US says it can prove Huawei has backdoor access to mobile-phone networks : technology
The factor about backdoors is that the door should be accessible. In a community with end-to-core encryption (e.g. cellular networks) this seemingly requires bodily access to the core. If governments and operators denied Huawei bodily access, the place would the door exist?
By necessity, a covert DIRECT backdoor in cellular community core gear might solely function in one of many following methods:
wirelessly (not by way of the backdoored community itself)
by way of the community itself in a approach that can not be detected
by way of social assaults (impractical)
with the operator’s consent
1, three and four are all very far-fetched, which leaves a more likely assault floor, the whole function of the core – to reply to messages from the sting.
A specially-crafted message could possibly be injected from the sting, to instruct the core to tweak behaviour. It could possibly be an harmless community connect message referencing a non-existent IMEI followed-up shortly by one other set of IMEIs ending with a selected set of digits, seemingly random, however simply sufficient to set off the backdoor by way of the signalling community and instruct behaviour modifications for a given subscriber’s config. Perhaps a selected machine can be made to use a unique DNS server than regular, and bam, you’ve got full access to site visitors to/from any machine you select.
Just saying, that is how it may occur. That’s how I might do it, and in , NOT within the audited agency/software program. Not your chipsets, not your community.