Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: thesmileyone on September 25, 2020, 03:15:06 PM
-
Is anyone else concerned with Huawei's notorious data collection / spying reputation when using the HG612? It's first/last in line on your connection...
-
It's essentially a dumb modem.
As for notorious data collection, you've been listening to Donald Trump too much.
The concern is because they are Chinese, nothing else.
Casual racism from a state worried about another state who makes better telecoms equipment than they can.
I've never seen anything reputable that says Huawei collect data or spy.
I've owned 3 Huawei Android phones.
My modem has regularly been a Huawei.
My VDSL2 DSLAM is Huawei
My current FTTP ONT is a Huawei and it is connected to a Huawei OLT in the exchange.
Not worried in the slightest. My Android phone is the only thing that they could see any data on.
The modems, DSLAM's, ONT's and OLT's are on the edge of the network.
There's likely sensitive government data traveling across said network all the time.
Huawei can't see any of the data that passes through said equipment.
-
I have a Huawei Mate 20 Pro phone, best phone I've ever owned (I paid an exceptionally low price for it), am I worried, not at all.
Just Trump using the tools available to him as a business man to improve America's GDP, but sooner or later it will back fire on him, hopefully in the next election with any luck.
-
The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.
I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.
-
Is anyone else concerned with Huawei's notorious data collection / spying reputation when using the HG612? It's first/last in line on your connection...
Nope. Given it's Huawei kit on the other side of the connection there is little point in worrying about the Huawei equipment in my home.
How do you propose the modem or whatever sends data back to Huawei given it has no routing to them?
-
The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.
I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.
I'm sure they could though the lack of any routing is probably going to be a problem.
That I have taken one apart helps, too.
There is configuration in my ONT to report telemetry to Huawei. It is disabled and relies on IP routing to get back there. This is not provided by Openreach and they're the only ones the modem/ONT can reach without modifying user traffic, which would be incredibly blatant.
The vast majority of Internet traffic is encrypted. It would take genuinely epic espionage to know which users are which without massive amounts of siphoning data off to Huawei.
When you get to that level it makes far more sense to attack single targets. If you're that interesting to a nation state they'll do various other things. Subverting provider networks massively will just get unwanted attention and be incredibly obvious. ISPs will get curious when they notice every subscriber connecting to a specific server.
ISPs do have quite in-depth telemetry on their customers and of course our security services have their little black boxes.
-
Would it really be incredibly blatant for the modem to send data via the user's ISP's connection to Huawei? Not necessarily modify user traffic, just add its own. That seems like saying the ISP should somehow just know which packets should be present and which ones shouldn't.
-
The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.
I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.
That's the Broadcom chipset and not Huawei themselves though.
Specifically
Our understanding of this, having talked to Huawei last year to get a very similar bug fixed is that the problem is with the packet accelerator feature in the Broadcom chipset. It is caching frame headers including the PPPoE Session-ID, but not checking if the Session-ID is the same when searching for the entry in the cache for subsequent packets.
https://support.aa.net.uk/VMG1312-B10A:_Bugs
It's a bit of a leap to jump from the modem caches some frame headers as part of its packet acceleration to Huawei are spying, don't you think?
AAISP spent a considerable amount of time analysing these modems to diagnose the issue you raised.
There was a silly ammount of these modems live in the OpenReach network and if Huawei were sucking up data from every modem someone would have noticed, be it an end user or an ISP.
That's tin foil hat stuff
-
I was not saying the devices are spying. I'm saying that all those boxes are capable of spying. That's why you have end to end encryption. So that all the boxes your data goes through can't see it.
-
Would it really be incredibly blatant for the modem to send data via the user's ISP's connection to Huawei? Not necessarily modify user traffic, just add its own. That seems like saying the ISP should somehow just know which packets should be present and which ones shouldn't.
In router mode, sure, but in bridge mode, not really. It also helps that most of the firmware is open source so it would have to be something very sneaky in one of the binaries for nobody to have noticed.
In bridge mode it has no way to get to your ISP unless its somehow manipulating the PPP session as it passes over the bridge. Quite frankly, the HG612 has neither the CPU nor RAM to do that. Its barely enough to be a basic VDSL router (I believe it can't handle full line rate as router?), thus why few use it in that mode.
-
I wasn't suggesting it would be streaming video from your webcam to Huawei in 4k UHD!
most of the firmware is open source
LOL. No it isn't. I think you find that most of the software components from Broadcom and Huawei in the firmware aren't open source.
-
At Chinese State level?
1. Is there motive - yes
2. Is it possible - yes
3. Is it possible without end user awareness - yes
4. Is it possible without ISP awareness - yes
5. Is it possible without the backbone provider(s) being aware - yes
I'd say those are close enough to 5 facts as you can get on a forum, so you can see why many governments have genuine reasons for concern.
