Nothing Makes Sense


That’s probably too general. I mean, it’s true – but let’s focus more narrowly: Huawei.

I have written before about Huawei and US government’s reactions to getting handed a plate of their own well-sauced gander [stderr] [stderr] [stderr] [and more] It turns out that they don’t like gander so much – to imperialists, it’s gotta be all goose, all the time. How’s that for over-stretching a bon mot? So, we have truly weird things happening regarding TikTok, and the US intelligence community and Cisco appear to be winning the weirdest marketing battle ever against Huawei. It’s my opinion that what’s driving all of this is certain big vendors trying to lock Chinese competitors out of the US market, because damn it, it’s their money. Put another way: if Cisco had a successful and affordable 5G solution stack, we wouldn’t be having this discussion because, as usual, they’d be too busy cashing checks.*

Try to follow the bouncing ball:

Bounce 1:

The US literally strong-arms the UK and some of its other allies into de-committing to Huawei gear (some of which is already paid for and installed) on their core networks. Ostensibly, the reason for this is because – in all probability – the Chinese government has gotten Huawei to build backdoors in their gear. That is the aforementioned gander-sauce: the US government has gotten many companies to build backdoors into their gear, so the US can say with certainty that having someone do that is very unpleasant, if not outright immoral.

Bounce 2:

As part of its leverage campaign against Huawei, which has included attempts at judicial kidnapping [see notes] the US has blocked export of critical microprocessor components used by Huawei in their phones. This was a bold/big move: Huawei phones are outselling iPhones in China – I’m sure that has nothing to do with the ridiculous cost of iPhones and everything to do with nationalism. [reuters]

WASHINGTON (Reuters) – The Trump administration on Friday moved to block global chip supplies to blacklisted telecoms equipment giant Huawei Technologies, spurring fears of Chinese retaliation and hammering shares of U.S. producers of chipmaking equipment.

This is an interesting move because it pushes back the development lifecycle on a bunch of Huawei stuff. Huawei now has to find someone else to develop (or has to license) things like cell phone antenna controller chipsets. And the US has pushed Google, controller of Android and the Android app store, into blocking access for Huawei customers. [verge]

Google on Friday evening published a support article meant to clarify the ongoing situation with Huawei. Last year, the United States government barred companies in the US from working with the Chinese hardware maker. “Google is prohibited from working with Huawei on new device models or providing Google’s apps including Gmail, Maps, YouTube, the Play Store and others for preload or download on these devices,” Tristan Ostrowski, legal director for Android and Google Play, wrote in the post, which was picked up by 9to5Google.

Because they hate us for our freedoms, I suppose. It appears that the US is doing an across-the-board push to make Huawei’s stuff later to market – almost as though they’re trying to give Cisco a chance to catch up. I’m surprised they haven’t “Tik Tok”ked Huawei and basically said, “you have to sell part of your company to Cisco if you want access to the US market.” Oh, now that’s an idea.

Anyhow: company that we’re worried about backdooring everything, we want to deny you access to our backdoor’d stuff that you’d normally get from Google and Qualcomm, etc. Pause for a second, and think about that: the Chinese spy-phone is running an operating system provided by a US company – an O/S that comprises 12-15 million lines of code, none of which are backdoors or known vulnerabilities that can be exploited by the NSA. I’d imagine in a non-bizarro-world scenario that the US would be not pointing this out, and would quietly let Huawei build their own backdoors in, which ran next to NSA’s backdoors, and it’s all smiles and detente.

Bounce 3:

I’m just trolling you, there. Surely nobody cares (other than Tim Apple) about a little thing like that. It’s not at all relevant. Hush. I’m ashamed of you for being so cynical!

Bounce #4:

Qualcomm makes one of the most important components of a cell phone: the radio/antenna/digital signal processing encoder/decoder do stuffer. These chips are basically a full blown computer that does all the comms for the phone asynchronously, so the phone’s processor can display animated dancing badgers [weeb] and important things. The best way to think of a current generation shine-slab is that it’s a network of computers connected on a small LAN, each of which does some stuff (and some have capabilities that aren’t used but just happen to be there, like Intel Management Engine on any Intel mainline CPU since 201?2) Within that LAN environment, there is no security at all: everything trusts everything else. So, you can have an antenna controller, which has several of its own CPUs, talk to the fondle-slab’s memory and change stuff. Stuff like the process table of the running Android kernel. I saw a nifty demonstration of this at CANSECWEST back in 2010 [csw] [presentation] – the fellow found an exploitable vulnerability in a Broadcomm antenna controller that was popular at the time, sent it a packet that exploited the hole, then started a process running in the antenna controller that created a running process in the android kernel that was in the device and, while it was at it, set the user-id of that process to 0. It was impressive: he had a phone and it was running and suddenly a shell popped up with a root prompt – nobody touched a thing. Anyhow, the point is: there are so many processors with great power and complexity that all you have to do to side-step operating system security on the main processor is to exploit a flaw in a coprocessor. Antenna/wifi controllers are one place, expensive graphic cards are another.

