In a move that is years overdue, the Pentagon announced on Wednesday it is banning sales of Huawei and ZTE phones at all of its base retail outlets. The reason? Security concerns. Concerns that have been shouted from the rooftops of U.S. Intelligence Chinahands (those who focus primarily on Chinese history, foreign policy and government) for close to a decade or more.
A Pentagon spokesperson told the Wall Street Journal that,
Huawei and ZTE devices may pose an unacceptable risk to the department’s personnel, information and mission. Considering this information, it was not prudent for the department’s exchanges to continue selling them.”
Huawei responded to the news in a statement to The Verge:
Huawei’s products are sold in 170 countries worldwide and meet the highest standards of security, privacy and engineering in every country we operate globally including the U.S. We remain committed to openness and transparency in everything we do and want to be clear that no government has ever asked us compromise the security or integrity of any of our networks or devices.”
The problem is … that is not the problem.
The security issues the U.S. government is worried about do not come from Huawei or ZTE’s built-in protocols, but rather, the backdoors that exist with the blessing of the Chinese government and more importantly, the Chinese intelligence and security services.
Here is just a sneak peek of some of the problems, as explained by one of SOFREP’s in-house tech subject matter experts:
These devices actively transmitted user and device information including;
- full-body of text messages
- contact lists
- call history with full telephone numbers
- unique device identifiers including IMEI
The firmware is reportedly managed by Shanghai Adups Technology Co. Ltd. and pushed to handsets over the company’s OTA (Over-the-Air) update system. The firmware updates pushed to these handsets by Adups allowed the installation and monitoring of applications without the user’s consent or knowledge. Some versions of the software also allowed device location information, the ability to bypass Android permission protocols and target data matching remotely defined keywords.
The encrypted data was transmitted securely to a server in Shanghai. This managed to bypass the detection of anti-viruses because it is assumed that all pre-installed software is benign, so it is white-listed.
The data collection and transmission capability is spread across different applications and files with data transmission varying by type of data from between every 24 – 72 hours.”
More broadly, the Chinese have been working to exploit a U.S. system relatively lackluster Supply Chain Risk Management (SCRM) capability. A source inside the Pentagon, who must remain nameless due to the extreme sensitivity of their position — told SOFREP that this is “the U.S. government trying to finally get its arms around the SCRM issue. But this is no shocker. It’s a long time coming and we still have a long way to go.”
In March of 2018, The Office of the United States Trade Representative released a report on Chinese Forced Technology Transfer. The report came at the request of President Trump citing the following reasons:
China has implemented laws, policies and practices and has taken actions related to intellectual property, innovation and technology that may encourage or require the transfer of American technology and intellectual property to enterprises in China or that may otherwise negatively affect American economic interests. These laws, policies, practices and actions may inhibit United States exports, deprive United States citizens of fair remuneration for their innovations, divert American jobs to workers in China, contribute to our trade deficit with China and otherwise undermine American manufacturing, services and innovation.
Based on the Trump request, the USTR investigated the following specific areas of China’s technology transfer regime:
- the government’s use of opaque and discretionary administrative approval processes, joint venture (JV) requirements, foreign equity limitations, procurements and other mechanisms to require or pressure the transfer of valuable U.S. technology and IP to China.
- government acts, policies and practices that deprive U.S. companies of the ability to set market-based terms in technology-related negotiations.
- governmental direction and unfair facilitation of outbound Chinese investment targeting U.S. companies and assets in key industry sectors.
- the Chinese government’s support of unauthorized intrusions into U.S. commercial computer networks or cyber-enabled theft of trade secrets and other proprietary information. The notice also requested information on other acts, policies and practices of the Chinese government related to technology transfer, IP and innovation.
These four areas are all fronts that China shops and task forces inside the U.S Intelligence Community have been working on for years. It appears that they are finally gaining some traction under this administration. Security issues involving China have often been related to the corner in favor of other, sexier target portfolios like terrorism or Russian and Iran.
Trump’s White House is putting its money where its mouth is
This latest announcement follows on the heels of a rumored crackdown on access for Chinese academic researchers to potential dual use technology programs at American universities and private research facilities. Earlier this year, measures were also undertaken to curtail China’s influence on joint ventures when a joint bill, the Foreign Investment Risk Review Modernisation Act (FIRRMA), was put forward by Senators Cornyn and Feinstein. ZTE was also recently slapped with a ban after selling to Iran.
Something is happening inside the U.S. government as it pertains to reigning in Chinese activities that have flown under the radar for decades. There appears to be a real pivot towards addressing a myriad of major security concerns. U.S. Chinahands may finally be getting their due.
Featured Image Courtesy of Baidu, altered by the author