Security when buying tech


#1

I was wondering what attention you all pay to security when looking at new tech, if any?

Browsing the watch thread, I noticed lots of people with Huawei devices, which made me think of this:

And as a OnePlus owner, I think back nervously to this sort of thing:

What impact do these reports have on you? Would you change (or have you changed) your buying habits because of them?


And how the hell do you actually pronounce Huawei?!


(Kevyn) #2

I tend to keep with well known brands who have yet to have major security problems, like Apple, and encrypt data on cloud storage with Boxcryptor or Cryptomator.

Huawei is pronounced “Wah-Way” I believe.


#3

With a bit of a ‘huh’ sound on the front, so huhWah-Way, though most just go with Wah.

Personally I wouldn’t trust Chinese manufacturers as far as I could throw them - there are multiple instances of hardware cracks installed in the silicon of Apps Processors.


#4

Excuse my ignorance - do you mean hardware backdoors into phones?


#5

A modern mobile phone has two main processors, the Apps Processor (usually a bunch of ARMs) which does the pretty stuff and the Baseband Processor which handles the RF.

There have been instances of the Apps processor having a hardware back door - basically gives the malicious program kernel level access.

This explains the concept and this is an early example.

There was a whole spate of Chinese phones sending data back to servers like this but that is just firmware hacking.

There was something in the industry press last year about a root crack in an apps processor but I can’t find it right now.


(Jai Sullivan) #6

It’s actually Wah-way with a silent ‘H’ — It’s always mispronounced with the ‘H’.


(Jai Sullivan) #7

The majority of us get our fixed-line broadband through Huawei network equipment :man_technologist:t2:


#8

You learn something everyday - been mispronouncing it for years!


(Jai Sullivan) #9

I was the same up until very recently! :grimacing:


#10

I should have no excuse, I deal with them!


#11

Just time to look at this now. Fascinating, I didn’t know that this was possible.

Out of interest, what relevance is the apps vs baseband processor? Reading your first link, it sounds like any form of processor would be vulnerable. Could they both fall victim?


#12

Good question. Any form of processor could be compromised, but I suspect the apps processor is the more interesting one as it would do the encryption and encapsulation of data.

The baseband processor acts like a modem, so I’m not sure how compromising it would help a rogue actor. It may be able to inject data though, so could possibly be used for tracking people. Generally it is not running a full OS as such, more likely a specialist realtime system, so I’d think, harder to hack.


(Andre Borie) #13

The baseband processor acts like a modem, so I’m not sure how compromising it would help a rogue actor.

A lot of shitty phones share main memory with the baseband processor, which means that processor can compromise the whole system by rewriting kernel memory.

But in most cases the modem is the least of your worries. The never-updated OS (thanks Android) is a much bigger attack surface.

Just buy an iPhone or a Pixel and don’t worry too much about it.


#14

How about Android One (in particular, on Nokia/HMD) as lower cost option?


#15

Home routers provided by smaller/cheaper broadband companies are also usually Huawei and Huawei is big in the UK telecom sector. They provide all sorts of hardware for cell phone towers and network.
They are big in the UK but huge worldwide.


(Allie) #16

Wah-way

And I do think about it but not a huge amount. Mostly if things will get updates regularly. Which Huawei is bad at…


(Ravi) #17

I’ve been taking security more and more seriously ever since I read about Matt Honan’s hacking back in 2012.

I value getting updates so generally stick to Google / Apple gear and go the extra mile with my long, unique password and 2FA.

I’m much more easy going on sharing generic personal data but when it comes the important stuff I don’t mess around.


(Andre Borie) #18

I would be concerned about cases like this: https://threader.app/thread/1051204370543648770

Sure, Google and Apple (to a lesser extent) also spy on you, but at least it’s one actor you more or less trust (otherwise don’t run their software). The concern with lower-cost devices is that the manufacturer will also spy on you in addition of the developer of whatever OS you’re running.


(Eve) #19

I’d still say it’s a soft quick ‘h’ sound (ie hWA-way) if you listen to the Chinese pronunciation of it, but most non-Chinese speakers put too much emphasis on the hard ‘h’ sound so ‘wah-way’ sounds closer and more achievable.


#20

That’s what I was trying to say - when I’ve heard it said by Chinese speakers, the first w sound is not the same as the second w. The latter is a harder wuh sound.