Why is Huawei's potential spying activity a big issue given that communication protocols are supposed to be...
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked 4 hours ago
JonathanReezJonathanReez
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ 1 hour ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked 4 hours ago
JonathanReezJonathanReez
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ 1 hour ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago
add a comment |
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked 4 hours ago
JonathanReezJonathanReez
530148
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
man-in-the-middle huawei
man-in-the-middle huawei
asked 4 hours ago
JonathanReezJonathanReez
530148
asked 4 hours ago
JonathanReezJonathanReez
530148
edited 2 hours ago
JonathanReez
asked 4 hours ago
JonathanReezJonathanReez
530148
asked 4 hours ago
JonathanReezJonathanReez
530148
asked 4 hours ago
JonathanReezJonathanReez
530148
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ 1 hour ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ 1 hour ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago
add a comment |
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago
add a comment |
2 Answers
2
active
oldest
votes
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered 4 hours ago
DoubleDDoubleD
2,4901111
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
|
show 1 more comment
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered 3 hours ago
John DetersJohn Deters
27.6k24189
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered 4 hours ago
DoubleDDoubleD
2,4901111
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
|
show 1 more comment
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered 4 hours ago
DoubleDDoubleD
2,4901111
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
|
show 1 more comment
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered 4 hours ago
DoubleDDoubleD
2,4901111
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered 4 hours ago
DoubleDDoubleD
2,4901111
answered 4 hours ago
DoubleDDoubleD
2,4901111
answered 4 hours ago
DoubleDDoubleD
2,4901111
answered 4 hours ago
DoubleDDoubleD
2,4901111
2,4901111
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
|
show 1 more comment
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
11
11
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
4 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
But isn't the big brouhaha over Huawei's routers rather than any endpoints?
– JonathanReez
3 hours ago
3
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
2 hours ago
2
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
2 hours ago
|
show 1 more comment
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered 3 hours ago
John DetersJohn Deters
27.6k24189
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered 3 hours ago
John DetersJohn Deters
27.6k24189
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered 3 hours ago
John DetersJohn Deters
27.6k24189
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered 3 hours ago
John DetersJohn Deters
27.6k24189
answered 3 hours ago
John DetersJohn Deters
27.6k24189
answered 3 hours ago
John DetersJohn Deters
27.6k24189
answered 3 hours ago
John DetersJohn Deters
27.6k24189
27.6k24189
add a comment |
add a comment |
@Ángel agreed, could be closed as a duplicate
– JonathanReez
2 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
1 hour ago
@AndrolGenhald weirdly enough I don't see it
– JonathanReez
1 hour ago
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
1 hour ago