Huawei built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips

https://www.theregister.co.uk/2020/02/04/hisilicon_camera_backdoor


#huawei #backdoor #cam #security #camera #surveillance #why

U.S. Officials Say Huawei Can Covertly Access Telecom Networks

Trump administration ramps up push for allies to block Chinese company

U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.

The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.

👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256

#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Huawei calls America's bluff about evidence of back doors: "Don’t be shy. Publish it"

https://www.phonearena.com/news/huawei-calls-trump-administrations-bluff_id122282


#huawei #5g #usa #china

Huawei HKSP Introduces Trivially Exploitable Vulnerability

5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.

Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.

The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.

We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.

👉🏼 Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability

https://www.openwall.com/lists/kernel-hardening/2020/05/10/3

https://api.github.com/repos/cloudsec/hksp/events

#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

U.S. to allow companies to work with Huawei on 5G standards

https://www.reuters.com/article/us-usa-china-huawei-tech-exclusive/exclusive-us-to-allow-companies-to-work-with-huawei-on-5g-standards-sources-idUSKBN23M2DF


#huawei #usa #china #5g

Mass Surveillance and 5G in Tibet: Between Oppression and Espionage

Tibetans are continuously controlled through camera networks and artificial intelligence. Now, #Huawei’s highest 5G base station on Mount Everest will also favor international cyber-espionage

Repressing #Tibet before and after the coronavirus

Amidst fears of the coronavirus sending billions of people into lockdown around the world, #China is widely expanding its surveillance network to strengthen and maintain vigilance of its entire population. It is true that such measures have proven effective during the pandemic by tracking people’s movements through cellphones, and have provided services through robots delivering food to hospitals, facial recognition cameras tracking people’s temperature, and mechanical drones enforcing lockdown for quarantines.

https://bitterwinter.org/mass-surveillance-and-5g-in-tibet-between-oppression-and-espionage

https://reclaimthenet.org/5g-tibet

https://e.huawei.com/en/products/intelligent-video-surveillance

Exclusive: Trump administration says Huawei, Hikvision backed by Chinese military

WASHINGTON (Reuters) - The Trump administration has determined that top Chinese firms, including telecoms equipment giant Huawei Technologies and video surveillance company Hikvision (002415.SZ), are owned or controlled by the Chinese military, laying the groundwork for new U.S. financial sanctions.

Washington placed Huawei and Hikvision on a trade blacklist last year over national security concerns and has led an international campaign to convince allies to exclude Huawei from their 5G networks.

A Department of Defense (DOD) document listing 20 companies operating in the United States that Washington alleges are backed by the Chinese military was first reported by Reuters.

The DOD document also includes China Mobile Communications Group (0941.HK) and China Telecommunications Corp [CTTTC.UL] as well as aircraft manufacturer Aviation Industry Corp of China [SASADY.UL].

The designations were drawn up by the Defense Department, which was mandated by a 1999 law to compile a list of Chinese military companies operating in the United States, including those “owned or controlled” by the People’s Liberation Army that provide commercial services, manufacture, produce or export.

https://www.cnbc.com/2020/06/25/trump-administration-says-huawei-hikvision-backed-by-chinese-military.html

👉🏼 Read more:
https://www.reuters.com/article/us-usa-china-military-exclusive/exclusive-trump-administration-says-huawei-hikvision-backed-by-chinese-military-idUSKBN23V309

👉🏼 🇩🇪:
https://www.golem.de/news/us-verteidigungsministerium-neue-us-liste-erlaubt-beschlagnahmung-von-huawei-eigentum-2006-149311.html

#usa #china #huawei #hikvision #Trump #ToddlerTrump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Uganda’s uptake of Huawei’s “Safe Cities” surveillance initiative is getting a foothold

Huawei has just leveled up its spying efforts. Why spy on people directly, when they can provide a service that lets authoritarian governments spy on people? Either way, Huawei is getting the data, but the latter is easier to sell to oppressive regimes.

The Ugandan government is one such client. After the Assistant Inspector General of Police was murdered in 2017, they decided to set up CCTV surveillance across the African nation, making them the fourth in Africa to purchase security equipment from Huawei – after Kenya, Egypt and Zambia.

https://reclaimthenet.org/ugandas-huaweis-safe-cities-surveillance/

#africa #uganda #huawei #surveillance

FCC designates Huawei, ZTE as risks to national security

Telecoms can no longer use federal funds to purchase their equipment

On Tuesday, the Federal Communications Commission officially designated telecommunications companies Huawei and ZTE as threats to national security.

“With today’s Orders, and based on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks — and to our 5G future,” FCC Chairman Ajit Pai said in a statement Tuesday. “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.”

https://www.theverge.com/2020/6/30/21308477/fcc-huawei-zte-ban-universal-service-fund-national-security-threat-risk

#us #fcc #huawei #zte #security

Did a Chinese Hack Kill Canada’s Greatest Tech Company?

Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.

