brand.
Re:So a Hasbeen company accuses communists... (Score:4, Insightful)
Perhaps that's because greedy, short-sighted CEOs would rather save a few pennies by trusting the Chinese than buying secure hardware.
Re: (Score:2)
Who on God's green Earth has secure hardware?
Re: (Score:2, Insightful)
There's a dif between "secure hardware" and KNOWN-BACKDOORED BY COMMUNIST PARTY OF CHINA hardware, emphasis obvious or not to you and Amijojo?
There's a dif between the US government surveillance programs to counter cyber-threats and Chi-Com cabalist kleptocracy to undermine western companies and steal their IP for state-owned party-owned tentacles.
Now you want to get beyond the security weeds and "prove" what was intentional or unintentional when for 5 fucking years Huawei was known to be siphoning massive
Meh, it doesn't really matter (Score:2)
Re:So a Hasbeen company accuses communists... (Score:4, Informative)
Re:So a Hasbeen company accuses communists... (Score:4, Informative)
Precisely.
AFAIK, Nokia doesn't make mobile phones now. In fact making mobile phones was just a side business that grew to unexpected heights, then crashed and so the division was sold off to Microsoft. The old Nokia has continued on doing what they have always have done in "recent" times, selling $22B worth of gear to telco's in 2018.
The company that does make Nokia branded mobile phones is HMD. HMD is a bunch of ex Nokia employees who bought the naming rights for the mobile business off Microsoft when their mobile phone business crashed. So far they are doing remarkably well at it. In a market that was essentially flat they grew their sales 120% last year.
As other have said this is very much a case of company calling a competitors products crap. But in this particular case I'd cut them some slack. Huawei's products are crap, and he sounds like an engineer driven to distraction by the amount of shit he has to put up with trying to get his stuff work with theirs.
Re: (Score:1)
Nokia is number 2 telecommunications network equipment vendor in the world. They are not relevant in end user equipment space, but there is a relatively good chance that your network provider usea Nokia equipment.
Re: (Score:3)
Nokia being talked about is former Nokia Siemens Networks. They're relevant in that they're number three in mobile networking technology worldwide.
Nokia's CTO picking up where the the USA left off (Score:3)
Re:Nokia's CTO picking up where the the USA left o (Score:5, Insightful)
CEO says the competition's products are inferior, what a shock.
It's not "sloppiness" when part of a long pattern! (Score:1)
https://phoneradar.com/top-9-evidence-of-huaweis-backdoor-ip-theft-alleged-hacking-reports/
#1
In 2007, the FBI arrested Motorola engineer Hanjuan Jin who was found with $30,000 in cash, a bag full of classified Motorola documents, and a one-way ticket to Beijing. The investigation revealed that the engineer was not only with Motorola but also with another company called Lemko. Lemko was founded by Shaowei Pan who worked for Motorola for almost 10 years. It was started just after his meeting with the Huawei f
LOL (Score:4, Insightful)
"And this included the potential backdoors that lie at the heart of the U.S. government's security case against the Chinese company."
As opposed to the backdoors that the NSA put in US equipment, which we know are real.
Re: (Score:2)
But whatabutt the Alamo?! Huh?! Whatabutt that?
Re: (Score:2)
What backdoors do the NSA have into hardware? Reference please?
Re: (Score:2)
You have got to be shitting us! Saying "please" while being a troll doesn't cut.
Well known public facts don't need reference, if you lived under a rock since 2013, go do a google search on your reference terms before asking for reference.
Here, on google's first page for "nsa hardware backdoors":
Catalog Reveals NSA has back doors for numerous devices [spiegel.de]
Snowden: The NSA planted backdoors in Cisco products [infoworld.com]
Competition by mud slinging ... (Score:3)
Weldon referred to analysis suggesting
Nokia has the chops to settle the issue once and for all, when they become profitable enough to buy something made by Huawei for analysis.
Streaming video by satellite... (Score:2)
Re: (Score:2)
Bug hunters slam pisspoor code (Score:2)
Some of it seems to be just sloppiness, honestly, that they haven't patched things, they haven't upgraded.
A recent article in The Register stated described many pieces of Huawei equipment as being very insecure.
For example, Finite State found 79 different OpenSSL versions, the oldest of which dates back to 1999. The company said it found no evidence that Huawei backports security patches into older binaries, as security-conscious vendors do.
source: https://www.theregister.co.uk/... [theregister.co.uk]