We need to talk about Huawei...or do we?

ED E · 07-12-2018 1:43am #1

TLDR: US/UK are getting very wound up about Beijing's influence on Huawei and ZTE. ZTE make end user devices but Huawei produce consumer and enterprise/telco kit so are the bigger talking point. In spite of their denials few believe that Huawei won't do whatever the hell they're told by the CPC.

The Hypocrisy:
https://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/
US and presumably British agencies are doing just what they're worried about China doing. Holier than thou.

CFO in Canada arrested: Huawei arrest: China demands release of Meng Wanzhou
https://www.bbc.com/news/business-46465768

BT removing Huawei equipment from parts of 4G network
https://www.theguardian.com/technology/2018/dec/05/bt-removing-huawei-equipment-from-parts-of-4g-network

OpenEir like to think of themselves as unique little flowers but a LOT of what they do is copying OpenReach (Formerly BT). In one crucial way we're different over here though. 100% Huawei.
Dated:

[UK]Cabinets installed as at April 2013
ECI M41 7,732
Huawei MA5616T 3,637
Huawei MA5603T 12,995

Huawei have pretty much always done better than ECI and has been favoured but in fixed line there is another player in the UK. In Ireland it was Alcatel Lucent (Now Nokia) vs Huawei in the field trials with Huawei winning.

VDSL: Huawei
GPON: Huawei (SIRO and OE, as far as Im aware)
3/4/5G: Some Huawei AFAIK

Now there's no way we can throw them out completely, 9000+ MSANS couldnt be replaced never mind all the BBU/RRUs, but if Huawei got sanctioned or economically set back that could cause a right mess here. Can't do the NBP if the vendor everyone was looking to use is embroiled in a political war with the pentagon.

One to watch. And time to plan trips to Espoo (and not for the Salmiakki).

gctest50 · 07-12-2018 1:54am

Told ya so

Marlow · 07-12-2018 2:00am

Also SIRO is entirely Huawei .. just a generation newer than most of the stuff OpenEIR bought.

So is Three .. all their 3G/4G is Huawei .. which is the reason, why you can't move from one cell to another cell without dropping your darn call.

Huawei has to date still not managed to do proper handover between cells .. which works perfectly, if you were to use .. lets say .. Ericssons 4G technology .. (just saying).

e-Net / SSE used Calix FTTH gear in their trial rollout. Calix is a Texas based vendor, that has done very well in the US (AT&T etc.). Don't like their backend though. It's cloud based.

There's plenty of other options out there though.

/M

Marlow · 07-12-2018 2:59am

Oh .. and on the VDSL side of things ..

I know a good few german ISPs who deploy ZTE VDSL Dslams ..

And then there's the danish former incumbent (TDC), who used Huawei for the first Docsis 3.1 rollout in Europe.

Go figure.

/M

plodder · 07-12-2018 11:28am

ED E wrote: »

TLDR: US/UK are getting very wound up about Beijing's influence on Huawei and ZTE. ZTE make end user devices but Huawei produce consumer and enterprise/telco kit so are the bigger talking point. In spite of their denials few believe that Huawei won't do whatever the hell they're told by the CPC.

The Hypocrisy:
https://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/
US and presumably British agencies are doing just what they're worried about China doing. Holier than thou.

That's a bit different as Cisco weren't involved with that. Bugging a router in that way is not much different from planting a bug on a phone, or in a house or a car.

Another example might have been the notorious Vodafone Greece tapping scandal, where unauthorised bugging software was installed on an Ericcsson telephone exchange. Though some inside help would have been required in that case in Vodafone and maybe Ericcsson too. But, I would agree; nobody should assume that it's only the Chinese who are interested in spying.

