Skip to main content

Trump’s Sanctions on China Are Making Huawei Phones Less Secure

After the US government cracked down on Chinese tech giant Huawei last week, Google became the first American company to follow the ban.

On Sunday, after Reuters first reported the news, Google admitted it is complying with the US government order and will shut down its business relationship with the Chinese company. Huawei is the world’s third largest smartphone maker after Samsung and Apple, and the company uses Google's Android OS on its phones. According to the company, half a billion people use Huawei cellphones around the world. So this ban has huge ramifications, especially in Europe, where Huawei has a 17 percent market share.

So what does this ban mean in practice for consumers who have a Huawei phone?

Google did not immediately respond to a series of questions about this ban. The company only sent a statement: “We are complying with the order and reviewing the implications. For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices.”

Huawei said that it “will continue to provide security updates and after sales services to all existing Huawei and Honor smartphone and tablet products covering those have been sold or still in stock globally.”

“We will continue to build a safe and sustainable software ecosystem, in order to provide the best experience for all users globally,” the statement concluded.

Have a tip about Huawei? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

As the BBC explained in a thorough article, Google’s decision will not impact people who already have a Huawei device, or those who buy the new company's flagship device, set to be unveiled today. But future phones will not get the Play Store, any Google apps, and other tools provided by Google that are not strictly part of Android’s open source codebase.

That also means that Google will stop giving Huawei code for its security fixes one month before they get released. This means Huawei will get the code only when it goes live, potentially making Huawei users less secure, because those handsets will likely take longer to get critical security patches.

That’s because hackers could be faster at reverse engineering the Google patches and developing exploits before Huawei’s own engineers develop fixes and customize it for Huawei devices. This is what people in the industry call “Ndays,” a play on zero-days. These kind of exploits are not zero-days because they are known to the vendor, but they still work because the bugs they rely on are not patched.

"I think it's going to make it more of an attractive target, we constantly say make sure your device is updated and if this is not the case and that put users at risk," Daniel Cuthbert, the global head of security research at Santander, said in an online chat.

In other words, from now on, the security of Huawei’s devices is even more in the hands of Huawei, which is probably bad news because the company doesn’t really have a good track record in terms of security. But how bad it will really be for Huawei users is too early to tell.

“Is that worse than others? Not really,” Stefan Edwards, a security researcher at Trail of Bits said in an online chat “Like Samsung has to port things often because they do so much dumb shit to their Android installs.”

According to Jon Sawyer, a security researcher who has studied Android phones for years, Huawei phones have had really bad bugs, especially years ago.

“They had a lot of security issues. A lot of ‘that might be a backdoor’ thing,” Sawyer said in an online chat, explaining that, however, a lot of Android phones have had these problems.

That’s why in Motherboard’s Guide To Not Getting Hacked, we recommend going with the Pixel or other phones that get vanilla Android. These are the only phones that are guaranteed to get early security updates, making exploitation a bit harder.

This story has been updated to include Cuthbert's comment.

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.



from VICE http://bit.ly/2JSBBLt
Labels:

Comments

Post a Comment

Popular posts from this blog

REPORT: Furious Spike Lee Paces Aisle, Turns Back To Stage...

REPORT: Furious Spike Lee Paces Aisle, Turns Back To Stage... (Top headline, 5th story, link ) Related stories: REVIEW: Hostless Show Starts With Rock & Rolls Off Rails... Actor knocks borders, walls during speech in Spanish... Stage designed to look like Trump hair? 'GREEN BOOK' OVERCOMES BACKLASH, NABS BEST PICTURE... Top Critics Fume... LIST: WINNERS... Advertise here from Drudge Report Feed https://ift.tt/2SUpIKy
Post a Comment
Read more

Tiny Love Stories: ‘Who Was I to Deprive Him of Joy?’

By Unknown Author from NYT Style https://ift.tt/2UV7YAG
Post a Comment
Read more

The Ugly History of Dual-Loyalty Charges

When Representative Ilhan Omar recently complained about “the political influence in this country that says it is okay to push for allegiance to a foreign country,” many noted accurately that she had deployed a trope—dual loyalty—that had been used against Jews for years. But this accusation has a broader history in the United States, having been used against several religious minorities—including Muslims like Omar. Indeed, many battles over religious freedom have revolved around dual-loyalty claims. [ Read: Ilhan Omar just made it harder to have a nuanced debate about Israel ] In the 19th century, many attacks on Catholics stressed that these immigrants were pawns of a foreign power. In the 1830s, Samuel Morse—then a prominent painter and later the inventor of the telegraph—urged Americans to build “walls” and “gates” to keep out Catholic immigrants, who would always be loyal to Rome. Because these Catholic immigrants were decrepit —“halt, and blind, and naked”—they were easy to co...
Post a Comment
Read more