• ryathal@sh.itjust.works
    link
    fedilink
    arrow-up
    108
    ·
    11 months ago

    It wouldn’t be very secret if it was published on the internet. It’s definitely a credible concern given the level of control China demands of companies operating in the country. The US also essentially has backdoors into most communication, and possibly phones as well, so it’s not that crazy for China to also have them.

    China is also very aggressive in hacking into companies. Even if they didn’t have a custom backdoor, them finding a way in and essentially banning Huawei from fixing it, is another option.

  • LillyPip@lemmy.ca
    link
    fedilink
    arrow-up
    102
    arrow-down
    14
    ·
    11 months ago

    Yes.

    Also phones made in the US have back doors that the US government can access. It’s not really secret.

    • ringwraithfish@startrek.website
      link
      fedilink
      arrow-up
      48
      arrow-down
      4
      ·
      11 months ago

      It’s secret like Area 51 is secret. We know it’s there, we know the government is doing something with it, but we don’t know fully what, when, why, or how.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      5
      ·
      edit-2
      11 months ago

      I don’t think the US Govt backdoors phones anymore … mostly because they don’t need to. They find other ways to get the information, like warrantless surveillance of Google and Apple notification servers.

      The other reason I don’t think it happens is that there are just too many security researchers trying to find exploits and backdoors. Also it’s pretty well known that any backdoor can be used against you. The NSA has an interest in domestic phones being secure.

      Granted, international models might have some alterations/backdoors… Even then, that would be egg on the face that they don’t really need if they got caught with a backdoor that applied only to international phones.

    • Lemminary@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      11
      ·
      11 months ago

      Why do these threads always circle back to the US? It’s always the obnoxious “USA bad because other country bad”

      And no, I’m not American

        • Lemminary@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          11 months ago

          I’m aware, but if that’s the answer why not include other nations, then? It’s always just the US and I find that very curious and kind of annoying when any criticism is drawn to China on Lemmy. It’s always the same knee-jerk reaction.

          Because from what I see, the degree to which that happens is kind of wide and involves way more countries than just the US and China. Source

        • Lemminary@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          11 months ago

          How is it a loaded question if the answer is a resounding “yes, it’s not a secret”? I think you mean that it’s a narrow question. If the answer is “but look at all these other nations” it would’ve been more than China and the US. By your logic, it’s also quite a loaded answer, then, don’t you think?

            • Lemminary@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              11 months ago

              The US is a very different country than any of the 30 other NATO members and often acts in direct conflict with the rest of the Western world. If I did the same and used China to represent the entirety of Asia I’d get chewed out for it, so why is the USA the face of all things people disagree with on this side of the world? Besides, using the US to contrast China creates a false dichotomy and oversimplifies the issue of mass surveillance, obfuscating both the extent and the nuance that people here claim to champion. Stop being so thick.

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    83
    arrow-down
    5
    ·
    11 months ago

    They’re definitely grabbing analytics and statistics. But so is AT&T, Verizon, T-Mobile, Apple, Amazon, Samsung, Google, Microsoft.

    If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.

    But if the US government told them to do it, they would comply and then have a gag order slapped against them to keep them from telling you it happened.

    Huawei is beholden to the Chinese government. So it works kind of in the opposite way.

    • FuglyDuck@lemmy.world
      link
      fedilink
      English
      arrow-up
      33
      ·
      11 months ago

      If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.

      More likely they’ll send an invoice. They’re already selling your data to them. (And everyone else.)

    • Skates@feddit.nl
      link
      fedilink
      arrow-up
      9
      arrow-down
      11
      ·
      11 months ago

      If the Chinese government asked any of those other companies to give them all the data they have on you in particular, They probably tell them to get bent.

      Haha what? You think there’s any chance in hell that China doesn’t get what they want from any US company? Check out this video, this is what happens when a random American says something China doesn’t like. Now go ahead and picture those companies not bending over backwards to kiss Xi’s ass if it means affecting the bottom line.

      • Queue@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        11 months ago

        John Cena is not a random American. You and I are closer to random than John Cena, a man who is internationally famous and a professional actor. That’s like saying Tom Cruise is a random American, when you know exactly who I’m talking about without googling.

        That said, yes, China censors American media and actors, and it’s horrid. The fact that films get made in America and edited for China and America, is a crime to any artful visions the writers, actors, directors, editors and more may have had. But China itself doesn’t have the time and energy to stop you or I online all the time, it barely can do it within the Great Firewall, due to the sheer scope of the population and area the country covers.

  • CluelessLemmyng@lemmy.sdf.org
    link
    fedilink
    arrow-up
    68
    arrow-down
    5
    ·
    11 months ago

    Short answer is “likely”.

    If you work in a field with sensitive data (financial, healthcare, technology, politics) you don’t get a phone designed by a China-government owned company.

  • pimento64@sopuli.xyz
    link
    fedilink
    arrow-up
    44
    ·
    edit-2
    11 months ago

    If Lenovo’s multiple rootkit fiascos are anything to go by for Chinese-corporation-designed electronics, yes.