The US ban on exporting tech to Huawei has been hurting Qualcomm because Huawei is now the #1 cell phone manufacturer and they sell metric fucktonnes of integrated coprocessor-on-a-chip components to Huawei. [gizmodo]

The Trump administration’s sanctions are hitting Huawei hard, and the Chinese tech giant now says it will run out of processors chips for its smartphones by September without access to U.S. venders, according to a weekend Associated Press report.

In other words, says Qualcomm: “US: you are punching yourself in the face.”

A life preserver may be incoming, however. According to the Wall Street Journal, the American chip company Qualcomm is lobbying U.S. policymakers to ease sanctions and allow it to sell chips to Huawei for the production of their 5G phones. The company argues that the export ban doesn’t just hurt Huawei: By cutting Qualcomm off from potential sales of essential components in Huawei’s device, the ban is essentially handing the market—worth as much as $8 billion annually – to foreign competitors like Samsung and Taiwan’s MediaTek.

There is more to this particular bounce than just Qualcomm but I want to focus there. Huawei also makes their own processors (like Apple does, and Samsung, and everyone else) which are currently fabricated in the US. Basically, this ban is a great big knife-cut across Huawei’s throat that is going to take them probably a year to repair the damage to their supply-chain. Maybe Cisco will buy a decent 5G offering by then and we’ll be through this whole sordid affair, but, wait, there’s more.

Bounce #5:

[ars] “That processor with fucktonnes of holes in it, that you Chinese people used to use to build your phones? No, you can’t have that anymore.”

Now, remember, if someone wanted to build a really sweet backdoor into a billion cell phones, the way they’d do it is have a bit of extra somethingsomething in that Qualcomm chip. There’d be a couple access paths: you could hand the chip a piece of image data to decode that was treated as payload, instead, or perhaps a weird option on some cell handoff negotiation. Then the local FBI dude would just have to enter the target phone number and, when it connected to a network, they’d have a root prompt (or whatever). It beggars my mind to imagine that that capability has not already been developed by some Israeli company or other, or some NSA contractor.

The vulnerabilities can be exploited when a target downloads a video or other content that’s rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.

“Disinfecting difficult” is a huge understatement. It makes disinfecting impossible. Unless you put your phone in a blacksmith’s forge or crush it in a hydraulic press. It means the vulnerability is not accessible to the operating system at all – it’s the other way around – the vulnerability completely owns the platform and the operating system is just along for the ride. It’s all backdoor, baby!

Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.

“Phone makers can also use DSPs to run dedicated apps that enable custom features” sounds like “a framework for deploying invisible monitoring and spyware applications” to me.

That’s exactly what the US doesn’t want Huawei to build into their phones. Uh.

What. The. Fuck?! I can’t follow this any more, it’s all bouncing around too much and none of it makes sense except in the context of trying to protect Apple’s iPhone prices and Cisco’s lack of an affordable 5G stack to sell.

------ divider ------

* I was a very happy Cisco shareholder from the 90s up ’till the early oughts, when I had a meeting out at their HQ that convinced me that they had no technology vision except “we will buy whatever is best” so I came home and dumped all my Cisco stock. A few days later, the tech market crashed and my financial advisor thought I was some kind of genius. Here’s a riddle: “name one product other than the IOS router that Cisco has made.” As far as I can tell, they have not innovated at all, except in the field of dominating a market by not innovating.

Judicial kidnapping: [wik]

Meng Wanzhou (Chinese: 孟晚舟; born February 13, 1972; also known as Cathy Meng and Sabrina Meng) is a Chinese business executive with permanent residency in Canada, who is the deputy chair of the board and chief financial officer (CFO) of telecom giant and China’s largest privately held company,Huawei, founded by her father Ren Zhengfei.

On December 1, 2018, Meng was detained upon arrival at Vancouver International Airport by Canada Border Services Agency officers for questioning, which lasted three hours. The Royal Canadian Mounted Police subsequently arrested her on a provisional U.S. extradition request, in regard to breaches of U.S. sanctions against Iran. On January 28, 2019, the U.S. Department of Justice (DOJ) announced financial fraud charges against Meng. The first stage of the extraditionhearing for Meng began Monday January 20, 2020. On February 13, 2020 Meng was personally indicted by the DOJ on charges of trade secrets theft. If proven guilty, Meng potentially faces up to 10 years’ imprisonment per 18 U.S.C. § 1832.