The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.

https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel

https://www.assemblymag.com/blogs/14-assembly-blog/post/90631-did-outsourcing-and-corporate-espionage-kill-nortel

https://www.cbc.ca/news/politics/former-nortel-exec-warns-against-working-with-huawei-1.1137006

#huawei #nortel #canada #china #industrial #espionage #telecom

How US restrictions drove Deutsche Telekom and Huawei closer together

Internal documents illustrate leading European operator’s special relationship with Huawei.

Global telecoms giant Deutsche Telekom strengthened its strategic partnership with Huawei last year despite growing defiance toward the dominant Chinese 5G vendor, documents reviewed by POLITICO show.

The internal company records describe how Deutsche Telekom and Huawei agreed on a deal in mid-2019 that said the Chinese supplier would take measures to avoid supply chain disruption caused by U.S. measures, as well as cover the costs of potential damages and delays.

The deal was struck just weeks before the U.S. administration imposed restrictions on businesses dealing with the Chinese firm in May 2019 — a milestone for Washington's efforts to push back against Huawei's dominance on 5G equipment.

https://www.politico.eu/article/deutsche-telekom-huawei-us-security-measures/

#germany #huawei #telecom

Huawei infiltration in Uganda

Unwanted Witness, our partner organisation based in Uganda, explore critical questions Huawei's surveillance dealings with the Ugandan government raise. While Huawei's relationship with the government raises concerns for human rights, many of these concerns remain unaddressed.

Key findings

📝The Uganda government has a contract with Huawei to supply and install surveillance equipment in cities throughout Uganda

📝 Details about the contract remain sectret - and it's not clear whether the procurement was legal or how much Huawei will get out of the project

📝 There could be significant human rights immplications to the project, Huawei technicians have, reportedly, already helped security personal spy on political opponents

📝 Police plan on integrating these systems with other key agencies, including the revenue office, identification authority, and immigration office

https://privacyinternational.org/case-study/3969/huawei-infiltration-uganda

Related post

#africa #uganda #huawei #china #surveillance

Chile picks Japan's trans-Pacific cable route in snub to China

Decision a blow to Huawei and Chinese telecom sector

TOKYO/SAO PAULO -- Chile has chosen a route proposed by Japan for the first fiber-optic cable to directly connect South America and the Asia-Pacific region, designating Australia and New Zealand as endpoints while stopping short of landing in China, Nikkei has learned.

Japan's route beat out a pitch by China that would have made Shanghai the final landing point. This decision comes amid a U.S. pressure campaign to keep China out of global telecommunication projects.

Under the Japanese proposal, the undersea fiber-optic cable would stretch roughly 13,000 km across the Pacific Ocean, pass through New Zealand then arrive at its terminus in Sydney. The Chilean government says this route is recommended the most based on cost and feasibility.

Japan and Australia just completed their own submarine cable linking the two countries this month, meaning Japan could easily connect to the trans-Pacific cable. Both Australia and New Zealand share deep ties with Chile through the Trans-Pacific Partnership, the trade deal that Japan has pushed for.

The Japanese proposal to Chile took into account Australia's hard-line position against China, exemplified by Canberra's decision to blacklist China's Huawei Technologies from its 5G infrastructure.

Chile was caught in the geopolitical crossfire as China, its largest trading partner, lobbied heavily for cable plan to have Shanghai as its terminus. When Chilean President Sebastian Pinera visited Beijing in April last year, Huawei pledged to invest in data centers in Chile.

Huawei initially emerged as the leading candidate for the undersea cable. But the South American country was unable to ignore U.S. intentions in diplomacy and trade.

👀 👉🏼 https://asia.nikkei.com/Business/Telecommunication/Chile-picks-Japan-s-trans-Pacific-cable-route-in-snub-to-China

#telecommunication #Chile #Japan #China #Huawei #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Huawei's deep roots put Africa beyond reach of US crackdown

Chinese telecom gear features in 5G networks in South Africa and Uganda

ISTANBUL -- As the U.S. lobbies for countries around the world to keep Huawei Technologies out of their telecommunications networks, the Chinese giant has established a seemingly irreversible foothold in Africa, a market of 1.3 billion people.

African presenters featured prominently in an online event held by Huawei in late July, including South African Communications and Digital Technologies Minister Stella Ndabeni-Abrahams, who stressed the growing importance of a digital shift amid the coronavirus pandemic.

https://asia.nikkei.com/Spotlight/Huawei-crackdown/Huawei-s-deep-roots-put-Africa-beyond-reach-of-US-crackdown

#Africa #Huawei

Backdoors and other vulnerabilities in HiSilicon based hardware video encoders

Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.

This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.

👀 👉🏼 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

👀 👉🏼 🇩🇪 https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html

#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China launches crackdown on mobile web browsers, decries 'chaos' of information

SHANGHAI (Reuters) - China’s top cyber authority said on Monday it would carry out a “rectification” of Chinese mobile internet browsers to address what it called social concerns over the “chaos” of information being published online.

China’s strict internet censorship rules have been tightened numerous times in recent years and in the latest crackdown, the Cyberspace Administration of China (CAC) has told firms operating mobile browsers that they have until Nov. 9 to conduct a “self examination” and rectify problems.

