Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[thesmileyone]

Is anyone else concerned with Huawei's notorious data collection / spying reputation when using the HG612? It's first/last in line on your connection...

[j0hn]

It's essentially a dumb modem.

As for notorious data collection, you've been listening to Donald Trump too much.

The concern is because they are Chinese, nothing else.
Casual racism from a state worried about another state who makes better telecoms equipment than they can.


I've never seen anything reputable that says Huawei collect data or spy.

I've owned 3 Huawei Android phones.
My modem has regularly been a Huawei.
My VDSL2 DSLAM is Huawei
My current FTTP ONT is a Huawei and it is connected to a Huawei OLT in the exchange.

Not worried in the slightest. My Android phone is the only thing that they could see any data on.

The modems, DSLAM's, ONT's and OLT's are on the edge of the network.
There's likely sensitive government data traveling across said network all the time.
Huawei can't see any of the data that passes through said equipment.

[Ronski]

I have a Huawei Mate 20 Pro phone, best phone I've ever owned (I paid an exceptionally low price for it), am I worried, not at all.

Just Trump using the tools available to him as a business man to improve America's GDP, but sooner or later it will back fire on him, hopefully in the next election with any luck.

[ejs]

The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.

I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.

[niemand]

Is anyone else concerned with Huawei's notorious data collection / spying reputation when using the HG612? It's first/last in line on your connection...

Nope. Given it's Huawei kit on the other side of the connection there is little point in worrying about the Huawei equipment in my home.

How do you propose the modem or whatever sends data back to Huawei given it has no routing to them?

[niemand]

The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.

I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.

I'm sure they could though the lack of any routing is probably going to be a problem.

That I have taken one apart helps, too.

There is configuration in my ONT to report telemetry to Huawei. It is disabled and relies on IP routing to get back there. This is not provided by Openreach and they're the only ones the modem/ONT can reach without modifying user traffic, which would be incredibly blatant.

The vast majority of Internet traffic is encrypted. It would take genuinely epic espionage to know which users are which without massive amounts of siphoning data off to Huawei.

When you get to that level it makes far more sense to attack single targets. If you're that interesting to a nation state they'll do various other things. Subverting provider networks massively will just get unwanted attention and be incredibly obvious. ISPs will get curious when they notice every subscriber connecting to a specific server.

ISPs do have quite in-depth telemetry on their customers and of course our security services have their little black boxes.

[ejs]

Would it really be incredibly blatant for the modem to send data via the user's ISP's connection to Huawei? Not necessarily modify user traffic, just add its own. That seems like saying the ISP should somehow just know which packets should be present and which ones shouldn't.

[j0hn]

The HG612 and all those other boxes are quite capable of doing other things besides the "dumb" functions you expect them to be doing. For example the issue in https://aastatus.net/1854 had the HG612 apparently inspecting the data passing through it.

I think insisting that the modems, DSLAMS, ONTs and OLTs couldn't is lacking imagination.

That's the Broadcom chipset and not Huawei themselves though.

Specifically

Our understanding of this, having talked to Huawei last year to get a very similar bug fixed is that the problem is with the packet accelerator feature in the Broadcom chipset. It is caching frame headers including the PPPoE Session-ID, but not checking if the Session-ID is the same when searching for the entry in the cache for subsequent packets.

https://support.aa.net.uk/VMG1312-B10A:_Bugs

It's a bit of a leap to jump from the modem caches some frame headers as part of its packet acceleration to Huawei are spying, don't you think?

AAISP spent a considerable amount of time analysing these modems to diagnose the issue you raised.
There was a silly ammount of these modems live in the OpenReach network and if Huawei were sucking up data from every modem someone would have noticed, be it an end user or an ISP.

That's tin foil hat stuff

[ejs]

I was not saying the devices are spying. I'm saying that all those boxes are capable of spying. That's why you have end to end encryption. So that all the boxes your data goes through can't see it.

[Alex Atkin UK]

Would it really be incredibly blatant for the modem to send data via the user's ISP's connection to Huawei? Not necessarily modify user traffic, just add its own. That seems like saying the ISP should somehow just know which packets should be present and which ones shouldn't.

In router mode, sure, but in bridge mode, not really.  It also helps that most of the firmware is open source so it would have to be something very sneaky in one of the binaries for nobody to have noticed.

In bridge mode it has no way to get to your ISP unless its somehow manipulating the PPP session as it passes over the bridge.  Quite frankly, the HG612 has neither the CPU nor RAM to do that.  Its barely enough to be a basic VDSL router (I believe it can't handle full line rate as router?), thus why few use it in that mode.

[ejs]

I wasn't suggesting it would be streaming video from your webcam to Huawei in 4k UHD!

most of the firmware is open source

LOL. No it isn't. I think you find that most of the software components from Broadcom and Huawei in the firmware aren't open source.

[Robbie]

At Chinese State level?

1. Is there motive - yes
2. Is it possible  - yes
3. Is it possible without end user awareness - yes
4. Is it possible without ISP awareness - yes
5. Is it possible without the backbone provider(s) being aware - yes

I'd say those are close enough to 5 facts as you can get on a forum, so you can see why many governments have genuine reasons for concern.

Presumably most/all on this forum reside in the UK though; so we get at least 1 and often 2 facts to add to the list that would flip the answer bit to no. 

The chances of such nefarious activity being unknown to HMG for any significant period is vanishingly small.

[Ronski]

And what's to say Apple, Google, Microsoft or any other American company aren't spying for the Americans, or some other company spying for another country? If ones capable of doing it they pretty much all are.

[tubaman]

...
The chances of such nefarious activity being unknown to HMG for any significant period is vanishingly small.

Who will almost certainly be monitoring traffic at many levels...

[j0hn]

At Chinese State level?

I don't see the same threads being made about ECI telecoms.
Do the Israeli government not spy?

I'm happy with Huawei kit in the network and so is the British government.
None of OpenReach's Huawei kit is considered "core network" equipment.

No idea why this was split in to its own thread. It's getting boring now.