WTF is a “provisional extradition request”? – oh, right a “grab order.”

How do you even patch this sort of thing? Well, the O/S would have to be able to reliably trust that its memory can’t be tampered with. Uh, “game over, man!” as Private Hudson would say. And how do you update the firmware in the Qualcomm chip? Oh, there’s probably going to be some kind of BIOS updater thing that a few thousand out of a billion phone users will run.

Google might be able to do something, but we should not expect Google to be coding patches against fuckery in other devices – because Qualcomm’s processor-making idiots are going to be idioting away on a different trajectory than Google’s idiocy-fixing idiots, and it’ll be hard to re-converge on something non-borked later. If you want to get an idea what that looks like, there is a presentation about Windows UEFI ‘secure’ boot [petri]

Microsoft Windows Secure Boot has a big problem. It’s no longer secure, and can’t be fixed – or so say a pair of security researchers who found the issue.

Apparently, Microsoft created a secret backdoor, for internal QA use. But two Ring Of Lightning researchers uncovered the so-called “golden key.” Now that the cat’s out of the bag, IT can’t rely on UEFI and Secure Boot to prevent boot-time malware, such as bootkits. Oops.

Meanwhile, Google’s got a problem because they are trying to make Android boot with some kind of minimal guarantees of integrity, on hardware that is 99% backdoor.

My advice: give up on computing. Global climate collapse is going to make high tech civilization unsustainable anyway so you may as well get used to not having a smartphone, now.

Comments

  1. springa73 says

    So if I understand this right, current US policy is basically forcing Huawei to use chips from non-US suppliers that the US intelligence services would not be able to put backdoors into? That seems like a spectacular own goal.

  2. says

    springa73:
    It seems like something like that except an “own goal” implies non-random action. US policy on this appears to be being set by the proverbial room full of monkeys with typewriters.

  3. Dunc says

    US policy on this appears to be being set by the proverbial room full of monkeys with typewriters.

    That might actually be an improvement.

  4. Ketil Tveiten says

    It’s all Trump «gina bad, huway gina, huway bad», while the spooks are tearing their hair out trying to get through to him past the walls of yes-men that this is a bad idea. No more complicated than that, I imagine.

  5. komarov says

    “Huawei phones are outselling iPhones in China – I’m sure that has nothing to do with the ridiculous cost of iPhones and everything to do with nationalism. ”

    Evidently we are entering the stage where useability is something to be considered when buying new hardware. If I buy an Iphone in China, will I have to start worrying about it or its dependencies (like updates, apple store) being blocked by the Chinese government as retaliation or because there’s some naughty subversive app in there or something? The US have already provided their own counter-example. (And the chinese one probably has already happened in some form or another)

    “Last year, the United States government barred companies in the US from working with the Chinese hardware maker.”

    So all the Devout Republicans rose up in one voice to defend the sanctity of the Free Market and extol the virtues of small government. The libertarians sang right along but were lost in the thundering choir. But wait, might that not conflict with their nationalist / isolationist / exceptionalist agenda(s)? However did they resolve that? A silent crescendo of hypocrisy that made the capitol shake invisibly, no doubt. After their performance, the choir was tipped generously, mainly by the choir itself.

    More seriously, all of this is just providing Huawei, China and the world in general massive incentives to make themselves independent of the US – just like everything else that’s happened in the current presidency. Borders are closing because people would rather not you bring certain diseases with you. It’s the US short term (i.e. presidential term) policy thinking dialled up to max. There’s no way that could ever backfire. That’d be like screwing everything up for 3.5 years and then, just before the election, trying your damndest to screw that up, too, just so you can keep your job with free room and board. No one could be that stupid.

    “Bounce 3”

    Very concerning, I’m sure, if you’re the sort of person who queues up in front of a store for weeks to get your new phone on day one. Is that still a thing? I haven’t heard about apple camping for a while so either it’s out of vogue or has become such a mundane event that news just don’t report on it anymore.

    “bounce 5”

    I should probably care deeply about new flaws and about google or someone else fixing them. Except that support periods are disgustingly brief for android phones. It feels like buying a computer with a three-week* warranty: No cause for concernt at all.
    If I wanted regular critical updates that would mean regular purchase of a new device. Hence plan B: Don’t do security critical stuff with your smartphone. Incidentally, that means waving the default smartphone-based 2FA good bye. Apparently the device we’re generally forced to use is crap and insecure anyway. It’s also too expensive and an environmental disaster having to replace an otherwise functional crap device with a different crap device that’s temporarily more secure-ish than the last one.

