Telecommunications Security Watch - 6
ARTICLE - NOKIA - 5G - Nokia gives up on 5G radio business in China
- Nokia get trashed in China telecom market auctions
- Protectionism / sovereignty 101: If you chose protectionism / sovereignty, expects others to do so.
- Source:
TWITTER THREAD - RESEARCH - VULNERABILITY - 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom “Qmage” image codec supported by Skia on Samsung devices.
- Good research, the exploitability is not likely to be.
- Despite it, I think a bit about it and maybe we can monitor the exploitation by having some alert if the customers receives a lot of MMS in short time. Maybe we need to check the peak in historic databases.
- Source:
ARTICLE - GERMANY - DE-CIX - ESPIONAGE - This is how the BND monitors the Internet
- BND foreign espionage revealed, massive espionnage but harpoon technique, really ?
- Are we going to see some Governments protests or reactions like we had after NSA surveillance??
- What about other countries doing this too???
- Maybe it’s just a light on the dark sides of Internet Exchanges…
- Source:
POLICY - EUROPEAN UNION - 5G - EMF - Electromagnetic fields and 5G
- Source:
WHITEPAPER - GSMA - 5G, EMF Exposure and Safety
- As the anti-5G movement gets stronger in the heads, GSMA published a guide which can be a good basis to answer to conspirationists theories and explaining a bit what is 5G.
- Source:
WHITEPAPER - ENISA - ENERGY - Power Sector Dependency on Time Service: attacks against time sensitive services
- This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks.
- It provides a typical architecture which supports the time measurement service. Then it describes the threats as well as the attacks against the CIA (confidentiality, integrity, availability) of the service and it provides a set of mitigation measures.
- It concludes with some recommendations to technology vendors and energy operators.
- Source:
HUAWEI - Situation Point
UK
- Parliamentary tried to pass an amendment to ban Huawei and they failed.
- MPs have narrowly voted down a Parliamentary amendment that would have banned Huawei altogether from the UK’s 5G networks.
- The amendment, tabled by a number of rebel Conservative MPs from prime minister Boris Johnson’s ruling party, was narrowly defeated by 306 votes to 282 – a majority of 24. The Conservatives currently hold a Parliamentary majority of 80.
- UK decision is contested, as we can read in the written evidence reports submitted to the Defence Sub-Committee, and Defence Committee.
- You can read the reports in full in the first source, read the summary Telecoms made or you can just read the headline, which summarizes well “Submissions to UK 5G security review are mostly hostile to Huawei”
- Despite this hard summary, I want to emphasize that the COVID-19 crisis we have is mentioned several times, and the numerous experts felt that China response or dependancy is kind of problematic.
- Some of them also stated that the British Governement should think about the threats and the conditioned aid from china were signals on how China could utilize the UK dependancy in 5G telecoms.
- According to reports, the White House has launched a wide-ranging review into the US relationship with the UK.
- One item in this review is the pursuit of intelligence missions on UK soil like having some of its spying planes (US RC-135s) in UK base Sufolk.
- Huawei also recruited Kris Hopkins as Senior Public Relations Manager for Huawei U.K.
- He was appointed Parliamentary Under Secretary of State at the Northern Ireland Office on 17 July 2016.
-
There’s also a lawsuit engaged against Huawei: Human rights activists seeking judicial review over Huawei 5G network deal, claim firm is linked to concentration camps, slavery and repression of minorities, source at the company insisted it complied with all laws on modern slavery
- Sources:
- Written evidence reports
- Submissions to UK 5G security review are mostly hostile to Huawei
- The Security of 5G
- UK.gov tells rebel MPs to go Huawei – but 5G Telecoms Security Bill was the price
- Trump could withdraw US spy planes and agents from the UK if Boris Johnson pushes ahead with Huawei 5G deal
- Government faces legal threat over its controversial deal to allow Huawei to play a role in building Britain’s 5G network
GERMANY
- According to sources close to Unwired Planet and Huawei, the parties have recently reached a settlement regarding the case (case ID: 10 ZR 33/19)
- The intensive talks between Panoptis, the parent company of the NPE, and Huawei became public knowledge at the end of January.
- In the FAZ interview, Dirk Wössner, head of Deutsche Telekom in Germany, explains why things won’t get better without Huawei. Strong statement.
