8

As far as I understand, Huawei is currently accused of supplying hardware to Western countries that could be used for spying by the Chinese government.

But why would this be a big deal? Properly designed communication channels are supposed to be secure from MITM attacks and thus it shouldn't matter if the Chinese government has a back door. And if your communications are prone to MITM attacks, then you have a bigger problem on your hands than foreign meddling.

JonathanReez
  • 1,052
  • 1
  • 7
  • 16
  • @JonathanReez I believe there should be a button somewhere allowing you to agree with the close vote. – AndrolGenhald Feb 05 '19 at 22:27
  • if i can take a screen shot of your monitor every 5 seconds, and send it back to the mothership, what does MITM have to do with anything? – dandavis Feb 05 '19 at 22:42
  • @AndrolGenhald: once you get enough reps for the vote to close privilege, you can vote to close to agree with the close vote. – Lie Ryan Feb 06 '19 at 02:53
  • @LieRyan Yes, but I thought it was possible for the OP to agree with a duplicate vote. I know I've seen posts marked duplicate by the Community user before. – AndrolGenhald Feb 06 '19 at 14:06

2 Answers2

19

The device in your hand may have any number of measures which circumvent standard protections against MITM attacks. If you cannot trust the equipment you're touching (or otherwise interacting with), then you have serious a problem.

MITM protections typically assume that both endpoints are trustworthy, and only the intervening network is untrustworthy. When you violate this assumption, there is no effective protection.

DoubleD
  • 3,862
  • 1
  • 6
  • 14
  • 12
    +1 Man in the middle is irrelevant if the man at one end is maligned. – JMac Feb 05 '19 at 20:25
  • 3
    I can't load OP's link for details, but that's arguably worse. Routers are perimeter security devices. Compromised devices are bad in general; compromised security devices are really bad. A backdoor could allow all sorts of traffic that your network design assumes is already filtered/dropped. E.g., an outsider could perform Layer 2 attacks, or he could attack assets you have an isolated VLAN. – DoubleD Feb 05 '19 at 21:30
  • @DoubleD Worse in **other** ways. But a router would not be able to break the end-to-end encryption. – Bakuriu Feb 05 '19 at 21:41
  • 2
    @Bakuriu True in general. Notably, however, the router is the endpoint for VPLS comms and some VPN connections. It's a disaster no matter what you're using TBH. With industrial espionage from China being rampant, no one in the US should be using their gear in the first place. – DoubleD Feb 05 '19 at 21:50
  • @DoubleD link fixed – JonathanReez Feb 05 '19 at 22:23
6

Three huge reasons:

  1. Traffic analysis. You can encrypt all you want, but if I can see that you are suddenly exchanging a lot of messages with a server in Ruritania, it’s possible you are negotiating a missile treaty with them, or a contract for food, or doing something else interesting. In espionage, knowing who is talking is often more important than what they said.

  2. Security mitigations. Sometimes a critical device or system can’t be modified to bring it into security compliance within a reasonable timeframe. Imagine a large network of unpatchable IP cameras, and some hacker drops a 0-day attack on their protocol. Instead of a slow and expensive replacement process, you may be able to quickly mitigate the risk by implementing a secure tunnel at the router, either with IPSec or VPN. It’s probably never the ideal solution, but it’s a way to respond quickly to a hard situation.

  3. Malicious injection. A compromised device can allow an attacker a route into your network bypassing all your perimeter security or detection devices. Not everyone can keep up with patching hundreds of thousands of desktops and servers the minute that patches are released. (Not to mention the risk of deploying untested patches simultaneously on all redundant critical systems.) Patching the perimeter is much quicker than patching all the internal devices; firewalls help defenders buy time in these cases.

So no, having a compromised router is not good for your security. Nobody’s networks are perfect 100% of the time.

John Deters
  • 33,650
  • 3
  • 57
  • 110