    • Em Adespoton@lemmy.ca
      link
      fedilink
      arrow-up
      12
      arrow-down
      5
      ·
      11 months ago

      Most of Lenovo’s rootkit fiascos are due to lack of vetting bundleware providers though; Huawei is actually unlikely to have a backdoor in their phones. Their 5G infrastructure on the other hand is known to have at least two different potential backdoors designed in such a way that they may just be a chain of unfortunate vulnerabilities. Or not.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    30
    arrow-down
    2
    ·
    edit-2
    11 months ago

    So far, all of Huawei’s found potential backdoors turned out to be them being extremely terrible at writing secure software or developing secure operating procedures. No proof of backdoors just yet.

    They’ve been executing corporate espionage for ages, though, so they can’t exactly be trusted if you work in a field that may be interesting to Chinese competition.

    It’s kind of how Facebook has never been caught watching random people through your smartphone’s webcam, but you wouldn’t want that Facebook video calling thing watching you all day.

    If there is a backdoor somewhere, we probably wouldn’t know about it, or it’d be on the front page of every non-Chinese affiliated news article.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        11 months ago

        I don’t think gardeners, builders, farmers, or waiters have anything to fear. If your company is targeting locals and not doing any R&D, most data they can extract through espionage is useless. It’s not entirely black-and-white.

        They’ve never been caught abusing their software for espionage, it’s always their business people or the engineers they send over for meetings, with maybe a few planted employees, and possibly co-conspirators in universities and other Chinese institutions. They’ll also been caught being rather hacker-friendly, but no direct ties have been proven just yet.

        Their people cannot be trusted and their software developers are either malicious or dangerously incompetent. Neither is proof of any backdoor, but both are good reasons to avoid them.

        • NegativeLookBehind@kbin.social
          link
          fedilink
          arrow-up
          4
          ·
          11 months ago

          They certainly have little interest in you if you’re a waiter at some shitty restaurant, sure. But do you really think they don’t target the agricultural, construction or food industries and the technologies they may be developing?

          • Skull giver@popplesburger.hilciferous.nl
            link
            fedilink
            arrow-up
            3
            ·
            11 months ago

            Your average farmer isn’t developing any new crops, your average builder isn’t designing new construction mechanisms, and your average restaurant isn’t developing a new way to cook food. There are specific R&D centers for all that stuff. At best, the end users of that technology get to beta-test the functionality.

            There are exception to everything, but farmers wouldn’t be remortgaging their homes for drones and millimeter-precision GPS systems if they could just build that tech themselves.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      9
      ·
      11 months ago

      So far, all of Huawei’s found potential backdoors turned out to be them being extremely terrible at writing secure software or developing secure operating procedures.

      That’s how you write a backdoor in 2023 “oops… Guess I made a mistake again”

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        11 months ago

        That was always the defence, but by that standard every piece of software is full of bugs. Microsoft Windows? Gets ten to twenty backdoors closed every month! Linux? Backdoors are closed weekly! WordPress plugins? Those are just backdoors that come with a theme!

        No Cisco-style obfuscated, hard-coded admin password has ever been found in Huawei stuff. Their firmware was behind on security patches for open source software and I believe they did some firmware updates over HTTP, but in that area they’re not much worse than any of their competitors. When Vodafone did a vulnerability assessment of their network, which then got leaked, Bloomberg called telnet (within an air-gapped network) a “backdoor”, but Vodafone itself denies that. The biggest issue I remember Vodafone finding was the fact that Huawei tried to get remote management on the devices they installed so they didn’t need to be sent out to the field every time they needed to do maintenance; not uncommon for network vendors, but obviously not acceptable within carrier networks with locked-down security controls.

        If there are real backdoors, then Huawei is just better at hiding them than their western counterparts. All we have to go on right now is secret documents from government agencies that pinky-swear that they really found backdoors that no independent researcher has been able to verify. There are a lot of wild stories about Huawei backdoors on the internet, but I have yet to see proof of any of a real backdoor.

  • Queue@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    11 months ago

    Probably, but iPhones and Android have them for the Five Eyes and anyone else who is willing to pay/push for laws to make it happen. All you do with a phone is pick your poison, do you want China to spy on you, or America, the UK, or some other government or company who then sells it to the highest bidder.

    Any cell phone, dumb or smart, is a tracking device. The smarter it is, the better it is as snooping on you. Doesn’t matter how or where the phone’s hardware is made, it’s going to track you without consent. You just need to ask “Am I worried about China or am I worried about another government?” to even “If the backdoor is big enough, can third parties get me too as I walk by on the street?”

