- Oct 1, 2019
- 1,120
Snooping accusations Huawei/ZTE mentioned in confidential report dating back to 2010
Dutch quality news paper "de Volkskrant" published a scoop today on a audit report from Cap Gemini conducted in 2010 on a security evaluation on Dutch mobile network of KPN. The consultancy firm found evidence that employees of Huawei had access to Call Detail Records and voice content. The report from 2010 was kept secret because decision makers involved feared KPN (mobile) to go bankrupt when this news would have been disclosed.
How Huawei gained access
For quality purpose a Mobile Network Operator has an option to listen for a few seconds to any phone call (without an order from Police or Justice). Huawei employees should only have access to this build-in tap (for quality check purpose) after receiving a temporary access code from KPN security employees. Not only did Huawei bypass this internal security mechanism by accessing this option directly, they also misused this quality check option by extending this tap from a few seconds to the full call length. Obviously this is not according to contract Huawei had with Dutch Telecom operator KPN (and Dutch law).
Huawei also managed to gain access to the heavily secured the "phone tap" system called 'Lawful Intercept" which is used by operators when justice or police asks to track and tap phone calls for legal purposes. The article hints that Huawei replaced encryption with a weaker version, which could be hacked (and probably was hacked). The quote from the consultancy mentions "weak encryption" for 2010 standards.
Impact not limited to Dutch telecom operator KPN
The KPN did a follow up study at their German mobile daughter E-plus, which used ZTE equipment (also Chinese) and the findings were the same. Those Huawei/ZTE systems are also used by Vodaphone and T-mobile to mention two of the largest EU-telecom operators. So it is very unlikely Huawei only limited this snooping to Dutch operator (since British and German operators are economical and political much more interesting than the Netherlands).
Reliabilty of this disclosure
Dutch reporters accompanying Dutch politicians to Chinese trade travels noticed that the politicians used burners to communicate during trade meetings. This adds to the credibility to the story beside the fact that the Volkskrant is the source. The Volkskrant is not a tabloid, but a quality newspaper with a sound journalistic reputation. The Volkskrant together with NRC and Parool are reliable quality news papers, who also were involved in the Panama papers disclosure.
My take
For me this settles the dispute on Chinese companies scooping in behalf of the Chinese government. The US-based accusations in regard to Chinese vendors are probably true. I used to think that the commercial stake would be higher for Huawei and ZTE than the political stake (they would be banned from Western communication infrastructure when US accusations were true). This is the reason I also bought a Chinese router (TP-link). I am not going to buy another router (I am not a person of interest
), but I am never going to buy Chinese communication devices anymore.
Smoking gun awating approval
I noticed this post is awaiting approval. Because of the impact I can onderstand that mods want to check on this smoking gun. Maybe @Gandalf_The_Grey, @rain2reign or @Jan Willy could confirm this Volkskrant article (because they read Dutch )
Dutch quality news paper "de Volkskrant" published a scoop today on a audit report from Cap Gemini conducted in 2010 on a security evaluation on Dutch mobile network of KPN. The consultancy firm found evidence that employees of Huawei had access to Call Detail Records and voice content. The report from 2010 was kept secret because decision makers involved feared KPN (mobile) to go bankrupt when this news would have been disclosed.
How Huawei gained access
For quality purpose a Mobile Network Operator has an option to listen for a few seconds to any phone call (without an order from Police or Justice). Huawei employees should only have access to this build-in tap (for quality check purpose) after receiving a temporary access code from KPN security employees. Not only did Huawei bypass this internal security mechanism by accessing this option directly, they also misused this quality check option by extending this tap from a few seconds to the full call length. Obviously this is not according to contract Huawei had with Dutch Telecom operator KPN (and Dutch law).
Huawei also managed to gain access to the heavily secured the "phone tap" system called 'Lawful Intercept" which is used by operators when justice or police asks to track and tap phone calls for legal purposes. The article hints that Huawei replaced encryption with a weaker version, which could be hacked (and probably was hacked). The quote from the consultancy mentions "weak encryption" for 2010 standards.
Impact not limited to Dutch telecom operator KPN
The KPN did a follow up study at their German mobile daughter E-plus, which used ZTE equipment (also Chinese) and the findings were the same. Those Huawei/ZTE systems are also used by Vodaphone and T-mobile to mention two of the largest EU-telecom operators. So it is very unlikely Huawei only limited this snooping to Dutch operator (since British and German operators are economical and political much more interesting than the Netherlands).
Reliabilty of this disclosure
Dutch reporters accompanying Dutch politicians to Chinese trade travels noticed that the politicians used burners to communicate during trade meetings. This adds to the credibility to the story beside the fact that the Volkskrant is the source. The Volkskrant is not a tabloid, but a quality newspaper with a sound journalistic reputation. The Volkskrant together with NRC and Parool are reliable quality news papers, who also were involved in the Panama papers disclosure.
My take
For me this settles the dispute on Chinese companies scooping in behalf of the Chinese government. The US-based accusations in regard to Chinese vendors are probably true. I used to think that the commercial stake would be higher for Huawei and ZTE than the political stake (they would be banned from Western communication infrastructure when US accusations were true). This is the reason I also bought a Chinese router (TP-link). I am not going to buy another router (I am not a person of interest
), but I am never going to buy Chinese communication devices anymore.Smoking gun awating approval
I noticed this post is awaiting approval. Because of the impact I can onderstand that mods want to check on this smoking gun. Maybe @Gandalf_The_Grey, @rain2reign or @Jan Willy could confirm this Volkskrant article (because they read Dutch
)
Last edited:
