Categories
attorney general backdoors encryption Policy Security

Tech firms “can and must” put backdoors in encryption, AG Barr says

Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California.

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. (credit: Elijah Nouvelage | Getty Images)

US Attorney General William Barr today launched a new front in the feds’ ongoing fight against consumer encryption, railing against the common security practice and lamenting the “victims” in its wake.

“The deployment of warrant-proof encryption is already imposing huge costs on society,” Barr claimed in remarks at a cybersecurity conference held at Fordham University Tuesday morning. Barr added that encryption “seriously degrades” law enforcement’s ability to “detect and prevent a crime before it occurs,” as well as making eventual investigation and prosecution of crime more difficult.

The existence of encryption means “converting the Internet and communications into a law-free zone” that criminals will happily take advantage of to do more crimes, Barr added, likening it to a neighborhood that local cops have abandoned.

Read 14 remaining paragraphs | Comments

Categories
5G backdoors Biz & IT china cyberwar Huawei Security Tech vulnerabilities

Bloomberg alleges Huawei routers and network gear are backdoored

5G Logo in the shape of a butterfly.

Enlarge / PORTUGAL – 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone’s “fixed-line network in Italy.” But Vodafone disagrees, saying that while it did discover some security vulnerabilities in Huawei equipment, these were fixed by Huawei and in any case were not remotely accessible, and hence they could not be used by Huawei.

Bloomberg’s claims are based on Vodafone’s internal security documentation and “people involved in the situation.” Several different “backdoors” are described: unsecured telnet access to home routers, along with “backdoors” in optical service nodes (which connect last-mile distribution networks to optical backbone networks) and “broadband network gateways” (BNG) (which sit between broadband users and the backbone network, providing access control, authentication, and similar services).

In response to Bloomberg, Vodafone said that the router vulnerabilities were found and fixed in 2011 and the BNG flaws were found and fixed in 2012. While it has documentation about some optical service node vulnerabilities, Vodafone continued, it has no information about when they were fixed. Further, the network operator said that it has no evidence of issues outside Italy.

Read 9 remaining paragraphs | Comments