Any worthwhile Internet traffic should be encrypted in 2020, and if it isn’t, Huawei probably isn’t the most immediate concern.
And if it is encrypted, does it really matter who is listening?
Comments welcome, I know zilch about telecoms hardware.
I’m asking, is there really a security risk that Huawei might listen in on telecoms. Is traffic at the low level more vulnerable somehow? Is it the prevalence of unencrypted communications? Is it leaking of metadata that people are worried about?
Or maybe the higher density of 5G kit makes the attack cross-section larger somehow?
But a good question would be why 5g, and not every other computer chip in any computer and network equipment, which could be backdoored, and I doubt anyone verified the conformity of the chip to the blueprint sent to the factory.
Plus, if it's your tower, you can just switch it off, at an opportune moment.
5G operates on higher frequency and requires a larger density of base stations. If you can identify individual devices -- even without cracking the encryption they use -- then you can track them them geographically, and also conduct traffic analysis.
5G presents a potential security risk because it allows far greater granularity of device localization, even without GPS.
Other than the risks of using Opera (and other software like AirDroid, TikTok, WeChat etc), the main way I currently see users outside China being affected by similar issues is if they use Chinese Android devices, including grocery store smartphones, or those popular HDMI android dongles.
China's export of technological-enabled totalitarianism and surveillance states (especially to developing countries) is accelerating.
[1] https://www.scmp.com/abacus/culture/article/3029260/chinese-...
The specific technical risk is unknown, though. There are thousands of microcontrollers in a modern advanced electronic device. It's nearly impossible to inspect each one and see what exactly is backdoored and how.
"The extension of spectrum range has an impact on the network architecture. mmwave cells will employ shorter ranges of around 100-to-200 meters which will require extreme densification to provide high coverage. 3G networks reached densities of fourto- five base stations per km², 4G networks eight-to-ten per km², while 5G networks could reach densities of 40-to-50 per km²."
https://www.newtec.eu/article/article/choosing-the-right-con...
If your argument here is “who cares if we can trust the hardware if the encryption works” I’d encourage you to think about how you know that the encryption “works” if you can’t trust the hardware. A lot of the encryption is out of necessity far removed from the end user, it’s not exactly PGP over email. And everything is never encrypted, the operations of mobile networks require a lot of extra metadata about the operations that is still sensitive even if you completely disregard the traffic over the network.
>The average for Boston is 21 meters; New York 27 meters; Austin, TX, 28 meters; Washington 29 meters, and Chicago 38 meters.
https://www.mobilemarketer.com/ex/mobilemarketer/cms/news/re...
I got my own room in my house with it, back in the 3G/4G days. I'm not sure what modern software and hardware can do it now, but I'm pretty sure it's even more accurate even without 5G.
>The average for Boston is 21 meters; New York 27 meters; Austin, TX, 28 meters; Washington 29 meters, and Chicago 38 meters.
>A number of factors can impact location data accuracy, including its source, which can include GPS signals, Wi-Fi and cell tower triangulation.
Seems like the figures they're giving is with wifi/gps signals, not just cell tower alone.
As for metadata, is there no cryptographic schemes that make metadata extraction impossible? I’m thinking like with Covid tracking apps, you can find out whether you were in contact with someone infected, without sharing any identifiable info.
You could make an argument about metadata, which is much more questionable from the get-go.
People are concerned that Huawei / the Chinese could effectively shut down important chunks of infrastructure that would cause chaos in a city like London, and many other places, and furtermore that the implied threat of such a mishap, might be used as a form of coercion.
The parent comment was talking about being able to take advantage of the situation by making the enemy use your devices and then incapacitating their infrastructure at the perfect moment by activating the killswitch on those devices.
No that’s not required, 5G uses the same old frequencies as 2/3/4G for the bulk of the traffic, it only uses the >1Ghz frequencies for microcells in malls and other dense areas where appropriate.
National security includes things such as the prevention of over-reliance on a foreign supplier working with a foreign subversive government hell-bent on their unfair mercantilist policies. It's economic security they worry about first, which could lead to a whole host of other security issues due to lost of leverage later on.
