Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108notfunny

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 03 July 2020 11:49

FCC uses flimsy evidence to damn Huawei and ban fund use

FCC uses flimsy evidence to damn Huawei and ban fund use Image by mohamed Hassan from Pixabay

More than 17 years have passed since the US invaded Iraq on the flimsiest of pretexts, with lies about this, that and the other, being used to justify the violation of a sovereign country.

Though much water has flowed under the bridge since then, it is clear that the standards of proof have not changed in Washington. One can gauge this easily by looking at the document put out by the Federal Communications Commission to announce a ban on Chinese telecommunications equipment vendor Huawei Technologies from being paid from the Universal Service Fund, a system of telecommunications subsidies and fees, used for communications equipment.

Much of the FCC's argument is based on a so-called study produced by a company named Finite State — which was unknown at the time the study was released in June 2019 — that Huawei gear had "hundreds of vulnerabilities identified in [the] firmware, including the presence of backdoors that potentially could be used to allow an attacker with knowledge of the firmware to log into the device".

The FCC added that, "Finite State found that '[i]n virtually all categories', Huawei devices were 'less secure than comparable devices from other vendors'. Nevertheless, according to Finite State, 'Huawei has repeatedly failed to address these vulnerabilities when making firmware updates". The other firms referred to were Juniper and Arista. Not, as one would think, Ericsson and Nokia, the two other main rivals to Huawei in 5G.

The Finite State study was first reported by The Wall Street Journal. At the time its findings were reported, the company was two years old, had no media contacts listed and had no way of being contacted apart from a Web form meant for those who wanted to make business inquiries. There was no phone number for the company on its site. The study was not put online at the time either.

Later, when the study did emerge, I made contact with the company and asked for an interview to clarify some doubts. Initially, Finite State scheduled a call with chief executive Matt Wyckhouse, then changed the date and time, and finally ducked the call together.

Finite State listed 142 devices — routers, switches, UPS units and the like — the firmware of which it said it had analysed in a matter of hours using its proprietary platform. Many of the devices listed were different versions of the same model. The report was titled "Finite State Supply Chain Assessment: Huawei Technologies Co Ltd." It referred to the Finite State 9-dimensional Risk Matrix as being the standard against which its study was done, but there was no sign of what this matrix is on its website.

Some of the issues found by Finite State were the presence of default usernames and passwords — a common issue with many products — configurations that allowed root access for SSH, pre-computed hard-coded authorised-keys allowing the private key holder access, and hard-coded SSH keys which could allow man-in-the-middle traffic interception.

Finite State referred to the fact that Huawei, when found to have similar issues by the UK, had pledged to spend US$2 billion to improve the security of its products and said that "despite these investments our research uncovered a substantial lack of secure development practices resulting in significant number of vulnerabilities". It did not mention that the pledge was only made in March, three months prior to that report being put out.

In another part of the report, Finite State contradicted its own conclusions by stating: "Recently, Huawei pledged to invest 2 billion dollars to develop a comprehensive solution to improving the cyber security of their products. With commitments like that, it is reasonable to expect to see the cyber security risk of their products decreasing over time."

The FCC's conclusion about the Finite State report was: "We find that the Finite State Report substantiates the Commission’s concerns regarding the weak security culture at Huawei. We disagree with Huawei’s criticisms of the report, but even if the report is flawed in some respects. Huawei cannot deny that, now, multiple organisations have independently found similar, substantial security vulnerabilities in their products.”

Apparently, all one has to do to get the FCC to ban company A or B is to feed some disinformation to the media — and the American media gets a hard-on when it hears of indictments, forgetting that these are lists of allegations that have to be proven in court — and they go to town on it.

The fact that very recently, The New York Times was able to claim that Russians were offering to pay the Afghan Taliban to kill American soldiers — when the Taliban hate the Americans with a vengeance and would willingly kill them given the slightest chance — and every major media outlet, apart from a few individuals, swallowed this fabricated yarn, is but the latest proof of this method of giving a dog a bad name and hanging it.

One of the biggest ironies for me is that the US is willing to believe that Huawei, a private company, will bow and scrape to Beijing's dictates – and neither Nokia nor Ericsson will do so. These two companies operate in China as partners of Chinese state-owned units: Nokia Shanghai Bell is a joint venture with the state-owned China Huaxin Post & Telecommunication, and works on 5G, while Ericsson Panda includes as shareholders the state-owned Assets Supervision and Administration Committee.

Every sin of which the FCC finds Huawei guilty — for example, that despite its location outside China, given the pervasive threat of the Chinese government and military apparatus, Huawei’s US subsidiary may be coerced to act as an extension of the intelligence-gathering arm of the Chinese state — could be equally said of American companies like Microsoft, Google, Amazon and Cisco.

In fact, the leaks by Edward Snowden have shown the extent to which these companies have been manipulated by the NSA, much in the same way as the FCC claims Huawei will be manipulated.

But hey, when did that ever matter? When a country is batty enough to call car imports a national security threat, anything can be a threat. This, by the way, was mentioned by no less a personage than German Chancellor Angela Merkel.

"...apparently the American secretary of trade says German cars are a threat to America's national security", Frau Merkel told a security conference in Munich in February 2019.

"We're proud of our automotive industry and I think we can be. We are proud of our cars. They are built in the US. South Carolina is one of the largest.. it's actually the largest BMW plant not in Bavaria.

"South Carolina is supplying China. So when these cars, because they are built in South Carolina, are not becoming less threatening, rather than the ones that are built in Bavaria [that] are supposed to be a threat to the national security of the US, it's a bit of a shock to us."

Read 3011 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News