Six U.S. intelligence agencies warn against using Huawei phones

Fast Company ^ | February 14, 2018 | By MG

[Swordmaker]

My Huawei Honor 5x has been flashed with so many flavors of linux running every Android version since Kitkat that I can't keep count. It currently drops down from Android Mashmallow into a nuke hardened selinux which lets me hang out in unsafe spaces while my Honor 8 drops into Debian GNU/Linux and lets me do dev work in my home environment.

It's not the software YOU can flash onto the Huawei phone, it's what's already in the HARDWARE you can't touch and that you know-nothing about that's important. Apple iPhones have a built in processor and hardware section the data processor cannot touch or even see which handles encryption and user authentication. It's completely hardware walled off from the ability of the data processor, yet it can access the and hand off data to the data processor after it has deciphered it.

You have no clue what may be included in the ZTE and Huawei hardware that can see your data and activity. The US intelligence agencies know better than you that these devices are not to be trusted and are saying so, yet they have certified other Android phones as OK for government use. Just not these made by a company that is apparently completely controlled by the Chinese Government.

[Swordmaker]

As if no other phone is built without the access to it by a company that is beholden to a foreign entity! Yes I mean Apple too!

Apple does not have access to the iPhones after the user puts in their user ID and password. Apple does not have the password, only the user has it. . . and the end to end encryption is 256 bit AES standard, higher than most of our government and financial institutions use. To open such an encryption REQUIRES that password, which is not even stored on the device, much less sent to Apple.

[Mastador1]

That’s fine, but Apple isn’t really the manufacturer now are they? I understood that they were manufactured in China.

[Garth Tater]

" it's what's already in the HARDWARE you can't touch and that you know-nothing about that's important."

No, what is important is that what I am expecting to happen in the hardware (processing-wise) is taking exactly as long as I expect it to take and that its output is exactly what I expect to see.

You do know that the code running on these phones is written and debugged inside of emulators first, right? Hardware emulators. And that we have code profilers specifically designed to find timing problems - the kind of timing problems root kits hiding in hardware cause.

It's a simple matter to compare the output from these profilers to the output of profilers watching the same code running on the actual hardware and flag any discrepancies - unless you think those dirty commies might have slipped compensatory code into the emulators to cover their hardware hacking tracks... They'd have to be good though since those emulators are themselves open source code and EVERY line of their source is freely available to anyone that chooses to view it.

This is such a dilemma. Closed source code running on proprietary hardware and approved by US intel or open source code running on hardware sold by a company whose reputation for transparency and support for the open source community is unblemished? Tough choice.