Wouldn't traffic run through many parts of the network exposing data to even more providers? Wouldn't you be subject to any portion of the chain breaking, or being turned off?
A country using Nokia, Ericsson and Huawei is much better protected to such an attack than a company using only Nokia or only Huawei or only Ericsson, or both Nokia and Ericsson but not Huawei.
Going forward this kind of infrastructure will probably be more important than any other kind (because this will control all the others too).
Will this finally move the cost-benefit needle toward verifiable computing (open chips, open fabs, open *ware)? Who knows. But so far it seems the power brokers of the old era (eg. countries) are trying to maintain control.
Back on the tracking side of things...
AFAIKR 3G and above do not leak their IMEI/IMSI unencrypted. Of course nearly zero phones show or warn if encryption is used or not (though I think that's a setting in the SIM card).
These infrastructure plans usually come with some kind of hand over of power to China.
That's simply not true. 5G cannot achieve its advanced speeds without higher frequencies, which cannot be deployed without greater density of base stations. Higher frequencies beget faster signal falloff and greater susceptibility to obstruction. "5G needs spectrum across low, mid and high spectrum ranges to deliver widespread coverage and support all use cases. All three have important roles to play." [1]
Microcells use high-band, not mid-band, spectrum. High-band may not be useful outside of dense areas because of its reduced range, but it is essential to 5G and the FCC is releasing about 5GHz of spectrum for this purpose. Mid-band (1GHz-6GHz) is the bread and butter of 5G, and the FCC has pushed to open this part of the spectrum as much as possible for 5G to work as intended. This part of the spectrum is the most versatile, but it is in short supply [2].
Part of the challenge of 5G involves more frequent handoffs between base stations versus past generations of mobile phone radio. Similarly, 5G devices use various mitigation techniques to deal with interference from nearby base stations. For both of these reasons, there is a substantial amount of interaction between a single handset and nearby base stations that may not be presently serving it.
[1] https://www.gsma.com/spectrum/wp-content/uploads/2020/03/5G-...
[2] https://docs.fcc.gov/public/attachments/DOC-363622A1.pdf
It’s unlikely to be rolled out fully throughout the entirety of the providers network. So you’ll see it in high density areas where people are mostly outside. As I said, malls etc. Also higher speeds at the regular sub-ghz frequencies are achievable through beam-forming.
Beamforming can't overstep the physical limitations of a carrier wave, it just adapts the radiation pattern of the antenna array to improve range and reduce interference. This is useful to extend the range of high-band signals, because they operate in object-dense space with a high density of clients. It is also useful at the lower frequencies, because it allows an improvement in spectrum efficiency in an otherwise crowded part of the spectrum.
You are basically saying that beamforming allows more single-user MIMO to improve the data speed of an individual user's connection at the lower frequencies. I agree with that. However, you still need more base stations because (A) you won't see the massive advertised 5G speeds without sub-6GHz and mm-wave, and (B) you need more antennas as you improve MIMO to serve more simultaneous data streams to each individual user at sub-GHz.
I am not familiar with the authors of this paper (https://arxiv.org/pdf/1902.07678.pdf), but it offers a good explanation with some images:
The spectral efficiency of Massive MIMO grows monotonically
with the number of antennas [28]. Thus, we can expect a
future where hundreds or thousands of antennas are used to
serve a set of users. There are, however, practical limits to
how many antennas can be deployed at conventional towers
and rooftop locations, for example, determined by the array
dimensions allowed by the site owner, the weight, and the
wind load. [...] Nevertheless, the spatial multiplexing
capability of these two dimensional planar arrays in our
three-dimensional world is far from what has been demonstrated
in the academic literature, where large one-dimensional arrays
are often considered in a two-dimensional world. In many
practical deployment scenarios, the user channels are mainly
separable in the horizontal domain [35] since the variations
in elevation angle between different users and scattering
objects are relatively small. [...] However, to deploy more
than a few hundred antennas per site and to obtain a truly
massive spatial resolution in the horizontal domain, we need
new antenna deployment strategies.
Instead of gathering all the antennas in a single box,
which will be visible and heavy, the antennas can be
distributed over a substantially larger area and made
invisible by integrating them into existing construction
elements.