The former head of the U.S. Central Intelligence Agency said he is aware of hard evidence that Huawei Technologies Co Ltd has spied for the Chinese government, the Australian Financial Review newspaper reported on Friday.
Yet various governments IT departments still buy their equipment.
via Former CIA boss says aware of evidence Huawei spying for China | Reuters.
The last time I ventured into the waters of software-defined radio (SDR) was seven years ago, when I reviewed Matt Ettus’s Universal Software Radio Peripheral. While it’s an excellent product, the basic motherboard at the time cost US $550; daughterboards for different frequency ranges cost $75 to $275 [see “Hardware for Your Software Radio,” IEEE Spectrum, October 2006]. And I spent more than a few frustrating hours compiling the needed software on my MacBook Pro. This time I was able to get my feet wet for about $40—and the software took about 2 minutes to download, install, and run.
US commercial wireless infrastructure, really worldwide infrastructure, is amazingly vulnerable to exploitation, hacking, monitoring and the like. In part this is because it was originally designed to be so ubiquitous and backwards compatible. It is also so insecure because its grown so rapidly and organically. Finally it is insecure because commercial vendors, in part due to the rapid growth but more importantly due to sales and innovation cycles, have focused on features and meeting market demands not security or the potential ways the protocols they have rapidly developed might be exploited. The issues with our wireless infrastructure have not really become a major issue in part because, perhaps with the exception of 802.11 WiFi, detecting, intercepting, and manipulation wireless signals was very difficult and expensive. With the advent of SDR’s this has changed. Now researchers with five or ten thousand USD can do some really interesting work with wireless protocols. That being said in the last 4 or 5 years we occasionally see researches find or demonstrate exploits in wireless systems they still have not become common due to the shear difficulty of working with many of the COTS SDR’s and open source platforms. This is about to change.
Recently with the advent of very cheap SDR’s (like the one mentioned above), open source protocol stacks, open source base station’s, and internet communities dedicated to documenting and understanding various wireless protocols more and more security researchers and just general hobbyists have started to take serious looks at commercial radio systems. With tools like the RTL2832U and various other cheap SDR’s and researchers hobbyists are starting to find and document all sore of security issues in everything from alarm systems, smart meters, critical infrastructures, to UTMS and LTE. Researchers at places like Department 13 have even demonstrated some capabilities with low cost commercial radios that, until recently, did not exist outside multimillion dollar SIGINT and EW systems. For this reason the proliferation of cheap SDR’s and tools for working with and manipulation radio’s is perhaps a far greater immediate concern that 3D printing weapons and additive manufacturing. We believe this in that while additive manufacturing in the next couple of years has the potentially to greatly lower the bar for the development of various types of weapons they will not be real game changers; with perhaps the exception of the ability to generate WMD but that is probably farther out that a few years. SDR’s and the aforementioned technologies and trends could allow individuals, for very cheap, the ability to manipulate radios in ways that could potentially cause vast damage. While we won’t explore these scenarios here it should take very little imagination realize the impact of cheap, throw away, and small EW platforms.
via A $40 Software-Defined Radio – IEEE Spectrum.
Ordo 13 