Huawei has been in the international diplomatic crosshairs for the last few years because it has been considered dangerous for national security with its products. Huawei’s problems with the US were mostly on the grounds of espionage and exploitable backdoors. The main problem is that it was not an isolated incident for them specifically and it looked like part of a global targeted strategy by the Chinese government. Back in 2012 was one of the first massive reports for long lasting intrusion into a tech manufacturing giant. The former security chief of Nortel Networks, the now defunct manufacturer, stated that intrusion by state-sponsored Chinese hackers must had happened since 2000 all the way to the bankruptcy in 2009 leading to the theft of large amounts of proprietary information.
2018 was another year for raising awareness for Chinese state sponsored espionage. An article in Bloomberg uncovered that a San Jose based servers producing company, Supermicro, which was founded by ethnic Chinese and having subcontractor production facilities in China, had small parts of their hardware infrastructure, which were not responsible for any of the required processes, but instead could potentially act as backdoors for access by third parties. Supermicro was supposed to be the supplier to some of the largest resellers and data collection companies, such as Amazon and Apple for large server facilities consisting of at least 30,000 servers each. It was claimed that the PLA forced the planting of the microchips. Consequentially, a former Israeli Army Intelligence Corps officer, Yossi Appleboum, who founded a cyber security firm analyzing hardware and software vulnerabilities, stated that such problems were found in various other vendors, not limited to Supermicro only.
Reaching such level of changes in architecture cannot be done accidentally and is beyond the degree of error. In the case of hardware, such changes can be done in manufacturing and supply chain. If we assume rogue intent, it would be naive to assume that there was a single person sitting on a dark desk somewhere and installing microchips on every server that passes through his hands. As production and supply chains are designed by a whole team of experts in order to optimize production, delivery objectives and cost, the end result must have meant changes in the whole work flow design. Supply chain can be compromised easier, but it is usually the case of single incidents, not serial long lasting operations. The bottom line is, the Supermicro breach cannot be accidental and is something that was though of as an idea, meticulously planned, tried multiple times for optimization and errors, and finally implemented on a large scale where we see the end result.
Software changes can be implemented easier but they can also be detected easier. However, just like hardware production, implementing changes in the code requires a whole team – an idea, solution design, coding the initial versions, finding the problems, testing it multiple times and optimizing for work and making it as nimble as possible (a small change of the code leading to practically unrecognizable changes in the system performance would be harder to detect than something that affects heavily other connected processes). Additionally, software has one function that is not present with hardware- it is not constant. We are all used to downloading updates for the apps or the OS that we use. The fact that a certain software, which is examined today, shows that it is “clean” does not mean that it will be clean tomorrow. Logically, the side that would want to conduct espionage or data collection would try to use both hardware and software changes to reach its goals.
How is 5G development tied to this? The development of 5G standard is the next step in the evolution of telecommunications networks. With the increased used of data based solutions, machine learning and artificial intelligence in practically every step of life, the evolution of Internet of Things and Machine to Machine communication requires more bandwidth. The upgrade from 4G to 5G would allow for up to 10x more connected devices for the same area and 100x more bandwidth. Naturally, the biggest impact will be on the life in metropolitan areas, which in turn have also been the most contributing to growth and advancements in societies across cultures in recent decades.
The higher bandwidth, however, comes with a cost and this trade off is known to every network engineer – higher download speed vs distance and service area. The frequency, at which 5G networks will operate on, will be roughly similar to the frequency of operation of the home routers each one of us has. In ideal world, these routers can work for several hundred meters. However, this is the case for a clear area with no obstacles. The electromagnetic waves of this range get absorbed increasingly by objects with higher density and especially metallic structures resembling Faraday cage (racks of any kind, frames, buildings with armored concrete, etc). Because of this, the use of such routers is severely limited and use (without repeaters) behind 2 walls or more becomes largely impractical. If we extrapolate this to the possibility to cover a metropolitan area, we will see that there will be the need for carefully designed and installed network on the three axes X, Y, Z (in other words – including height) consisting of thousands of transmitters per sq. km.
Another possible security threat comes from the innate differences between 4G and 5G. 4G sends encrypted data via tunneling protocol, which makes it harder to extract data between two communicating parties. With 5G, if mobile edge computing is used, and it will be, because it would greatly optimize network performance and solve possible network congestion issues as many of the applications and processes will be pushed closer to the cellular customer, processing servers would be placed near 5G transmitters to enable information processing on behalf of the carrier. This, in turn, would allow for data extraction via these servers, which creates a great opportunity for the hardware installing company.
The story that Huawei offers groundbreaking 5G technology is also vastly overestimated. Currently, there are 9 companies in the world, which sell 5G radio hardware and 5G systems for carriers with similar capabilities – Altiostar, Cisco Systems, Datang Telecom/Fiberhome, Ericsson, Huawei, Nokia, Qualcomm, Samsung and ZTE. Out of these 9, only 2 are affected by the ban or diplomatic discouragement for use – Huawei and ZTE, specifically for the heavy ties with the Chinese government. The level of mistrust between the US and China was illustrated in early 2018 when all six top US intelligence chiefs, including those of CIA, FBI, NSA and several other, cautioned against buying Huawei equipment on the grounds that “any company or entity that is beholden to foreign governments that don’t share <American> values to gain positions of power inside <American> telecommunications networks”.
The innate presence of diametrically opposite views, creates extensive moral hazard between both sides and it would be foolish to allow such company to operate on the market on the pretext of fairness when it is backed by the entire government system of the largest country on Earth and, in the case of the US, the largest trading partner for them – a position, which has put them in significant dependency already.
The security concerns over hardware and software exploitation in the context of 5G and other uses in telecoms has made other countries to follow suit as well. Australia and Taiwan have banned Chinese vendors from providing equipment for 5G networks. Earlier New Zealand had implemented similar ban. Japan and Germany took a more diplomatic turn, essentially giving their governments more power to deny entry of foreign companies in the telecom sectors on the basis of security concerns. Canada’s three largest carriers prohibited the installation of specifically Huawei 5G equipment in their networks. United Kingdom was initially hesitant to act restrictively, but after its Defense Secretary and the head of MI6 expressed “grave” and “deep concerns” over the involvement of the company, its equipment will be removed by 2023. Vietnam, South Korea, Poland and the Philippines have acted to limit their involvement too. Sadly, EU in general has been passive, possibly due to its bureaucratic nature leaving many opportunities for regional lobbying. It must take a strong and unified stance and do not leave regional governments make decisions of that sort possibly jeopardizing the security of the union.
India, being on the forefront of the confrontation with China over their foreign policy in recent times, first banned numerous apps and software citing security concerns. Finally, in Aug 2020, the Ministry of Communications announced that it would restart pending discussions on approvals for 5G trials by private companies that were delayed by the nationwide lockdown due to the Covid19 pandemic. Even though it has not banned explicitly Huawei and ZTE, their approval is viewed as highly unlikely and it would be foolish for the country’s administration to not follow their counterparts in the US, Australia, UK and others in restricting the companies.
To sum it all up, the implementation of 5G networks by Huawei and the widespread use of their phones creates almost infinite opportunities for espionage, profiling, security breaches, tracking, population and movement analysis, data collection, etc. In essence, this can be a Trojan Horse giving full control over the networks and huge influence on the societies. Unlike the software trojans, this cannot be removed easily and once installed, it would have to be hand picked one transmitter at a time. There is absolutely no reason to be choosing such provider even at discounts, which would end up getting paid by their government. They, in turn, would finance that from the trade surplus from their trade partners, essentially making those target markets pay for their own control.