The problems include the spreading of rumours, the use of sensationalist headlines and the publishing of content that violates the core values of socialism, it said in a statement.

“For some time, mobile browsers have grown in an uncivilised way ... and have become a gathering place and amplifier for dissemination of chaos by ‘self-media’,” the CAC said, referring to independently operated social media accounts, many of which publish news.

“After the rectification, mobile browsers that still have outstanding problems will be dealt with strictly according to laws and regulations until related businesses are banned.”

The campaign will initially focus on eight of the most influential mobile browsers in China, including those operated by Huawei Technologies Co Ltd [HWT.UL], Alibaba Group Holding’s UCWeb and Xiaomi Corp, it said.

Others include the QQ platform owned by Tencent, Qihoo-owned 360, Oppo and Sogou.

👀 👉🏼 https://www.reuters.com/article/us-china-censorship-browsers-idUSKBN27B1Z3

#china #huawei #censorship #browsers #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Chinese Capitalist Party bails out Huawei Honor brand

https://www.msn.com/en-xl/news/other/huawei-sells-honor-brand-to-state-backed-group/ar-BB1b5ds9


#huawei #honor #china #gov

Huawei tested AI software that could recognize Uighur minorities and alert police, report says

An internal report claims the face-scanning system could trigger a ‘Uighur alarm,’ sparking concerns that the software could help fuel China’s crackdown on the mostly Muslim minority group

The Chinese tech giant Huawei has tested facial recognition software that could send automated “Uighur alarms” to government authorities when its camera systems identify members of the oppressed minority group, according to an internal document that provides further details about China’s artificial-intelligence surveillance regime.

A document signed by Huawei representatives — discovered by the research organization IPVM and shared exclusively with The Washington Post — shows that the telecommunications firm worked in 2018 with the facial recognition start-up Megvii to test an artificial-intelligence camera system that could scan faces in a crowd and estimate each person’s age, sex and ethnicity.

If the system detected the face of a member of the mostly Muslim minority group, the test report said, it could trigger a “Uighur alarm” — potentially flagging them for police in China, where members of the group have been detained en masse as part of a brutal government crackdown. The document, which was found on Huawei’s website, was removed shortly after The Post and IPVM asked the companies for comment.

https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/

#Asia #China #Huawei #AI #Uighur #surveillance

"Wolf culture" - How Huawei controls its employees in Europe

Former employees accuse Huawei of discrimination. How massively the company interferes in their private lives and how it keeps its staff in line is revealed by internal documents and covert audio recordings that netzpolitik.org and the media partners of The Signals Network have analysed.

The journalist with the camera causes nervousness. Minutes after he appears in front of Huawei’s European headquarters in Düsseldorf in mid-November, a stocky security guard and a female employee rush over. The street in front of the building is public space, but the company seems to feel its turf has been violated. „What do you want here?“, the woman asks. „Delete the photos.“

Insights into the inner workings of the controversial Chinese mobile phone company are rare. Huawei has about 200,000 employees worldwide, and about 2,400 in Germany, according to the company. The European headquarters are in Düsseldorf. „We Are A Top Employer!“, a sign in the entrance area reads, beneath it orchids decorate the reception table. In the corridor hangs a photo of a hiking group posing and waving on a mountain peak.

What voices tell us from inside, on the other hand, belies the impression of a friendly atmosphere. They tell of a technology company that seems to see its employees first and foremost as raw materials from which it wants to forge its own success. About a company that moves Chinese employees around like chess pieces, that fires employees at will and where a quasi-military esprit de corps prevails. In Germany, the company sometimes violates the spirit, perhaps even the letter, of labour law.

https://netzpolitik.org/2021/wolf-culture-how-huawei-controls-its-employees-in-europe/

https://www.telegraph.co.uk/news/2021/01/13/huawei-expat-employees-marry-westerners-faced-forced-leave-europe/

(Paywall)
https://www.elmundo.es/economia/2021/01/13/5ffe1f39fc6c83b1588b463e.html

https://www.republik.ch/2021/01/13/inside-huawei

#huawei #discrimination #expat #employees #europe #eu #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

🔴 App download / install / manage

Google PlayStore™ can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )

You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store

Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold

Here are some better alternatives to get and manage Android apps:

🎁 F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034

🎁 Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242

🎁 Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
⚠️ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore

🎁 Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666

🎁 Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases

🎁 App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge

🎁 Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium

🎁 Accrescent
https://accrescent.app

🎁 Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app

🎁 Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid

🎁 apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep

🎁 APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber

🎁 APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror

🎁 ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack

🎁 Kali Nethunter Store
Pentesting apps
https://store.nethunter.com

🎁 Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader

🎁 Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de


🔴 App management

🛠 AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager

🛠 AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden

🛠 /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247

🛠 Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller

🛠 Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor

🛠 OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk

🛠 NeoBackup
https://github.com/NeoApplications/Neo-Backup


🔴 App info

🔬 ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus

🔬 Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy

🔬 App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher

🔬 Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer


📡 @NoGoolag 📡 @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei