AFP via Getty Images
The veil has now been lifted on U.S. claims of backdoors in Huawei’s telecoms networking equipment. The stunning allegation is that the Chinese telecoms giant has retained unauthorized access to the “lawful intercept” interface within its equipment. This is the overt backdoor by which a network can tap into calls and data on behalf of law enforcement when it has a legal right to do so—for example by way of a court order. The interfaces are designed for targeted surveillance, enabling specific individuals or numbers to be monitored within the network itself.
The revelation was made in a Wall Street Journal report on February 11. U.S. National Security Adviser Robert O’Brien told the newspaper “we have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world.” It is unclear what led the U.S. to making the disclosure now, but with the recent U.K. decision to include Huawei and Germany and others wavering, the stakes are high.
The U.S. says this information has been known for more than ten years, and was first detected in Huawei’s 4G technology. Washington classified the information and reportedly withheld it from allies until last year, when it was shared with the U.K., Germany and potentially others weighing up the inclusion or exclusion of Huawei in their 5G networks. A secret German memo described the U.S. intel as the “smoking gun” that had been missing from the debate.
Why the intel would be withheld given the public spat between Washington and Huawei is one of the key unanswered questions from this new report. It suggests the potential to protect the source of the information or even that there was some security advantage to be maintained from keeping it tightly held.
The U.K. decision to snub U.S. lobbying for a Huawei ban, inciting a furious response from President Trump, was the greatest setback thus far in the U.S. campaign against the Chinese giant. According to reports, Trump vented such fury at Prime Minister Boris Johnson that it took officials by surprise at the language being used. For its part, the U.K. says it was aware of this intel when it took its decision, and the information was factored into its risk assessment. There is no indication as to the U.K. view of the potency of the intel itself.
Huawei dismissed the U.S. allegation, telling the WSJ that “the use of the lawful interception interface is strictly regulated and can only be accessed by certified personnel of the network operators.” The company said that “no Huawei employee is allowed to access the network without an explicit approval from the network operator,” describing the claimed vulnerability as “extremely implausible—it would be discovered immediately.”
There are echoes in these claims of the 2005 “Athens Affair,” when it was claimed that nation-state hackers infiltrated Vodafone Greece and planted software in the core of the cellular network to intercept calls from senior politicians, including the country’s prime minister. The equipment in that instance was supplied by Ericsson, but the attack was on the same lawful intercept functionality being claimed by the U.S.
Insiders who have seen the U.S. intel say that it is compelling, but the networks—at least publicly—will dismiss the allegations and maintain that their systems now detect and defend against such unauthorized intrusions. There has been no detail from the U.S. as to whether they have seen the alleged vulnerability exploited, and, if so, on which networks and against which individuals.
Lawful intercept is a targeted technology, designed for warranted tapping into person-to-person communications. The intercept can pull metadata—who contacted who, as well as the content. It does not resolve the issue with encrypted communications, which has led to lobbying from the U.S. and others for backdoors of their own into those encrypted communication streams.
On the assumption these allegations are true, the implication is likely that it enabled an outside actor to target specific and senior individuals with highly prized information—politicians, business leaders, activists. The overriding U.S. accusation that Huawei equipment can facilitate Beijing eavesdropping on the west would align with such a pattern.
And so, as this new information hits, three critical questions remain: Why was the detail withheld when, if true, it would have provided the smoking gun the U.S. needed? Is there evidence of the backdoor being exploited, and, if so, on which targets and countries? And, finally, is this a pervasive vulnerability across all networks taking Huawei equipment or was it targeted at those with perceived inferior security and network defense arrangements in place?
In response to this story, Huawei told me that “there is not a single significant security problem and no evidence for the allegations made against us. Huawei never does, and never will do anything that endangers or compromises the security of its customers’ networks and data.” The company added that “we strongly reject the new allegations. Here again unfounded accusations are repeated without providing any concrete evidence.”