Do Huawei phones have a secret backdoor that the Chinese government can access?
Do Huawei phones have a secret backdoor that the Chinese government can access?
It wouldn't be very secret if it was published on the internet. It's definitely a credible concern given the level of control China demands of companies operating in the country. The US also essentially has backdoors into most communication, and possibly phones as well, so it's not that crazy for China to also have them.
China is also very aggressive in hacking into companies. Even if they didn't have a custom backdoor, them finding a way in and essentially banning Huawei from fixing it, is another option.
112This is the exact reason Lenovo is the way that it is. The US didn’t trust them not to have a back door and so they grew US operations to keep from getting banned. This has all played out before
15I was under the impression it was was common knowledge/rumor that Cisco hardware all has a US installed backdoor. Huawai having a backdoor specifically wasn't the big revelation/concern. It was that it was Chinese/foreign government controlled. Everyone puts backdoors in, it's just a matter of only having friendly backdoors you can control.
11The rumor probably exists, but the US seems to just bully companies into getting access rather than building back doors into equipment, based on available evidence. They do maintain unpublished 0 day exploits though, so it could also be both.
10@fishos It is emphatically not common knowledge. I'm reading everyone asserting that such and such governments have backdoors on phones or whatever device, but you're the first person to cite an example. If you have more, I would appreciate you sharing those.
3
Yes.
Also phones made in the US have back doors that the US government can access. It’s not really secret.
91It's secret like Area 51 is secret. We know it's there, we know the government is doing something with it, but we don't know fully what, when, why, or how.
49I don't think the US Govt backdoors phones anymore ... mostly because they don't need to. They find other ways to get the information, like warrantless surveillance of Google and Apple notification servers.
23The backdoors the NSA uses are known vulnerabilities, 0days, USB drops, all the normal hacker tools... and if it's a target of sensitive enough in nature, maybe a warrant requiring Apple Update/Windows Update/whoever or whatever device needs spied on, to deliver a payload to that specific machine.
13I'm sorry if I act like an asshole, but doesen't this mean, the same as the comment you answered to? Edit: I'm dumb. The person answering just added some info in the post.
0
Why do these threads always circle back to the US? It's always the obnoxious "USA bad because other country bad"
And no, I'm not American
-7NSA is a common focus for conspiracy theorists because much of their work is secret, they can't just come out and say "we don't do that" or "we do that" because explaining capabilities helps people avoid those technologies to avoid targeting. Specifically, their mission is foreign intelligence, they can only support domestic warrants on individuals through the FBI using a court system called FISA here in the US. However, because of their ability to purchase metadata about phone calls in bulk so they can gather information about foreign communications, Americans assume it's so they can spy on other Americans. That's the mission of the FBI though... Which people are fine with for some reason.
Meanwhile, FBI does whatever they want in broad daylight while people are busy being paranoid about what the NSA or CIA might be doing in the shadows. Conspiracies just need a grain of truth, and while everyone is looking over one shoulder paranoid about nothing, law enforcement on all levels from city to county to state to federal are all standing right there looking over the other shoulder and no one seems to mind.
1
They're definitely grabbing analytics and statistics. But so is AT&T, Verizon, T-Mobile, Apple, Amazon, Samsung, Google, Microsoft.
If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.
But if the US government told them to do it, they would comply and then have a gag order slapped against them to keep them from telling you it happened.
Huawei is beholden to the Chinese government. So it works kind of in the opposite way.
82If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.
More likely they’ll send an invoice. They’re already selling your data to them. (And everyone else.)
32If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.
Haha what? You think there's any chance in hell that China doesn't get what they want from any US company? Check out this video, this is what happens when a random American says something China doesn't like. Now go ahead and picture those companies not bending over backwards to kiss Xi's ass if it means affecting the bottom line.
-2John Cena is not a random American. You and I are closer to random than John Cena, a man who is internationally famous and a professional actor. That's like saying Tom Cruise is a random American, when you know exactly who I'm talking about without googling.
That said, yes, China censors American media and actors, and it's horrid. The fact that films get made in America and edited for China and America, is a crime to any artful visions the writers, actors, directors, editors and more may have had. But China itself doesn't have the time and energy to stop you or I online all the time, it barely can do it within the Great Firewall, due to the sheer scope of the population and area the country covers.
16Surprised the rock got away
1
Short answer is "likely".
If you work in a field with sensitive data (financial, healthcare, technology, politics) you don't get a phone designed by a China-government owned company.
65I upgrade to "most likely".
15You don't really want a device linked to any third party to be fair.
8I upgrade to "most likely".
-3
I don't have any specific knowledge regarding the specific question, but:
I would rather expect a frontdoor.
45If Lenovo's multiple rootkit fiascos are anything to go by for Chinese-corporation-designed electronics, yes.
41Most of Lenovo’s rootkit fiascos are due to lack of vetting bundleware providers though; Huawei is actually unlikely to have a backdoor in their phones. Their 5G infrastructure on the other hand is known to have at least two different potential backdoors designed in such a way that they may just be a chain of unfortunate vulnerabilities. Or not.
8
Permanently Deleted
29not trying to argue 'both-sides', but most likely so does the US government/five eyes/whatever for android (and sometimes ios)
23I mean, it's written into law in Australia https://fee.org/articles/australia-s-unprecedented-encryption-law-is-a-threat-to-global-privacy/
And you can be sure that data is shared with 5eyes.
14Go on about this five eyes
1The Five Eyes is an Anglosphere intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.
they share intelligence and personal information of citizens between each other.
there also exists 'nine eyes' and 'fourteen eyes'
5
Probably, but iPhones and Android have them for the Five Eyes and anyone else who is willing to pay/push for laws to make it happen. All you do with a phone is pick your poison, do you want China to spy on you, or America, the UK, or some other government or company who then sells it to the highest bidder.
