Originally Posted by m4fox90
Many European countries have raised similar concerns as well, which a cursory search would show you.
Oh, you mean the same people that said SuperMicro had "rice grain sized" backdoor chips, planted by the Chinese, on their enterprise motherboards, when there was zero evidence to support that claim? That group of people you are holding up as some bastion of good faith?
Let's be real here folks....
If you want to sell any device in the USA/North America that has any potential to generate an RF signal, you have to register that with the FCC. Not just register it, but you have to prove to them it complies with a host of regulations. Part of this process is a detailed breakdown of the specifications, submitting review samples for validation, etc. It is actually incredibly difficult to sneak a backdoor in at the level they are trying to claim, which is the State level!
More reasons this is bogus?
- The U.S. State Dept. uses custom phones that go through their internal labs to insure they aren't compromised if the person with the device is privy to sensitive enough information. Meaning a hardware backdoor from Huawei would be; a) caught b) useless c) waste of time.
- If adversarial State actors wanted to spy on any person of the general public, there are a Hell of a lot cheaper, easier, and faster ways to accomplish that goal. Ones that do not require entire hardware supply chains to be created! They would just use software.
- When has our Government ever given a rat's ass about the individual citizens privacy? Yet, here they are screaming "We are trying to protect YOUR privacy!"
Just as in the case with SuperMicro, there has been ZERO credible evidence to suggest that Huawei poses any threat to the general public, at all.
A bit more soap-boxing on this subject.....
To this day the most effective ways of compromising a system is simply via Social Engineering and Phishing. That is the first thing you do, every time, because it works so often. Only when those fail do more exotic methods come out, especially something as exotic as hardware backdoors on devices that are being shotgunned into the wild, with no specific target. That is an incredibly expensive, messy, and inefficient way of collecting intelligence. It just isn't going to happen, especially not with all the mess strewn about by IoT devices. You want to talk about security concerns? Look at the "IoT" ecosystem and the damages it is causing to InfoSec.
Frankly, IoT is so bad these days it may have even bumped SE and Phishing from the top of the attack vectors.