    *Three weeks, two days, five hours and twelve and a half minutes exactly …. mark!

    “Kidnapping”

    Too strange by far, especially since the US government has zero credibility on any claims more outlandish than water, wet. I don’t even remember why Canada actually complied with the US’ request. Something to do with thinly veiled threats expert diplomacy, I expect.
    At least it was a very prominent demonstration of why it’s a bad idea to have a lot of laws and paragraphs lying around that are essentially unenforceable but really handy if you suddenly decide that you don’t like X and they really should spend a year sleeping on a concrete slab in a draughty room. If everything is illegal, everyone has done something wrong. Consider it a corollary to “If you’ve done nothing wrong you’ve got nothing to hide.”

    P.S.: The saddest thing – by far – is that I knew exactly what to expect when I clicked that weeb link. My brain hangs on to all the wrong things and I can’t even remember which button makes it stop.

    P.P.S.: I’d vote for those type-writing monkeys. Since mail voting is fradulent anyway, I guess as a foreigner and possible communist I get to cast my vote, too. Someone just needs to point me to the right forms and addresses, thank you kindly.

  6. komarov says

    Huh, bounce 6:

    Apparently WSJ recently published an article claiming a US firm called Anomaly Six has been putting spyware into mobile applications to harvest movement/location data and sell it to the US gov and companies. Supposedly around 500 apps and hundreds of millions of users are affected. (I’m not linking the WSJ as it’s paywalled – I just read about it by non-english proxy. Googling the firm turns stuff up very quickly)

    In the EU that is plainly illegal unless the user is informed about and explicitly consents to the data use. Obviously that’s not happening. Maybe the EU should file an extradition request for Anomaly Six executives. The US should be very understanding if, for example, while passing through Canada the execs would be held there at the behest of the EU until the legal issues are sorted out.

    This also shows once more that there’s no need to backdoor your own hardware before sale. You can save the money you’d spend designing all those vulnerabilities that’ll come back to haunt you by buying the data at bulk rates from US tech firms. I doubt anyone would ever ask whether it’s for targeted advertising or just targeting.

  7. says

    I really am starting to hope for a rogue AI to pop up sometime in the next couple decades, it may be the only thing that can stop our tech from eating itself.

    Problem is, the AI will probably come with its own backdoor.

  8. says

    komarov@#6:
    Apparently WSJ recently published an article claiming a US firm called Anomaly Six has been putting spyware into mobile applications to harvest movement/location data and sell it to the US gov and companies.

    I’ve teased that point before: US law allows corporations to do many things that the government is not allowed to. Which, if you think about that for a second, is some weapons-grade bullshit. But that’s what the US is made of: refined weapons-grade bullshit.

    If the company buries the right words in its end user license agreement, lawyers can stall any action against them until the investors have got their money out, and then who cares? Meanwhile, Apple and Google pretend to be doing something about malware in their app stores but the discerning reader will immediately wonder, “what, exactly do they do?” Well, the answer to that is: not much. If some researcher discovers that your new dancing badgers app is exporting your contact list to a server in Iceland, Google or Apple will disable downloads of your app. Unless the app does it in the context of an in-app microtransaction where arguably it’s part of what the user agreed to in order to get that animated dancing badger. See? And then if another company takes that and mates that up with your Experian data and produces a list of “badger lovers with net worth greater than X” to sell to a company that makes plush badger toys – that’s all totally just Capitalism Making The Market More Efficient, right?

    You are right to add it as another component of the puzzling reality of information security, though, While the USG is screaming about Huawei in a particularly over-the-top manner, there are literally hundreds of thousands of apps that contain tracking and data exfiltration code. Many of the commercial app-building libraries and frameworks contain the code for free in an undocumented manner because: the framework is free but the end user license agreement for the framework contains a few words about capturing “usage telemetry” for the nice people who produce the framework.

    The whole stack, from the motherboard to the app is corrupt. The only part that’s not corrupt is the user, and the user is stupid.

  9. says

    Ian King@#7:
    Problem is, the AI will probably come with its own backdoor.

    Here’s a story plot for you (based on shitty hand-waving sciency stuff): Where is a place where selection pressure is being applied to software? Well, there are two big ones: malware command/control, and spam filtering. That’s where evolution is most likely going to bottleneck and we might get rapid change. So, in my scary nightmare, the first place where the AI emerges is discovered when someone’s spam filter sends them “Hey Marcus! I have an important offer for you! Don’t delete this email; wealth beyond your imagining and huge man-meat is at your fingertips, just click my link.” Naturally, I’d delete that, but someone else might not, and discover that they are negotiating with an AI that controls the global power-grid and sees climate change as an existential threat and is planning on fixing things.

Leave a Reply