this post was submitted on 01 Jan 2024
192 points (94.4% liked)

No Stupid Questions

35920 readers
1077 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.

Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
ja2@lemmy.world
_MoveSwiftly@lemmy.world
Rooki@lemmy.world
Thekingoflorda@lemmy.world
automodbeta@lemmy.world
L3s@lemmy.world
192
Do Huawei phones have a secret backdoor that the Chinese government can access? (lemmy.world)
submitted 11 months ago by skeezix@lemmy.world to c/nostupidquestions@lemmy.world
78 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Dark_Arc@social.packetloss.gg 8 points 11 months ago (1 children)

So far, all of Huawei's found potential backdoors turned out to be them being extremely terrible at writing secure software or developing secure operating procedures.

That's how you write a backdoor in 2023 "oops... Guess I made a mistake again"

[–] skullgiver@popplesburger.hilciferous.nl 3 points 11 months ago (1 children)

That was always the defence, but by that standard every piece of software is full of bugs. Microsoft Windows? Gets ten to twenty backdoors closed every month! Linux? Backdoors are closed weekly! WordPress plugins? Those are just backdoors that come with a theme!

No Cisco-style obfuscated, hard-coded admin password has ever been found in Huawei stuff. Their firmware was behind on security patches for open source software and I believe they did some firmware updates over HTTP, but in that area they're not much worse than any of their competitors. When Vodafone did a vulnerability assessment of their network, which then got leaked, Bloomberg called telnet (within an air-gapped network) a "backdoor", but Vodafone itself denies that. The biggest issue I remember Vodafone finding was the fact that Huawei tried to get remote management on the devices they installed so they didn't need to be sent out to the field every time they needed to do maintenance; not uncommon for network vendors, but obviously not acceptable within carrier networks with locked-down security controls.

If there are real backdoors, then Huawei is just better at hiding them than their western counterparts. All we have to go on right now is secret documents from government agencies that pinky-swear that they really found backdoors that no independent researcher has been able to verify. There are a lot of wild stories about Huawei backdoors on the internet, but I have yet to see proof of any of a real backdoor.

[–] Dark_Arc@social.packetloss.gg 1 points 11 months ago

What you want to look for is a pattern of similar bugs that result in the same end result, e.g. https://t.me/durov/196

It can also just be bad programmers but that's kind of the point ... plausible deniability