[LINK] What's Behind the Huawei Fracas
Richard Chirgwin
rchirgwin at ozemail.com.au
Wed Mar 28 20:55:55 AEDT 2012
On 28/03/12 8:24 PM, Richard Archer wrote:
> On 28/03/12 5:56 PM, Richard Chirgwin wrote:
>
>> Consider - to snoop on the NBN the Ethernet-over-fibre kit needs to
>> accomplish the following without detection by the operator:
>>
>> 1. Extract the data from the Ethernet frames,
>> 2. Decide what's interesting and what's not, and
>> 3. Send interesting stuff back to China.
> I think that might be a bit naive.
>
> If I was designing such a beast, I'd have it watch for control commands
> passing through the device as normal traffic.
>
> So all you would need to control the device is an IP or even digital
> voice connection which passes through it. Such commands could be used to
> instruct the device to do whatever you've designed into it.
Except that the NBN switch won't have an "IP" or "voice" connection; by
the time it reaches the NBN, it will be Ethernet frames.
In-band management of an Ethernet switch exists, but if you're outside
of the network, you need to find a way to get a router to turn an IP
packet into a suitable Ethernet frame - and, since the routers will be
out of NBN Co's control, you have to create some kind of "poison
packet", which, when turned into an Ethernet frame, is interpreted as
the Ethernet management frame.
Then, the switch has to return the information as a frame which the
router will interpret as "This is a Phone Home packet" and route
accordingly.
I don't say "impossible". What I do think is "unlikely to be
unobservable to the owner of the kit, when those owners are trained
network engineers, not home punters".
>
> The device would then act on these commands and inject the responses
> into the control stream.
>
> Your machine on the end of the link could then store/analyse the
> collected data. It would be this machine which would send the collected
> data "home".
>
> I doubt there'd be any way to easily tell the device was doing anything
> untoward. You would have to checksum all data streams into and out of
> the device and make sure they hadn't been modified in transit.
>
> As for deciding what's interesting and what's not... I expect this is
> something the experts in this field would have no trouble with.
> Especially if the code running on the device was upgradeable on the fly.
Here, I suspect that what I call "spook PR" outruns what's "easy" or
even "doable".
You have to bury this code without arousing suspicions:
- "Why does this device have a processor twice the size of all its
competitors, for no extra performance?"
- "How come it's got so much more memory, for no extra performance?"
- "Why are you overloading processing power and memory, but still
delivering cheaper, even though both products come from the same Foxconn
factory?"
All of this also presumes that no amount of reverse-engineering would
reveal any anomolous behaviour.
If someone said "we don't like the NBN's commercial status being
beholden to Chinese state decisions", I can believe and understand it.
But the more I think about it, the more the "secret hacker backdoor"
theory sounds like a smokescreen.
RC
>
> ...Richard.
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list