Why is Huawei's potential spying activity a big issue given that communication protocols are supposed to be...
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked yesterday
JonathanReezJonathanReez
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked yesterday
JonathanReezJonathanReez
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago
add a comment |
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
man-in-the-middle huawei
asked yesterday
JonathanReezJonathanReez
530148
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.
But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.
This question already has an answer here:
What theoretical risks are posed by compromised 5G infrastructure?
1 answer
man-in-the-middle huawei
man-in-the-middle huawei
asked yesterday
JonathanReezJonathanReez
530148
asked yesterday
JonathanReezJonathanReez
530148
edited yesterday
JonathanReez
asked yesterday
JonathanReezJonathanReez
530148
asked yesterday
JonathanReezJonathanReez
530148
asked yesterday
JonathanReezJonathanReez
530148
530148
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Ángel, JonathanReez, AndrolGenhald, schroeder♦ yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago
add a comment |
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago
add a comment |
2 Answers
2
active
oldest
votes
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered yesterday
DoubleDDoubleD
2,5101111
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered yesterday
John DetersJohn Deters
27.6k24189
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered yesterday
DoubleDDoubleD
2,5101111
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
add a comment |
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered yesterday
DoubleDDoubleD
2,5101111
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
add a comment |
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered yesterday
DoubleDDoubleD
2,5101111
The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.
MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.
answered yesterday
DoubleDDoubleD
2,5101111
answered yesterday
DoubleDDoubleD
2,5101111
answered yesterday
DoubleDDoubleD
2,5101111
answered yesterday
DoubleDDoubleD
2,5101111
2,5101111
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
add a comment |
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
12
12
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
+1 Man in the middle is irrelevant if the man at one end is maligned.
– JMac
yesterday
3
3
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN.
– DoubleD
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
@DoubleD Worse in other ways. But a router would not be able to break the end-to-end encryption.
– Bakuriu
yesterday
2
2
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place.
– DoubleD
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
@DoubleD link fixed
– JonathanReez
yesterday
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered yesterday
John DetersJohn Deters
27.6k24189
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered yesterday
John DetersJohn Deters
27.6k24189
add a comment |
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered yesterday
John DetersJohn Deters
27.6k24189
Three huge reasons:
Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.
Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.
Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.
So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.
answered yesterday
John DetersJohn Deters
27.6k24189
answered yesterday
John DetersJohn Deters
27.6k24189
answered yesterday
John DetersJohn Deters
27.6k24189
answered yesterday
John DetersJohn Deters
27.6k24189
27.6k24189
add a comment |
add a comment |
@JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote.
– AndrolGenhald
yesterday
if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything?
– dandavis
yesterday
@AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote.
– Lie Ryan
22 hours ago
@LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before.
– AndrolGenhald
11 hours ago