Presumably most/all on this forum reside in the UK though; so we get at least 1 and often 2 facts to add to the list that would flip the answer bit to no.
The chances of such nefarious activity being unknown to HMG for any significant period is vanishingly small.
-
And what's to say Apple, Google, Microsoft or any other American company aren't spying for the Americans, or some other company spying for another country? If ones capable of doing it they pretty much all are.
-
...
The chances of such nefarious activity being unknown to HMG for any significant period is vanishingly small.
Who will almost certainly be monitoring traffic at many levels...
-
At Chinese State level?
I don't see the same threads being made about ECI telecoms.
Do the Israeli government not spy?
I'm happy with Huawei kit in the network and so is the British government.
None of OpenReach's Huawei kit is considered "core network" equipment.
No idea why this was split in to its own thread. It's getting boring now.
-
Would it really be incredibly blatant for the modem to send data via the user's ISP's connection to Huawei? Not necessarily modify user traffic, just add its own. That seems like saying the ISP should somehow just know which packets should be present and which ones shouldn't.
A single modem no. All of them definitely.
If you can control or compromise enough to know who owns which modems you don't need mass surveillance capability in the modems as you already have enough information to mount a targeted attack.
-
No idea why this was split in to its own thread.
Then I shall tell you the reason why. It was split off because it had been appended to topic where it served no purpose.
-
I wasn't suggesting it would be streaming video from your webcam to Huawei in 4k UHD!
LOL. No it isn't. I think you find that most of the software components from Broadcom and Huawei in the firmware aren't open source.
Then what is this? https://www.openreach.co.uk/orpg/home/products/super-fastfibreaccess/super-fastfibreaccess/landrgnu.do
Yes the modem is a closed-source binary blob, but that's hardly "most of" the software. The core OS is Open Source, which means wherever its hooked into the OS you have some ability to see what its doing. Plus further up the network I'd expect Openreach to monitor what is going over their backhaul to make sure its only what's supposed to be there.
-
Then what is this? https://www.openreach.co.uk/orpg/home/products/super-fastfibreaccess/super-fastfibreaccess/landrgnu.do
Have you looked at what's in the open source code releases and what's in the firmware? What you've provided a link to is the open source parts. I am well aware of it. The vast bulk of that code will be the Linux kernel, the vast majority of which won't be of any relevance to the HG612.
Here's a list of binary programs in the HG612 and if you get the source code:
Y brctl
Y busybox
N cli
N cmfctl
N cms
N console
N cwmp
N dbase
Y dhcpc
N dhcps
Y dnsmasq
N dsldiagd
Y ebtables
N equipcmd
N ethcmd
N igmpproxy
Y ip
N ipcheck
Y iptables
N klog
N log
N mc
N MidServer
N monitor
N msg
Y pppc
Y ripd
Y siproxd
Y sntp
* sshd
Y tc
N upg
N xdslcmd
N xtmcmd
Y zebra
35 programs, 13 open source, 21 not open, * sshd appears to be dropbear which is open source but was not included in the source code release. This is why I say most of it is not open source.
Plus further up the network I'd expect Openreach to monitor what is going over their backhaul to make sure its only what's supposed to be there.
Again, I don't know how you expect Openreach to know what's supposed to be there and what isn't. You might as well be expecting Openreach to block all malicious traffic to/from the Internet and all spam and viruses, if they can monitor it all and know what's what.
-
How is the kernel irrelevant? That's literally what any binaries have to talk through. Plus as I pointed out earlier, what exactly is it going to do when its in bridge mode so can only see the ATM/PTM layer?
All we really need to know is don't give the HG612 a gateway, gives it a static IP and at most configure the NTP server address to a relay on the LAN.
Could a bridge/modem intercept PPP traffic and inject something that shouldn't be there? Maybe (I don't know anything about PPP) but I'm 99% sure the HG612 is not powerful enough to do that, let alone to actually extract, process and report back what you are doing over that link. Just monitoring an interfaces data flow is hugely expensive in CPU cycles, you do NOT do that unless absolutely necessary.
If they beefed up the SoC to do that sort of thing, it would dramatically increase the cost per unit and nobody would buy it, as these devices are all about the absolute cheapest, reliable solution for the job. In the quantities they sold to Openreach they would need a darn good financial reason to sneak in a powerful SoC and take a huge loss per unit to do so, while hoping Openreach do not question WHY the hardware is so over-specced for the job or do any inspection of the firmware to see if its doing what they asked for.
[Moderator edited to remove the verbatim quote of the previous post.]
