A Thought on Huawei

John Hemmings made some interesting and critical points about the “security” (my metaphoric quotes) of Huawei equipment.  In doing so, he cited a study by Finite State, a cyber-security organization that looks deeply into the Internet of Things and resulting vulnerabilities—an IoT of which Huawei is aiming to be a central part (as well as a central part of national communications and defense systems and of governments).  Finite State’s analysis investigated “more than 1.5 million files embedded in 9,936 firmware images supporting 558 different products within [Huawei’s] enterprise networking product lines.”

Hemmings’ points center on these:

  • In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors.
  • On average, Huawei devices had 102 known vulnerabilities inside their firmware, primarily due to the use of vulnerable open-source and third-party components.
  • Out of all the firmware images analyzed, 55% had at least one potential backdoor.
  • On dozens of occasions, Huawei engineers disguised known unsafe functions (such as memcpy) as the “safe” version (memcpy_s) by creating wrapper functions with the “safe” name but none of the safety checks.
  • Across 356 firmware images, there are several million calls into unsafe functions. Huawei engineers choose the “safe” option of these functions less than 17% of the time, despite the fact that these functions improve security and have existed for over a decade.
  • Huawei devices had…2-8x more potential 0-day vulnerabilities than the other devices.
  • Vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal.

Those vulnerabilities? Given how enthusiastically Huawei’s representatives tout the superiority of their equipment, and given that fourth bullet, I suggest that those vulnerabilities also are known to Huawei’s men and put there deliberately.

And that last bullet: Vodafone had identified those “vulnerabilities” to Huawei in 2011 and received assurances from Huawei that they’d be removed.  Those security holes remained far past 2012.  And still remain as far as I can tell.

This is why Huawei has no legitimate place in any organization outside of the People’s Republic of China, nor should it have access to any technology of any nation or business outside of the PRC.

But Huawei’s CEO, Ren Zhengfei, and CFO, Meng Wanzhou, and men of the PRC’s government, like President Xi Jinping, deny all of this. And Ren is an honorable man; So are they all, all honorable men.

A Continued Power Grab

The People’s Republic of China objects to the sale of defensive weapons to the Republic of China.

China will sanction US firms that participate in arms sales to Taiwan [The Wall Street Journal‘s conflation of the island with the nation that sits on the island], after Washington approved sales of $2.2 billion in tanks, missiles and related military hardware, Beijing said.

The PRC’s Foreign Ministry has justified the threat with this:

the arms sales “harmed China’s sovereignty and national security”

Of course, it does no harm to the PRC’ sovereignty to sell weapons to a sovereign nation.  Of course it does no harm to the PRC’s national security to sell defensive weapons to a sovereign nation that’s so much smaller than the PRC.

All the sale does is increase a sovereign nation’s ability to defend itself against the aggression, the threats of invasion, which the PRC has so repeatedly leveled against that sovereign nation.  If the PRC has no such aggressive intent, it has nothing to fear from the sale.

The PRC’s moves would be nonsensical, did they not amount to such a cynical and naked and continued grab for power.

Distortions and Misguided Solutions

Wrong answers:

The International Organization for Migration (IOM) and UN Refugee Agency (UNHCR) have called on the EU to implement a series of measures aimed at assisting people trapped in Libya or at risk of dying on the Mediterranean Sea. The suggestions include restarting a program of organized sea rescues.
In the past European State vessels conducting search and rescue operations saved thousands of lives, including through disembarkations in safe ports,” the IOM and UNHCR noted in a statement on Thursday. “They should resume this vital work….”

Why is there no effort, though, no euro—not a single cent—committed to helping these people at the source?  Certainly, it would be very difficult to help Libya, Sudan, Niger, et al. improve and correct their situation, political and economic, so that their citizens wouldn’t feel constrained to leave.  But “hard” means “possible,” and France has shown some of that possible in Chad, and Niger has made progress on its own with very damn little—too little—help from outside.

But it’s cheaper in the short-term and easier to focus on rescues at sea and “disembarkations in safe ports” than it is to do the hard work of a long-term solution.

But were such long-term efforts brought about, the flow of refugees would fall off markedly, and sea rescues and relocations would become much more feasible.

Of course, at that point, the virtue signalers would need to find something else with which to signal their…virtue.

And now the distortion: the IOM and UNHCR pronounced in a joint statement

NGO boats…must not be penalized for saving lives at sea.

DW contributed to the distortion:

Independent rescue operations such as Sea-Eye…which rescued 44 people near Libya earlier this week [as of 12 Jul], have attempted to fill the void left after earnest EU efforts ceased, but non-government organizations face increasing persecution from governments such as Italy’s, which has tried to frame their efforts as criminal.

Italy has done no such thing. Italy has said nothing about rescue operations; it only has enforced its laws concerning entering Italian territorial waters, even Italian ports, without permission—these are criminal acts, no framing required.

The situation concerning the refugees is not helped by such shenanigans.

Joe Biden’s Foreign Policy

Last Thursday, Progressive-Democratic Party Presidential candidate Joe Biden laid out his foreign policy paradigm.  The gist of his policy is this:

[The] overarching purpose of our foreign policy, I believe, must be to defend and advance our security, prosperity, and democratic values that the United States stands for.

And

I would remind the world that we are the United States of America and we do not coddle dictators. The United States of America gives hate no safe harbor.

And he’ll

make it my mission to restore American leadership….

In fine, Biden’s foreign policy is to Make America Great Again.

A Thought on Tariffs

The tariffs as used by President Donald Trump are viewed by many as having no impact on our overall trade deficit, and much is made of Trump’s disdain for trade deficits.

Thirty months into the Trump Presidency, the US economy continues to import more than it exports. This isn’t a problem, since the trade deficit is of no great consequence as an economic measure.  But in President Trump’s telling this is a clear and present danger….

Suppose something else, though.

Mr Trump has imposed 25% tariffs on $200 billion of Chinese goods, and he’s threatened a duty on another $300 billion. This has narrowed the US-China bilateral goods trade gap in recent months, but the total US trade deficit reached a record high in 2018. … Producers are leaving China, but not for America.
While Chinese goods exports to the US fell 12.3% year-over-year from January through May, Vietnam saw a 36.4% increase, according to US Census data. Taiwan had a nearly 22.5% year-over-year increase in the same five months, more than triple the increase from 2017-18. South Korean exports to the US increased 12.4% over the period.

Recall one of Trump’s other reasons for disdaining the trade deficit: the People’s Republic of China declines to play by international trade rules, and it steals or extorts other nations’ (ours in particular as one of the, if not the, leader in) technology and intellectual property, along with merely proprietary materials.

If the PRC doesn’t want to play by the same rules as the rest of us, it doesn’t need to trade with the rest of us.

Thus: if the tariffs aren’t realizing their first secondary purpose, moving production back to the US, they are gaining their primary purpose: moving production, and associated export, out of the PRC.

That’s not all bad.