Feeling insecure: Nations wary of Huawei, a reporter gets hacked, and Woz distrusts the cloud

A quick look at security worries, big and small:

• The rapid rise of Chinese telecom giant Huawei has some Western governments weighing technology needs against security. According to a report in The Economist, there is growing concern in the U.S. and Britain over trusting Huawei networking equipment and software with access to those countries’ communications networks. Critics allege Huwaei is partially owned has been heavily subsidized by the Chinese government, and suspicions persist that the company maintains close ties with the Chinese military, which could, in theory, use the networking equipment to gain backdoor access to eavesdrop on — or even shut down — those networks. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” Dmitri Alperovitch of CrowdStrike, a web-security company, told The Economist. In Britain, a cyber-security center — which works closely with GCHQ, Britain’s equivalent to America’s NSA — has been established to test Huawei products to ensure no such vulnerabilities exist, and a similarly-tasked defense contractor tests Huawei products in the U.S. and Canada. The trust issues will have to be worked out, as Huawei is becoming too big to ignore; its revenues are growing exponentially ($16 billion in the first half of 2012) and it will soon challenge Ericsson as the world’s No. 1 maker of network equipment. Ironically, the Chinese are just as wary about Western suppliers, such as Cisco and Motorola: “Both (countries) believe that the other will seek to exploit the supply chain to introduce vulnerabilities into networks and infrastructures,” a Chinese think tank recently said.

CORRECTION: I erroneously wrote Huewei was partially owned by the Chinese government. Some U.S. lawmakers and companies say Huawei is heavily subsidized by the Chinese government, but the company denies those allegations.

Apple has some explaining to do, after a tech journalist’s iCloud account was hacked and his devices were wiped clean last week. Mat Honan, a Wired reporter who formerly worked for Gizmodo, chronicled his ordeal in a gut-wrenching blog post, detailing how data on his laptop, iPad and iPhone were erased, and his Gmail and Twitter accounts taken over by hackers from the group VV3. The group then used his access to Gizmodo’s Twitter feed to post a stream of offensive content. Honan learned that the hacker had called Apple tech support and, apparently using information from Honan’s social networks to get past security questions, was able to take control of his account. The techno nightmare raises disturbing questions as to the weaknesses in Apple security and the vulnerabilities that can leave even a seasoned, tech-savvy reporter exposed. As the New York Times points out, concerns have been raised before about Apple’s ID verification process, and the dangers of using a single account and password to control such a vast array of data, from buying songs to iCloud storage to device log-ins. Apple is working to restore Honan’s lost data, but has not publicly commented on the incident.

• And expect more headaches over cloud computing, Apple co-founder Steve Wozniak told an audience Saturday in Washington. Speaking after a performance of Mike Daisey’s controversial monologue “The Agony and the Ecstasy of Steve Jobs,” Wozniak railed against the trend toward remotely storing data: “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years,” he said, according to a report by Agence France Press. “A lot of people feel, ‘Oh, everything is really on my computer,'” he said, “but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.”

Just ask Mat Honan, for one.

 

Tags: , , , , , , ,

 

Share this Post



 
 
 
  • David

    I could not agree more with Steve Wozniak, although “cloud” storage is nothing new, e.g., Microsoft SkyDrive has been around for many years and their were other cloud service providers that folded back in the dot com bust. I do believe that cyber threats to the security of cloud storage systems will continue to increase as more senstive data is moved to the cloud and becomes vulnerable to hackers. The cloud storage providers need to improve their security by keeping all customer data in a 256-bit AES encrypted environment.

  • Bob

    I completely agree that Huawai is a potential security issue. Recall how they were caught red-handed with Cisco source code as their OS. Beware.

  • Carol Chimera

    “The techno nightmare raises disturbing questions as to the weaknesses in Apple security and the vulnerabilities that can leave even a seasoned, tech-savvy reporter exposed.”

    if he was that seasoned and tech savvy, he would know better than to publish anything on his facebook (or any social media for that matter) that he also uses to answer security questions…..

  • I agree with Woz, the need for local storage will save the argument later like back in the day when a company used a Mass Mailing service and had to buy back their own Customer list… Plus the Net is not secure, every week we see another half a million users personal data stolen, credit card info etc.

    A personal Digital Library with Cloud storage as the your info available anyplace you go is the logic, with your data stored locally… or as Woz clearly said, buyer beware…

  • So what does Woz say to government agents fondling and groping his genitals as he embarks on a flight? I think Woz is missing the central point, and that is that shared information is going to be centralized, and it will become more difficult to retain personal data locally.

    For example, when someone says I can put my music and video on the Cloud, what does that mean? Upload my CD and DVD rips? Somehow I don’t see that being a great idea, for what should be obvious reasons. But I think what they really mean is that when I buy something, it will be “placed into” my private Cloud collection, or to peek under the covers, a link to that data (shared by a million other folks) will be “placed into” my personal area. So when I’m playing a music track and hear some excess jitter, “they” will blame the ISP or whoever, while all the time it’s because the server is trying to maintain 100,000 different active play-pointers into that track for streaming purposes.

    All (or nearly all) of the big software companies are gearing up for the Cloud, and if you listen carefully in the meetings, they are really, seriously planning for the Cloud to become the exclusive transaction server for everyone. In a way, using the Facebook example, that’s a certainty. But what happens when my 500 employees are busy entering and updating transactions and the Cloud has a problem? Will they be able to restore the full detail thread of those transactions very quickly so the database doesn’t get corrupted? That’s actually doubtful.

  • As a cryptographer, I’d like to point out that no known remote cryptosystem is secure against anyone except you and me and the neighbors, or small companies who can’t afford to pay real secret agents. All cryptosystems can be made secure against brute-force attacks (even if they aren’t always), but there are so many ways to get in to remote systems that physical isolation and constant surveillance are mandatory if you want real security.

  • RedRat

    Well Woz is correct about the Cloud, any cloud for that matter. Back in my day, what we now euphemistically “The Cloud” was called the “Server-Client Model”, with all of its inherent problems. One might want to think about this since everyone’s dislike of “Server-Client” is what drove the rise of the Personal Computer. I see no real advantage to “the cloud”.

  • STUART

    “PHYSICALLY REMOTE”–You mean air-gap, like the Iranians?

    These devices are for computing, designing and direct communicating. But those who cannot resist so-called social media of course will pay the piper.
    Nothing like some good old hard drives to store your stuff.

  • dermbuilder

    With the price of hard drives so low, and DVD disks costing only 25c each, for storing things you won’t access very often, I really can’t see the point of cloud storage. I have been offered free cloud storage with some purchases, but I would rather store things on my own hard drives or on DVD disks that I can hold in my own hot little hand. Letting someone else own the media that my data is stored on, NO WAY!

  • Markus Unread

    As always, convenience is inversely proportional to security.

 
 
css.php