Any cell phone, dumb or smart, is a tracking device. The smarter it is, the better it is as snooping on you. Doesn't matter how or where the phone's hardware is made, it's going to track you without consent. You just need to ask "Am I worried about China or am I worried about another government?" to even "If the backdoor is big enough, can third parties get me too as I walk by on the street?"
23yea phones constantly ping something so at least the network operator can map out where it has been with good accuracy if you become person of interest
5The network operator will naturally have a log of the nearest cell tower to your phone as you move around and each entry there gives an (almost, but not quite in heavilly built places because line of sight obstructions and signal bounces) circular area within which that phone was at that time (not absolutelly sure about the tower measuring and keeping logs of radiowave power levels, but if it does that circular area can be further improved to something like a torus), and the higher the density of cell towers around the phone (i.e. in cities) the smaller the areas and hence the higher location precision.
Also, at least in the US, it's possible to get the operator to triangulate the phone's position using multiple towers to get a much more precise location, which is how law enforcement (and who knows who else) can find people via their phones.
Even the dumbest of mobile phones can be tracked this way.
4
Not a backdoor, a loading dock
23On the same vein, do wo know if Intel Management Engine is a NSA backdoor?
I keep hearing about the potential of it beeing a back door, but haven't heard an exploit using it roaming about the interwebs20It's not known to be a backdoor, but it's a juicy attack surface that customers are largely ignorant of and provides little consumer benefit. If I were an NSA employee and my boss handed me a blank check to develop a preboot exploit for Intel PCs, I'd start with IME.
10
Probably a garage door.
19Revolving door.
1
Probably. Also, look at myactivity.google.com . Any info you have there can be handed over to a government
17Well I'm fucked. Thanks for sharing that link, I had no idea Google tracked what time I used Signal messenger.
Not sure what to do with this information but I didn't realize it was that granular.
2Yeah. You can turn it off or set it to delete, and I think legally Google do have to keep their word on that thankfully, but some weird shenanigans happened with incognito mode on Chrome
2
It doesn't matter if it's a Huawei or some American phone, China, USA and others will spy on you no matter what phone you choose only the means differ. If you buy a Huawei china will have backdoors in your phone and the USA will buy all your info and if you get an American phone the USA will have backdoors and china will buy the data.
Also I find the focus on china kinda weird. I ultimately don't want anyone stealing my data, not even the USA. Just like china the USA has been involved in mass surveillance and a lot of war crimes. For example American soldiers have been found guilty of rapping and killing children. From Wikipedia (United States war crimes > war on terror > Iraq war):
On 12 March 2006, a 14-year-old Iraqi girl named Abeer Qassim Hamza al-Janabi was raped and subsequently murdered along with her 34-year-old mother Fakhriyah Taha Muhasen, 45-year-old father Qassim Hamza Raheem, and 6-year-old sister Hadeel Qassim Hamza al-Janabi.
After all of that I want to ask you one question, do you really want the USA sterling your data?
Also what you answer that question with doesn't matter since both china and the USA will be stealing your data no matter if you want it or which phone you buy.
As a final note I should maybe mention that I'm not American if you haven't figured that out yet. Also please don't accuse me of spreading Chinese propaganda. I'm advocating against the USA and the CIA, not for china.
Also sorry for being so political in a kind of not that political thread.
15So if i want China to not have my data i should by a chinese phone?
/s
7You’re missing the point entirely. In the US, companies can take the federal government to court to stop them. When agencies installed backdoors on Cisco equipment it was done through intercepting hardware through carriers, and individually installing them on targeted hardware. Not forcing Cisco to hand over access to every router they sold. You can argue about whether they should do that at all, but it’s not the same.
2Thank you. This is an important correction but does hover not mean that the US government isn't spying on you through your phone, just that they, if they do it, have other means to do so. 2017 wikileaks revealed that the CIA had an immense collection of tools to hack personal phones and computers. But this probably means that they don't hack everyone just people of special interest, which is good news 😀
Here is the wikileaks article and here is an yahoo article.
EDIT: of course they can also buy the data from Google.
3
But it sounds like you are advocating for china. Look how much you wrote about another country when someone asked specifically about china and a Chinese phone manufactured in china.
2
if they don't, it's the only phones without.
13Are you the FBI? You have to tell us, you can't lie.
6Have no idea...all I know is, everything is manufatcured in the PCR.
4PRC*
PCR is funny, though
6
I'm sure it's nothing in comparison to what the CCP get from TikTok
3Just as much as the US government has.
3They all have some kind of backdoors that governments exploit. If I could buy a phone and use it knowing that only the Chinese government could spy on me with it, I would absolutely get that. I live in the US though. If I lived in China I would prefer the US-only spy phone.
1yeah.
1Most of the tracking/backdoors is at the application level. Stock bloatware is a risk, less so the manufacturer's firmware. Even non-bloatware can be a risk, for example many core Xiaomi apps (eg Phone and Messages) have ads and the apps connect to Chinese servers to deliver these. How significant these risks are is subjective and down to your own personal opinion.
You should definitely try and remove bloatware that comes pre-installed. For one, you'll probably find a Facebook system app that the manufacturer bundled, this is separate to the actual apps you use their services with so why the hell would you want it? After that, you could try a custom ROM, particularly one based on pure Android AOSP, however leaving the manufacturer's firmware can mean you miss out on some functionality (cameras are notoriously more functional when you use the manufacturer's app).
Even with all that, there's still the possibility of hardware vulnerabilities. However, it would be difficult to exploit these without physical possession of the device.
1Sean, these questions are out of line
0