What's the real danger of relying on Huawei's 5G technology?
Huawei-made telecom equipment could facilitate espionage by Chinese government, says researcher
Around the world, telecommunications companies are starting to develop the next generation of mobile networks — the 5G network.
5G promises to be 10 to 20 times faster than current wireless connections and is designed to serve medical devices, self-driving cars and other connected technology.
To create that network, many of those telecoms hope to use equipment from the Chinese tech company Huawei. But several countries, including Australia and New Zealand, have banned Huawei parts from some or all of their mobile infrastructure. Canada is currently conducting a review of whether to follow suit. U.S. security officials, in particular, have warned Huawei's products could be used as a backdoor to espionage by the Chinese government.
Christopher Parsons is a research associate at the Citizen Lab in the Munk School at the University of Toronto.
He spoke to Spark host Nora Young about how countries are dealing with integrating Huawei into the 5G networks.
Here is part of their conversation.
Huawei's participation in creating the 5G network has raised alarms in some countries, including here in Canada where they're seen as a potential security threat. Why?
There's a few different things. In terms of the equipment they're selling, one is the possibility that these products, when they're sold into Canada, could subsequently be modified. The firmware could be modified through an update, or Huawei China may push an update and that could be compromising. So you could be in a situation where the traffic lights, rather than turning green, turn yellow.
- What will your phone get from one more G?
- Possible ban on Huawei over national security could delay 5G rollout, Telus says
Another concern is that all of these pieces of electronics, just like our phones, just like our computers, they run operating systems. And so the operating system could be updated and that could also have a backdoor to some sort of modifications. And a backdoor just means that a third party, who isn't authorised, can go in and muck around with the equipment.
It's always possible that the world's routers could be updated, but it's probably not very likely. It'd be more likely to be specific routers or specific devices in specific parts of the network.
So that might be a tower proximate to an important person or important location. It could be the light bulbs that you have.
There's one concern that's a lot more pernicious. All of these devices run on software, just like our phones, just like everything else. And we all know we get security updates all the time because code is hard to do, it's hard to do securely, and we find bugs and we patch them all the time.
And so one of the concerns would be that one of these bugs exists, not deliberately, it's just a coding error, and Huawei is actually prevented from providing the update to its customers.
And so, in that kind of a situation, you can see Chinese security services saying, "Oh, here's this really productive useful vulnerability. We don't want that going away," and then they actually issue a notice to Huawei saying, "You are not permitted to patch this."
And so what have other countries done in response to this hypothetical threat?
There's been three, turning into two major responses.
One is outright bans. Australia in particular said, "Huawei, your products are not permitted in the space."
The U.S. government has taken sort of a middle position. It may be moving more towards the Australian and said, "Well for certain networks — certainly those that touch government services — you're not allowed to have Huawei."
And then you have this sort of curious British model. What the agreement there has been is the company has set up a research centre that's overseen by former heads of GCHQ (Government Communications Headquarters) — the U.K. version of the NSA — and there are code level audits to make sure that the equipment coming in actually is what it says it is — how the firmware works, how the software works — to make sure there aren't any vulnerabilities or strange vagaries in the code.
The difficulty, however, is the GCHQ doesn't have full confidence that the testing they're doing is fully representative of the equipment that actually gets into vendors' hands. And so there's the prospect that an update could happen.
Canada initially was moving toward a U.K. model, like, "We'll set this up. We'll examine it." And that's still sort of the government's position, but it's been shifting a fair bit.
So what do you think the Canadian government is going to decide, or maybe ought to decide?
I think the Canadian government is in a really tough and rocky space.
Just at a technical level, you're seeing in the United States significant political pressure, not just from the intelligence services — the NSA and GCHQ have been warning about Huawei for a long time — but you're seeing pressure in the sense that there are real concerns that if Canada adopts Huawei equipment then it could somehow interfere or undermine the security of U.S. systems, because our two networks are so deeply interconnected.
There's also a fraying relationship between China and Canada right now. And I think saying, "Yes, Huawei can come in," might do something to ameliorate some of that fraying relationship, but at the expense of upsetting our southern partner.
This is a political decision in the end. I think that you can make strong security arguments that it's probably not a great idea to be encouraging this equipment in our infrastructures. There's good economic reasons for why private companies want to do it, but I think it's going to come down to politics.
This interview has been edited for length and clarity. Click the listen button above to hear the full conversation.