CFO in Canada arrested: Huawei arrest: China demands release of Meng Wanzhou
https://www.bbc.com/news/business-46465768

BT removing Huawei equipment from parts of 4G network
https://www.theguardian.com/technology/2018/dec/05/bt-removing-huawei-equipment-from-parts-of-4g-network

OpenEir like to think of themselves as unique little flowers but a LOT of what they do is copying OpenReach (Formerly BT). In one crucial way we're different over here though. 100% Huawei.
Dated:

Huawei have pretty much always done better than ECI and has been favoured but in fixed line there is another player in the UK. In Ireland it was Alcatel Lucent (Now Nokia) vs Huawei in the field trials with Huawei winning.

VDSL: Huawei
GPON: Huawei (SIRO and OE, as far as Im aware)
3/4/5G: Some Huawei AFAIK

Now there's no way we can throw them out completely, 9000+ MSANS couldnt be replaced never mind all the BBU/RRUs, but if Huawei got sanctioned or economically set back that could cause a right mess here. Can't do the NBP if the vendor everyone was looking to use is embroiled in a political war with the pentagon.

One to watch. And time to plan trips to Espoo (and not for the Salmiakki).

I suppose the concern with Huawei on 4G/5G networks would be similar to the Vodafone one, of eavesdropping of phone calls. As for broadband infrastructure, I'm not sure what kind of spying they could do, as most Internet applications don't rely on the infrastructure being secure. They use end to end software layers like TLS to make it secure. The concern there might be Denial of Service, where the Chinese government could pull the plug on a network at some critical time.

Related to this. Bloomberg had a big story recently on Chinese PC motherboards that supposedly had a secret chip installed on them. Interfering with computer hardware like that has the potential to defeat all security measures on the PC. But, the jury is out on whether this actually happened, or if it did, who was responsible for it.

dashoonage · 07-12-2018 11:32am

Ssssssh they are listening

ED E · 07-12-2018 11:39am

plodder wrote: »

Bugging a router in that way is not much different from planting a bug on a phone, or in a house or a car.

I disagree, bugging a line is a single party. Bugging a big iron could could impact the traffic of thousands or tens of thousands of parties.

plodder wrote: »

They use end to end software layers like TLS to make it secure.

Pinning and STS helps but there's still a big opening for nation states.

ED E · 07-12-2018 11:39am

Marlow wrote: »

And then there's the danish former incumbent (TDC), who used Huawei for the first Docsis 3.1 rollout in Europe.

Do we know who Liberty are deploying here?

plodder · 07-12-2018 11:46am

ED E wrote: »

I disagree, bugging a line is a single party. Bugging a big iron could could impact the traffic of thousands or tens of thousands of parties.

True. But I meant in the sense of whether you can trust the manufacturer of the kit. Cisco has stated plainly that they have never cooperated with the US govt to install any bugging software. Nobody believes that Chinese companies would be able to resist that kind of pressure from the Chinese government.

The HongKong Post root cert is interesting too, but it only affects organisations (Chinese presumably) who get their server certs from them.

The high horse brigade · 07-12-2018 11:47am

I work with security systems CCTV etc where Hikvision is in the same category and is already a dirty word for corporate installations. Why has it taken so long in the telecoms field. Do we need a security breach for people to open their eyes and take notice?

ED E · 07-12-2018 11:52am

plodder wrote: »

The HongKong Post root cert is interesting too, but it only affects organisations (Chinese presumably) who get their server certs from them.

Wrong. Its a root cert, it can mint for any site. Its trusted by all windows boxes and many others.

HKPO can issue a cert for gov.ie and your computer and browser will accept it.

The high horse brigade wrote: »

I work with security systems CCTV etc where Hikvision is in the same category and is already a dirty word for corporate installations. Why has it taken so long in the telecoms field. Do we need a security breach for people to open their eyes and take notice?

Isnt half of that about them being "budget" though?

plodder · 07-12-2018 12:01pm

ED E wrote: »

Wrong. Its a root cert, it can mint for any site. Its trusted by all windows boxes and many others.

HKPO can issue a cert for gov.ie and your computer and browser will accept it.

That is true. Though they could not do that in secret. If a CA ever did that, they would be found out pretty quickly and booted off all browsers. I don't think it is a practical attack on TLS.

