Don’t Be Afraid of Huawei and ZTE
U.S. intelligence officials say they don’t want people to use Huawei or ZTE phones, but we don’t think their claims have merit. Here’s why.
By Sascha Segan
Don’t throw out your ZTE phone.
US intelligence chiefs paint a dark picture of ZTE and Huawei, which they claim are Chinese spying operations, but we haven’t seen a shred of actual evidence that either company’s phones are dangerous to Americans in any way.
The bigwigs’ most recent admonition is part of a long campaign against ZTE and Huawei, started by Congress in 2012. At that time, Huawei pretty much backed out of the US market, but ZTE doubled down, started sponsoring the Houston Rockets, and became the №4 smartphone seller in the US.
The change we need to talk about with this week’s testimony is that the officials have switched from blocking Huawei network equipment to disparaging Huawei and ZTE handsets. Both companies have been essentially banned from our network equipment market for five years now, and no US wireless provider uses their products.
Network equipment is, in general, where spying happens. You can dragnet a lot of communications at once, it’s jealously guarded by wireless carriers, and independent researchers often don’t have access to it. You don’t even have to have special backdoors in the network equipment to spy. The well-known SS7 network flaw is widely thought to be used by intelligence agencies around the world to spy on cellular traffic.
When the UK and Australia have criticized and blocked Huawei in the past, it’s always been about network equipment. Australia banned Huawei network equipment from its national broadband network and then issued both Huawei and ZTE phones to government staff members, demonstrating the huge difference between how network equipment and phones are seen.
Note that US intelligence chiefs also don’t say there’s a specific threat. Rather, they just don’t like these companies, because China. There’s no actual evidence. Just … China.
“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray testified, as quoted by CNBC.
That is not “these phones are an actual threat.” That is “I just don’t like these companies.”
Huawei and ZTE obviously say they are not security threats, they’re committed to openness and transparency, and whatever. You already know what Huawei and ZTE are going to say here.
Handsets Are Different
Network equipment is used by a relatively small number of large corporations, which guard their secrets tightly. It isn’t widely, aggressively, and publicly tested by a large security researcher community.
But handsets are tested by everyone. As soon as a new phone comes out, everyone from global security research firms to random geniuses on XDA-developers start disassembling the firmware; iFixit and other teardown firms take electron microscopes to these things.
This crowdsourced research has turned up problems in handsets, including Chinese handsets, again and again. Both OnePlus and Blu have been caught delivering security flaws to their customers. They were both roundly roasted for their errors, and changed their ways.
Nobody has ever found this supposed spy software inside Huawei and ZTE handsets. The people asserting that it may exist have never described it and never identified specific models that include it. The US also stands alone in essentially blocking Huawei’s phones, rather than network equipment.
To believe this software exists, you’d have to believe that Huawei and ZTE are so far beyond the capabilities of any other handset manufacturer that they’re able to hide this tech when others cannot. You’d also have to believe that we’ve found an exploit that CSIS, MI6, and the Mossad have all missed, and that we haven’t shared it with any of our allies.
If you’re worried about being surveilled, I have bad news for you: you are being surveilled. Your wireless carrier has mountains of data on you, and will turn it over to the government at the drop of a warrant. Google and Facebook have terrifyingly accurate profiles of what you do, what you think, and where you are. All those organizations have reason to be interested in you. They want to sell you ads or make sure you obey their laws and rules.
Even if Huawei and ZTE were spy operations, and I don’t think they are, they don’t have urgent enough motivation to risk massive, global shame and business collapse by installing spyware on tens of millions of phones willy-nilly. The Chinese government has no motivation to be spying on you, specifically. Unlike the Australian defense staff who use ZTE phones, you do not have any information that any foreign government actually wants.
I know it may hurt to know you’re not important. “But no!” you cry. “I have critical trade secret information the Chinese must want to steal!”
You don’t. They don’t care enough to steal it. Unless you actually work for the government or military, in which case you should be using a product that’s on the DoD recommended list, you are not being caught in any sort of Communist dragnet. Paranoia will destroy ya.
Our Verdict: We Aren’t Bothered
Years of Huawei and ZTE phones being in global markets, being explored, examined, downloaded, disassembled, recompiled and hacked upon have revealed no more critical security flaws than in any other Android vendor, and they haven’t shown that the handsets are spying for the Chinese government.
The intelligence officials disparaging these companies have also given no evidence and been careful not to state that the handsets themselves are a clear and present threat — just that they have an animus against these companies.
Without any actual evidence of wrongdoing, we have no problem recommending Huawei and ZTE phones to buyers in the US, and you shouldn’t have any concerns buying them.
Read more: ZTE Axon M review
Originally published at www.pcmag.com.
