[LINK] What's Behind the Huawei Fracas

Richard Chirgwin rchirgwin at ozemail.com.au
Wed Mar 28 20:55:55 AEDT 2012


On 28/03/12 8:24 PM, Richard Archer wrote:
> On 28/03/12 5:56 PM, Richard Chirgwin wrote:
>
>> Consider - to snoop on the NBN the Ethernet-over-fibre kit needs to
>> accomplish the following without detection by the operator:
>>
>> 1. Extract the data from the Ethernet frames,
>> 2. Decide what's interesting and what's not, and
>> 3. Send interesting stuff back to China.
> I think that might be a bit naive.
>
> If I was designing such a beast, I'd have it watch for control commands
> passing through the device as normal traffic.
>
> So all you would need to control the device is an IP or even digital
> voice connection which passes through it. Such commands could be used to
> instruct the device to do whatever you've designed into it.
Except that the NBN switch won't have an "IP" or "voice" connection; by 
the time it reaches the NBN, it will be Ethernet frames.

In-band management of an Ethernet switch exists, but if you're outside 
of the network, you need to find a way to get a router to turn an IP 
packet into a suitable Ethernet frame - and, since the routers will be 
out of NBN Co's control, you have to create some kind of "poison 
packet", which, when turned into an Ethernet frame, is interpreted as 
the Ethernet management frame.

Then, the switch has to return the information as a frame which the 
router will interpret as "This is a Phone Home packet" and route 
accordingly.

I don't say "impossible". What I do think is "unlikely to be 
unobservable to the owner of the kit, when those owners are trained 
network engineers, not home punters".
>
> The device would then act on these commands and inject the responses
> into the control stream.
>
> Your machine on the end of the link could then store/analyse the
> collected data. It would be this machine which would send the collected
> data "home".
>
> I doubt there'd be any way to easily tell the device was doing anything
> untoward. You would have to checksum all data streams into and out of
> the device and make sure they hadn't been modified in transit.
>
> As for deciding what's interesting and what's not... I expect this is
> something the experts in this field would have no trouble with.
> Especially if the code running on the device was upgradeable on the fly.
Here, I suspect that what I call "spook PR" outruns what's "easy" or 
even "doable".

You have to bury this code without arousing suspicions:
- "Why does this device have a processor twice the size of all its 
competitors, for no extra performance?"
- "How come it's got so much more memory, for no extra performance?"
- "Why are you overloading processing power and memory, but still 
delivering cheaper, even though both products come from the same Foxconn 
factory?"

All of this also presumes that no amount of reverse-engineering would 
reveal any anomolous behaviour.

If someone said "we don't like the NBN's commercial status being 
beholden to Chinese state decisions", I can believe and understand it. 
But the more I think about it, the more the "secret hacker backdoor" 
theory sounds like a smokescreen.

RC
>
> ...Richard.
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>




More information about the Link mailing list