Companies/organisations in China and Hong Kong who are probably strongly encouraged to get their certs from "government approved" CAs like HongKong Post, should probably assume that the government is able to decrypt their traffic. Anyone else would be crazy to do the same.

The high horse brigade · 07-12-2018 12:07pm

ED E wrote: »

Isnt half of that about them being "budget" though?

You think corporate projects don't opt for budget solutions? Of course they do....
Then you also have bigger players rebranding Chinese gear as their own like Tyco do with their Hollis brand (rebranded Dahua)

Hikvision are well known for their back doors. There's even a password of the day of you ring support.

ED E · 07-12-2018 12:11pm

plodder wrote: »

That is true. Though they could not do that in secret. If a CA ever did that, they would be found out pretty quickly and booted off all browsers. I don't think it is a practical attack on TLS.

Happened before. The only reason we know is Chrome has a phone home system that alerts google when a suspect cert is spotted in the wild.

plodder · 07-12-2018 12:55pm

ED E wrote: »

Happened before. The only reason we know is Chrome has a phone home system that alerts google when a suspect cert is spotted in the wild.

Certificates have been wrongly issued for various reasons. In at least one case, the CA went bust as a result (Diginotar). If a bad cert is issued and detected, there is no way for the CA to deny it. That's the whole nature of PKI. Therefore, there is an enormous incentive for well intentioned CAs to do the right thing.

The Chrome phone home system you mention has expanded into something bigger with quite wide support in the industry and that should be able to deal with CAs with malicious intent. Again, once a single bad cert is found, with a CA's fingerprints on it, that is bad news for the CA.

http://www.certificate-transparency.org/

I hold to the view that TLS is by and large a secure mechanism for the internet so long as you trust the device/PC you are using, which is something to think about if you use a Huawei phone or other consumer device ...

digiman · 07-12-2018 3:15pm

Marlow wrote: »

Also SIRO is entirely Huawei .. just a generation newer than most of the stuff OpenEIR bought.

So is Three .. all their 3G/4G is Huawei .. which is the reason, why you can't move from one cell to another cell without dropping your darn call.

Huawei has to date still not managed to do proper handover between cells .. which works perfectly, if you were to use .. lets say .. Ericssons 4G technology .. (just saying).

e-Net / SSE used Calix FTTH gear in their trial rollout. Calix is a Texas based vendor, that has done very well in the US (AT&T etc.). Don't like their backend though. It's cloud based.

There's plenty of other options out there though.

/M

While you are quite informed on alot of topics on here, you also post quite a bit that is simply just not true. Problem then is that alot of other posters then take what you say as the bible.

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

Would love to know where you got the info on Huawei not having to do proper handover between cells, sounds pretty difficult to believe from what the industry would recognise as one of the top RAN architectures available. Would be good to see a source, eir and Vodafone are currently using Ericsson so perhaps you experienced in some other country.

On the topic though, I think we should be taking all security concerns very seriously. I guess in the end Ireland will follow the guidelines from the EU.

USA obviously have their own agenda on the whole thing and Trump seems to be using part of it as a bargaining chip with China. It's not long ago since the US banned ZTE from using Android and then quickly lifted it again, I suspect the arrest of the Huawei CFO could be a similar tactic of his right while he is in the middle of trying to do a deal with China on trade.

The interesting part now though is that unless the Irish government specifically bans Huawei (Huawei will no doubt pull out alot of investment from Ireland then though, multiple R&D locations, so Irish government could be reluctant) I don't see the operators here doing anything about it of their own back. eir is now owned by NJJ/Iliad, so they will make any calls on the network vendors, Vodafone are group owned and 3 are owned by Hutchison so in the end the the final decisions on vendors will be made outside of Ireland.

In the end Chinese companies are getting very strong all over the world and where once known for copying everything, they are slowly starting to become known for leading many areas of technology. If they are banned from deploying in some countries it will be bad for consumers as prices will go up and technology development will slow down.

