US Has Evidence of Huawei Backdoor: ReportChinese Firm Denies Allegations That It Can Access Networks
As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S. officials now say they have evidence that the firm has created a backdoor that allows it to access mobile phone networks around the world, according to the Wall Street Journal.
"We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world," says Robert O'Brien, national security adviser, according to the Journal report.
U.S. officials told the Journal that they have been aware of the Huawei backdoor since 2009, having observed it in early 4G mobile telecommunications equipment developed at the time. Buy the officials did not provide any evidence to back up their claims, the newspaper reports.
The U.S. kept the information classified until 2019, when American national security officials provided details of Huawei's backdoor capabilities to allies, including the U.K. and Germany, in an effort to convince those countries to ban Huawei gear from their 5G networks, according to the Journal, which cited unnamed officials from the three countries. Matthew Pottinger, a U.S. deputy national security adviser, traveled to Berlin in December 2019 to share the information with senior German officials, the newspaper reports.
The news report comes a few weeks after the U.K., one of the closest U.S. allies, announced that it would allow Huawei to have a limited role in that country's 5G rollout over the next few years. Prime Minister Boris Johnson's government announced that Huawei's gear could be used in antennas and base stations, but not in the so-called "core" network (see: UK Approves 'Limited' Role for Huawei in 5G Networks)
Huawei denied the allegations of a backdoor, saying that it will never covertly access telecom networks and lacks the capability to do so.
"We do not have the ability to bypass carriers' access control and take data from their networks without being detected by all normal firewalls or security systems," a company spokesperson told Information Security Media Group.
U.S. officials told the Journal that Huawei built equipment that secretly gave the company access to networks without the knowledge of the carriers, but the officials did not provide details on how Huawei is able to do gain access.
Many countries require telecom equipment makers to build ways for authorities and law enforcement to lawfully intercept networks, but those companies are not supposed to have access to the networks, the Journal reports.
Huawei officials say that in those cases where countries required lawful interception interfaces, the company complies, but it's not able to access the networks for its own purposes.
"Huawei's role as a telecoms vendor is to provide equipment that follows 3GPP/ETSI standards, just like every other vendor," the spokesperson told ISMG. "We are obligated to follow industry-wide lawful interception standards like 3GPP's TS 33.107 standard for 3G networks, and TS 33.128 for 5G. This is where Huawei's obligations with regards to lawful interception end."
Independent cybersecurity researcher Lukasz Olejnik told Wired that more details about the alleged backdoor are needed before drawing any conclusions.
"We know that forms of technical lawful intercept are a feature of all generations of cellular telecom specifications. But it's unclear what officials in the Wall Street Journal story are referring to exactly," Olejnik says.
The Journal report about Huawei building backdoors comes the same week as the Washington Post reported that the U.S. Central Intelligence Agency and the German BND intelligence service secretly owned a controlling stake in Swiss firm Crypto AG for decades. The CIA used its access to the company's encryption equipment to spy on over 100 countries, according to the news report (see: CIA Secretly Owned Swiss Encryption Firm for Years: Reports)
In addition, U.S. Attorney General William Barr has argued in recent months that law enforcement needs backdoor access to encrypted devices and services developed by companies such as Apple and Facebook so it can investigate crimes (see: Attorney General Barr Argues for Access to Encrypted Content).
Device manufacturers have been making wider use of encryption after ex-National Security Agency contractor Edward Snowden leaked top secret documents that showed that the U.S. government infiltrated network devices to gather metadata (see: A New, Post-Snowden InfoSec Model).