    • 50gp@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      11 months ago

      yea phones constantly ping something so at least the network operator can map out where it has been with good accuracy if you become person of interest

      • Aceticon@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        The network operator will naturally have a log of the nearest cell tower to your phone as you move around and each entry there gives an (almost, but not quite in heavilly built places because line of sight obstructions and signal bounces) circular area within which that phone was at that time (not absolutelly sure about the tower measuring and keeping logs of radiowave power levels, but if it does that circular area can be further improved to something like a torus), and the higher the density of cell towers around the phone (i.e. in cities) the smaller the areas and hence the higher location precision.

        Also, at least in the US, it’s possible to get the operator to triangulate the phone’s position using multiple towers to get a much more precise location, which is how law enforcement (and who knows who else) can find people via their phones.

        Even the dumbest of mobile phones can be tracked this way.

  • lseif@sopuli.xyz
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    11 months ago

    not trying to argue ‘both-sides’, but most likely so does the US government/five eyes/whatever for android (and sometimes ios)

  • ReginaPhalange@lemmy.world
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    11 months ago

    On the same vein, do wo know if Intel Management Engine is a NSA backdoor?
    I keep hearing about the potential of it beeing a back door, but haven’t heard an exploit using it roaming about the interwebs

    • al177@lemmy.sdf.org
      link
      fedilink
      arrow-up
      10
      ·
      11 months ago

      It’s not known to be a backdoor, but it’s a juicy attack surface that customers are largely ignorant of and provides little consumer benefit. If I were an NSA employee and my boss handed me a blank check to develop a preboot exploit for Intel PCs, I’d start with IME.

        • Pomfers@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          The platform security processor, PSP. There were some mumblings of open sourcing the implementation details of it in 2017 or so, but that never happened, so it’s still a black box that is potentially exploitable.

    • SHOW_ME_YOUR_ASSHOLE@lemm.ee
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      11 months ago

      Well I’m fucked. Thanks for sharing that link, I had no idea Google tracked what time I used Signal messenger.

      Not sure what to do with this information but I didn’t realize it was that granular.

      • Flax@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Yeah. You can turn it off or set it to delete, and I think legally Google do have to keep their word on that thankfully, but some weird shenanigans happened with incognito mode on Chrome

  • Hjalmar@feddit.nu
    link
    fedilink
    arrow-up
    59
    arrow-down
    43
    ·
    11 months ago

    It doesn’t matter if it’s a Huawei or some American phone, China, USA and others will spy on you no matter what phone you choose only the means differ. If you buy a Huawei china will have backdoors in your phone and the USA will buy all your info and if you get an American phone the USA will have backdoors and china will buy the data.

    Also I find the focus on china kinda weird. I ultimately don’t want anyone stealing my data, not even the USA. Just like china the USA has been involved in mass surveillance and a lot of war crimes. For example American soldiers have been found guilty of rapping and killing children. From Wikipedia (United States war crimes > war on terror > Iraq war):

    On 12 March 2006, a 14-year-old Iraqi girl named Abeer Qassim Hamza al-Janabi was raped and subsequently murdered along with her 34-year-old mother Fakhriyah Taha Muhasen, 45-year-old father Qassim Hamza Raheem, and 6-year-old sister Hadeel Qassim Hamza al-Janabi.

    After all of that I want to ask you one question, do you really want the USA sterling your data?
    Also what you answer that question with doesn’t matter since both china and the USA will be stealing your data no matter if you want it or which phone you buy.


    As a final note I should maybe mention that I’m not American if you haven’t figured that out yet. Also please don’t accuse me of spreading Chinese propaganda. I’m advocating against the USA and the CIA, not for china.

    Also sorry for being so political in a kind of not that political thread.

    • SRo@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      18
      arrow-down
      14
      ·
      11 months ago

      But it sounds like you are advocating for china. Look how much you wrote about another country when someone asked specifically about china and a Chinese phone manufactured in china.

      • andrewta@lemmy.world
        link
        fedilink
        arrow-up
        15
        arrow-down
        11
        ·
        11 months ago

        If you think he is advocating for China then you need to reread what was wrote

      • Hjalmar@feddit.nu
        link
        fedilink
        arrow-up
        5
        arrow-down
        3
        ·
        11 months ago

        My point is just that I don’t want anyone spying on me and it doesn’t matter if the one spying is the US, china, french or russia. They have nothing to do with my personal data.

    • phillaholic@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      11 months ago

      You’re missing the point entirely. In the US, companies can take the federal government to court to stop them. When agencies installed backdoors on Cisco equipment it was done through intercepting hardware through carriers, and individually installing them on targeted hardware. Not forcing Cisco to hand over access to every router they sold. You can argue about whether they should do that at all, but it’s not the same.

      • Hjalmar@feddit.nu
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        11 months ago

        Thank you. This is an important correction but does hover not mean that the US government isn’t spying on you through your phone, just that they, if they do it, have other means to do so. 2017 wikileaks revealed that the CIA had an immense collection of tools to hack personal phones and computers. But this probably means that they don’t hack everyone just people of special interest, which is good news 😀

        Here is the wikileaks article and here is an yahoo article.

        EDIT: of course they can also buy the data from Google.