Marlow · 07-12-2018 4:04pm

digiman wrote: »

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

Would love to know where you got the info on Huawei not having to do proper handover between cells, sounds pretty difficult to believe from what the industry would recognise as one of the top RAN architectures available. Would be good to see a source, eir and Vodafone are currently using Ericsson so perhaps you experienced in some other country.

There are cell handover problems with Huawei. It's certain scenarios. I can dig a bit deeper, as I know people in the Industry.

Three using Huawei is not something I know first hand, but I was told this by an Ericsson engineer, who was involved in that regard.

And Three having handover problems is something I experience every single day being a Three customer. Don't have those issue on the Vodafone sub, that I keep as a backup.

So what I was told sounded feasable. If you know more first hand, then that's absolutely fine.

/M

ED E · 07-12-2018 4:06pm

Think Marlow is confusing an (intentionally?) bodged MVNO framework with the actual RAN which works perfectly - I'm a customer for years who also likes to prod the network to see whats available.

Marlow · 07-12-2018 4:09pm

ED E wrote: »

Think Marlow is confusing an (intentionally?) bodged MVNO framework with the actual RAN which works perfectly - I'm a customer for years who also likes to prod the network to see whats available.

That would require using an MVNO. I'm a business customer of the carrier in both cases.

The MVNO issues should not kick in there. That be different, if it was Tesco or iD or somebody else.

/M

digiman · 07-12-2018 4:29pm

Marlow wrote: »

There are cell handover problems with Huawei. It's certain scenarios. I can dig a bit deeper, as I know people in the Industry.

Three using Huawei is not something I know first hand, but I was told this by an Ericsson engineer, who was involved in that regard.

And Three having handover problems is something I experience every single day being a Three customer. Don't have those issue on the Vodafone sub, that I keep as a backup.

So what I was told sounded feasable. If you know more first hand, then that's absolutely fine.

/M

Perhaps it's from one RAN vendor to another where there are handover issues, like in Three's case going from Samsung 4G to Nokia 3G could potentially cause issues. I'm not on the network so wouldn't know but I highly doubt there is a technology issue when handing over from one Huawei cell to another cell of same technology (3G to 3G) or from one technology to another (3G to 4G in a properly planned RAN network.

Vodafone's whole RAN network (2G/3G/4G) in Ireland is using Ericsson and it's widely regarded that an SRAN solution (single RAN) is the best way to delpoy. I do use Vodafone's network and it is fantastic, easily the best network out there in my opinion.

tsue921i8wljb3 · 07-12-2018 5:39pm

NBP is likely to use Nokia as Huawei were not mentioned in the list of partners by National Broadband Ireland or whatever they are calling themselves now.

Marlow · 07-12-2018 7:17pm

digiman wrote: »

Vodafone's whole RAN network (2G/3G/4G) in Ireland is using Ericsson and it's widely regarded that an SRAN solution (single RAN) is the best way to delpoy. I do use Vodafone's network and it is fantastic, easily the best network out there in my opinion.

Agreed. Just the 2G infrastructure is a bit in bits. When Vodafone and Three agreed 2G infrastructure sharing that whole pot got put into one seperate company.

As Three fully integrated O2s network into their own (which is another one of those issues they have with loads of different aspects to the network), they sold their part of the Vodafone/Three 2G infrastructure back to Vodafone. Might not even have got money for it.

But it's a bit in disrepair. It is a well managed network though. Just a bit costly for higher volume use.

That's neither here nor there.

Fact is that Vodafone has been making sure, that everything on their mobile network works seemlessly together. Three's network is a bit thrown together .. especially due to the O2 purchase.

/M

9726_9726 · 07-12-2018 8:37pm

Huawei are not just a kit vendor. They do consultancy also.

Huawei are very far into the biggest urban FTTH deployment in the State.... SIRO Cork city - 65,000 to be passed. They are lead contractor and designer on that build.

Between Openeir and SIRO, they are very much out front in broadband rollout in Ireland. Any measures to curb their activities in Ireland would be disruptive, for sure.

Oh and they do the RAN for everyone's favourite WISP, Imagine (BBUs and RRUs), but that's not statistically significant compared to SIRO and Openeir.

