Why Are People Worried About Huawei?
February 10, 2020
The UK government was the centre of a storm of criticism surrounding plans for the country’s new 5G mobile network. Although the new network is desperately needed, experts are concerned about the decision to include Huawei technology.
In China, successful companies tend to be very closely aligned with the government. This means that they agree to operate according to very strict rules – and to share information if requested.
Information sharing is absolutely vital to the way that the Chinese population is monitored and controlled. And tech companies like Huawei play a role in making state surveillance possible.
As the relationship between Huawei’s senior management and the Chinese government has become clearer, many governments have voiced concerns. If Huawei technology is used to spy on Chinese citizens, it could also be used to spy on foreign countries too.
These concerns make the UK’s decision to permit Huawei technology in the construction of critical national infrastructure all the more unusual. The USA and Australia have already banned the Chinese supplier from their own projects and others are expected to follow their lead.
The UK believe they have controlled any risk of espionage by limiting Huawei to supplying equipment at ‘the edge’ of the network. They will not be allowed to assist with the construction of the ‘core’.
What does this mean? The core of the network is where the most sensitive data and communications are transmitted; if a foreign government could access the core they could spy on communications – or even disrupt the network entirely.
The edge describes equipment like the wireless transmitters that connect our mobile phones to the network. Although important, there is less risk of government data being stolen, or the network being taken offline.
By allowing Huawei to supply equipment, the UK hopes to lower the overall cost of building the new 5G network. And by limiting Huawei to the edge, they hope to contain potential risk.
But there are two problems. First, the UK does not fully understand the potential risks posed by allowing equipment that may have been compromised into the network. With a backdoor into the network, state-sponsored hackers could still work to take control of the core.
Second, government data may be protected, but our personal data still passes through the edge. It is possible that ordinary peoples’ information is stolen and misused as a result of Huawei’s involvement.
Even if the worst case scenario never happens, the UK’s decision to invite a hostile foreign player into their secure systems is a cyber security lesson for us all. As you use your PC or mobile device, think carefully about who you are inviting in. Every password you share or app you download opens a door that could be used by a hacker. It is always safest to block access whenever you have the chance.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.