- Source:
ESTONIA
- Estonia’s parliament approved on Tuesday a new Electronics Communications Act to ensure security reviews for telecom gear needed in the development of future networks.
- The act, which lawmakers dubbed the “Huawei law” in reference to the Chinese telecommunications company, leaves detailed implementation to the government and includes intelligence services among the reviewing authorities.
- Source:
United States of America
- Some senators aren’t very happy regarding UK decision to keep Huawei inside their networks, and stills not happy.
- A group led by Mr. Cotton (for himself, Mr. Schumer, Mr. Van Hollen, and Mr. Scott of Florida, proposed a new law called Neutralizing Emerging Threats from Wireless OEMs Receiving direction from Kleptocracies and Surveillance states Act or the NETWORKS Act which aims to impose sanctions with respect to foreign telecommunications companies engaged in economic or industrial espionage against United States persons, and for other purposes..
- The 14th May, the DoC announced extending the terms of the existing Temporary General License (TGL) authorizations for Huawei Technologies Co. Ltd. and its non-U.S. affiliates (Huawei) on the Entity List for 90 days.
- The terms and duration of any future general licenses will be announced prior to the expiration of this 90-day time period.
- The 15th May, the DoC announced new restrictions:
Specifically, this targeted rule change will make the following foreign-produced items subject to the Export Administration Regulations (EAR): (i) Items, such as semiconductor designs, when produced by Huawei and its affiliates on the Entity List (e.g., HiSilicon), that are the direct product of certain U.S. Commerce Control List (CCL) software and technology; and (ii) Items, such as chipsets, when produced from the design specifications of Huawei or an affiliate on the Entity List (e.g., HiSilicon), that are the direct product of certain CCL semiconductor manufacturing equipment located outside the United States. Such foreign-produced items will only require a license when there is knowledge that they are destined for reexport, export from abroad, or transfer (in-country) to Huawei or any of its affiliates on the Entity List. - The Text of a Notice on the Continuation of the National Emergency on Securing the Information and Communications Technology and Services Supply Chain was also published, prolonging to one more year the state of emergency.
- Huawei also announced they joined a famous & major US-based open-source patent protection consortium Open Invention Network (OIN).
-
Moving around TeamTelecom Executive Order regarding the foreign ownership in U.S. Telecommunications companies.
- Source:
- S.3469 - NETWORKS Act
- Text of a Notice on the Continuation of the National Emergency on Securing the Information and Communications Technology and Services Supply Chain
- Department of Commerce Issues Expected Final 90-Day Extension of Temporary General License Authorizations
- Commerce Addresses Huawei’s Efforts to Undermine Entity List, Restricts Products Designed and Produced with U.S. Technologies
- Huawei Joins the Open Invention Network
- Executive Order on Establishing the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector
Denmark
- Danish paper Berlingske broke an interesting story regarding head of Huawei Denmark who sent a letter to the Danish Prime Minister indicating it would rethink its involvement with the country if special security requirements were imposed on it.
- You can find the full letter in the second source.
- Source:
INFORMATION - HUAWEI OR NOT HUAWEI WORK, THE HKSP case
- A developer who’s going in Github in Organization at Huawei submitted a “first” contribution to Linux Kernel with the HKSP patchset.
- Rapidly, People behind GRSECURITY analyzed the contribution and found that the HKSP introduced a trivially exploitable vulnerability.
- Following that, the developper removed Huawei references, tried to explain it was only its work, but unsuccessfully.
- Even the HUAWEI PSIRT contacted the GRSECURITY asking them to change some information in their report.
- Some people talking about a backdoor, I will not take a part in this judgement, I only advise you to read the GRSECURITY report.
- Sources:
INFORMATION - CTI LEAGUE - What is CTI League ?
- CTI League is the thing that’s taken me away about this and It was for the good cause.
- It’s a community of peoples caring for the medical sector and doing what they can to stop the threat against this critical sector.
- There is a section where Infrastructures operators can help by using our weight and contacts to help to counter the threats.
- That’s my view of this, for more information, go check the CTILeague website:
- Source:
Postscriptum
If you spotted errors, missing information or anything you want to report, feel free to contact me on Twitter: @SwitHak
SwitHak