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Marlow · 07-12-2018 8:43pm

9726_9726 wrote: »

Huawei are very far into the biggest urban FTTH deployment in the State.... SIRO Cork city - 65,000 to be passed. They are lead contractor and designer on that build.

Same for Athlone, which now is nearly complete. 7200 of 8000 passed.

9726_9726 wrote: »

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Hmmm .. Tata Comms ...

Only submarine fibre east of Africa, if I remember correctly and also the biggest submarine fibre operator in the world. India can be as bad as China

/M

ED E · 09-12-2018 5:26am

9726_9726 wrote: »

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Oh they are.

The question is will our political honchos decide to fvck with it.

KildareP · 10-12-2018 9:41pm

ED E wrote: »

Do we know who Liberty are deploying here?

Think they're mainly a Cisco house on the internal routing and Juniper on the transit side out to Aorta - certainly the UK does anyway and much of the networks that make up VMUK were used as the design basis for the Irish equivalents during the ntl:home days. Very interesting write-up on The Register on the UK setup a few years back.
Corporate CPE is generally Cisco, been bit of a mish-mash on the SME and residental CPE's over the years.
HFC network is Scientific Atlanta (now Cisco), Motorola and Arris.

Video side is Tandberg (now Ericsson), Scientific Atlanta (Cisco) and Harmonic.
Nagra (now Kudelski) for security.

And that's not taking account of the multitude of differing cable systems and platofrms that amalgated Cablelink and Chorus respectively, that make up what LGII is today!

ED E · 10-12-2018 9:46pm

Cheers. Yeah they've probably got the most diverse network due to the acquisitions.

Huawei Update:
Canada still hasn't released the CFO
Japan has said bye bye to Huawei for any Govt stuff (not sure how much hope they had anyway)

KildareP · 10-12-2018 10:18pm

digiman wrote: »

While you are quite informed on alot of topics on here, you also post quite a bit that is simply just not true. Problem then is that alot of other posters then take what you say as the bible.

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

The core may be majority NSN, but they're using Huawei antennae on a lot of their new tower builds so there is certainly Huawei being deployed within Three's radio access network today.

ED E · 10-12-2018 10:51pm

Just the Kathrein panels though? At least that'd be safe enough from f'ckery.

EdgeCase · 11-12-2018 2:08am

BTW I wouldn't say that OpenEir copy OpenReach. Telcos aren't technology innovators, they buy systems, plug them together and build services.

You'll find similar or identical equipment in all of them. It's just a random choice of whatever vendor happened to have the best gear at the best price when they were shopping.

That Huawei gear used for FTTC here isn't unusual. They're one of the largest suppliers of that kind of stuff.

From what I gather the deployment of Huawei FTTC here is also a better spec than most of BT's stuff as it was a little later and also had to compete more directly with UPC which was at the time offering faster base speeds than Virgin in the UK. That's drove deployment of vectoring to get the speeds up to vaguely competitive with cable.

There's been a lot of accusations about Huawei but no smoking gun. The other side of it is that if they were selling compromised equipment their business could be wiped out. Would they really do that? I have my doubts.

If there's an issue, I would like to see evidence not just people making political accusations. Huawei make very good and innovative equipment that's been amongst the best out there in a whole range of areas in recent years.

EdgeCase · 11-01-2019 6:29pm

Euronews.com wrote:

Poland arrests two over spying for China, including Huawei employee

Polish authorities have arrested a Chinese employee of Huawei and a Polish man, who reportedly worked for Orange Polska, on charges of spying for Beijing, according to local media.

TV channel TVP said the two individuals were arrested on Tuesday after the Huawei and Orange Polska offices were searched.

https://www.euronews.com/2019/01/11/poland-arrests-two-over-spying-for-china-including-huawei-employee

and more on The Register

https://www.theregister.co.uk/2019/01/11/poland_reportedly_arrests_huawei_official_for_spying/

We need to talk about Huawei...or do we?

Comments