-
What I meant was, that out of the 200MB of source code provided by Huawei, there's probably about 150MB in there that'll be for kernel features or drivers that aren't even compiled. Whereas most of the bits and pieces of software that make the box do it's job are not open source. Try and make a firmware for the HG612 using only open source components and you might just about be able to get it running not very well as a 2 port wired router.
Just monitoring an interfaces data flow is hugely expensive in CPU cycles, you do NOT do that unless absolutely necessary.
And yet I earlier linked to that old issue where the HG612 was picking out UDP port numbers within the data passing through it. In bridge mode it'll be PPP packets going into it, the ATM/PTM layer only exists over the DSL link.
Powered by the advanced dual-core VIPER MIPS32 CPU and hardware
packet processing accelerator, the BCM6368 VDSL2/ADSL2+ modem
performs wirespeed bridging, routing, encryption, and decryption on all
packet sizes between the WAN and the various LAN interfaces.
There aren't that many different VDSL2 SoCs. It won't have so little CPU power that it can't do anything else besides be a bridging modem. I think at the time, Broadcom probably had the one VDSL2 SoC, the BCM6368 was also used in various wireless modem/routers, not just wired modems.
-
j0hn's comment nailed it, exactly in line with my views, America has been very anti China recently, note they state it as their reason for leaving the WHO as well, I have not seen one shred of evidence hauwei is nothing other than a telecoms company.
-
Damn didn't expect to be insulted. First time I've been here in 4 years it was just a question, and asked because I'm more into server stuff than home tech and this is therefore relevant: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
So my answer seems to be yes by the people who actually know what they are talking about, and "no you're a tinfoil hat wearer" by those who don't. :baby:
-
So my answer seems to be yes by the people who actually know what they are talking about, and "no you're a tinfoil hat wearer" by those who don't. :baby:
That's not what were saying at all. What were actually saying is that in an ONT, DSLAM, the end-user connectivity networks in general, then it would be tricky and kinda pointless.
Now if you can get a chip or marlware into the servers themselves or the backbone routers (which ALREADY are capable of packet inspection and have enough traffic passing over them to potentially hide what you are doing) then yeah of course, THAT'S where you have to worry.
Once you get down to an end-users connection, its far more viable to infect the user with malware, exploiting the clients on their home/corporate network itself. The ONT is kinda the worst place to try and attack from when there is low hanging fruit AFTER that point, you want to be right at either end of the connection where its easier to hide and plenty of CPU power to spare.
Even if a router is compromised, its only really to redirect traffic to a hijacked/spoofed server or to perform DoS. The real work is done in the clients and servers.
-
Damn didn't expect to be insulted.
Nobody insulted you?
So my answer seems to be yes by the people who actually know what they are talking about, and "no you're a tinfoil hat wearer" by those who don't. :baby:
You complain about being insulted (nobody insulted you) then you go all insult half the replies in this thread by suggesting they are tin foil hat wearers who don't know what they are taking about.
Way to go. Welcome back to the forum. I look forward to being insulted by you some more.
-
As far as I can see, OP did not suggest anybody among respondents was a tinfoil hat wearer. He suggested certain posts might have made him feel like he was accused of being a tinfoil hat wearer.
Back on topic, seems to me there are two aspects to consider.
1) Can the apparatus actually do any harm, even if it is malicious? Some folks seem content to say ‘No’, on the basis that they can’t think of how such harm can occur.
I think that’s missing the point that government sponsored hackers are probably cleverer than anybody here. There’s probably hundreds of exploits waiting to be discovered. Just because we can’t think of any harm doesn’t mean state spooks can’t.
2) Is Chinese apparatus any more of a risk than other Nations? Some folks rightly point out that if Chinese companies can do it, so could others, reasoning that make Chinese stuff equally safe/unsafe.
I think that’s folly. The difference is that whilst (say) the US might try to influence Apple or Google, or the German government might try and influence Siemens, they’d meet strong resistance both from the Companies at corporate level and from individual engineer employees, because these are free countries. Under Chinese law, my understanding is a company can’t say ‘No’ to a request to aid state security. There is very limited freedom of thought for Chinese workers who, for example, continue to be denied the truth about the 1989 Tiananmen square massacre. It’s a mistake to compare the risk from such a country with the risk from free-thinking countries.
Just my thoughts, others are welcome to their own. :)
-
I think this is potentially something governments should be more concerned about, use of potentially malicious 3rd party equipment inside a government building. To an everyday user like me, the worst I can potentially foresee (correct me if you think i'm being naïve) is that they know what YouTube videos I like to watch or what I like to buy on Amazon... Maybe that will put me on a blacklist in China but honestly I never had plans to go to China nor do I ever want to go.
Sorry for semi-necroing a month old thread, was scrolling through the forums and was curious.