{"id":247579,"date":"2021-05-12T12:19:53","date_gmt":"2021-05-12T09:19:53","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/"},"modified":"2021-05-12T12:19:53","modified_gmt":"2021-05-12T09:19:53","slug":"huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/","title":{"rendered":"#Huawei eavesdropped on 6.5 million Dutch mobile users \u2014 here\u2019s how"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a33596e3653a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a33596e3653a\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/#Commercial_pressures\" >Commercial pressures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/#Outsourcing_gone_too_far\" >Outsourcing gone too far<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/#Administrator_access\" >Administrator access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\/#Are_changes_needed\" >Are changes needed?<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#Huawei eavesdropped on 6.5 million Dutch mobile users \u2014 here\u2019s how<\/strong>&#8221;<\/p>\n<div>Chinese <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> provider Huawei was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theguardian.com\/technology\/2021\/apr\/19\/huawei-may-have-eavesdropped-on-dutch-mobile-networks-calls\">recently accused<\/a> of being able to monitor all calls made using Dutch mobile operator KPN. The revelations are from a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.silicon.co.uk\/5g\/dutch-report-huawei-kpn-monitoring-393727\">secret 2010 report<\/a> made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei infrastructure.<\/p>\n<p>While the full report on the issue has not been made public, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nltimes.nl\/2021\/04\/17\/huawei-able-eavesdrop-dutch-mobile-network-kpn-report\">journalists reporting on the story<\/a> have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN\u2019s network \u2013 including the call data of millions of Dutch citizens \u2013 and that a lack of records meant KPN couldn\u2019t establish how often this h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ened.<\/p>\n<p>Both KPN and Huawei have denied any impropriety, though in the years since the 2010 report, Huawei has increasingly found itself labeled a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/can-huawei-survive-the-us-sanctions-144810\">high-risk vendor<\/a> for telecoms companies to work with, including by the UK\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ncsc.gov.uk\/files\/Advice-on-use-equipment-from-high-risk-vendors-in-UK-telecoms.pdf\">National Cyber Security Centre<\/a>.<\/p>\n<p>To better understand this story, and to consider whether other telecoms networks may have had similar security vulnerabilities to KPN\u2019s, we need to look at how complex mobile networks are run. KPN essentially granted Huawei \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.telecomtv.com\/content\/security\/kpn-shaken-to-the-core-by-huawei-espionage-allegations-41287\/\">administrator rights<\/a>\u201d to its mobile network by outsourcing work to the Chinese firm. Legislation is only now catching up to prevent similar vulnerabilities in telecoms security.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Commercial_pressures\"><\/span>Commercial pressures<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Huawei is one of the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cntechpost.com\/2021\/03\/09\/huaweis-share-of-global-telecoms-equipment-market-increases-to-31\/\">three dominant radio equipment providers<\/a> in the world, alongside Ericsson and Nokia. These giant technology companies provide the base stations and equipment that deliver mobile phone signals. Operators like KPN increasingly pay these companies not only to buy the equipment, but also for them to support and maintain it.<\/p>\n<p>The telecoms market in which KPN operates is one of the most price-competitive in the world. European mobile operators saw <a rel=\"nofollow noopener\" target=\"_blank\">average revenues per user in 2019<\/a> of \u20ac14.90 (\u00a312.85) a month, compared with \u20ac36.90 a month in the USA. European spend on telecoms services are also <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/technews.tmcnet.com\/channels\/mobile-voip\/articles\/230239-european-mobile-service-providers-face-arpu-issues.htm\">reducing<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ofcom.org.uk\/__data\/assets\/pdf_file\/0017\/105074\/cmr-2017-uk.pdf\">year-on-year<\/a> as operators compete to offer the best deals to consumers.<\/p>\n<p>Lower revenues force operators to carefully manage costs. This means that operators have been keen to outsource parts of their businesses to third parties, <a rel=\"nofollow noopener\" target=\"_blank\">especially since the late 2000s<\/a>.<\/p>\n<p>Large numbers of highly skilled engineers are an expensive liability to have on the balance sheet, and can often appear underused when things are running smoothly. Such jobs are often outsourced, with <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.mobileworldlive.com\/asia\/asia-news\/optus-to-cut-jobs-after-outsourcing-to-nokia\">personnel transferring<\/a> to the outsourced provider, to help operators to cut their payroll costs.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Outsourcing_gone_too_far\"><\/span>Outsourcing gone too far<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When everything is working, very few people notice outsourcing. But when things go wrong, outsourcing can often significantly complicate recovery, or create a large \u201csingle point of failure\u201d or security issue.<\/p>\n<p>In the UK, for instance, mobile operator O2 has seen <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theregister.com\/2012\/07\/13\/o2_outage_cause\/\">at least one outage<\/a> which has been linked to the use of outsourced functions. Where large numbers of operators <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/telecoms.com\/491082\/inside-ericsson\/\">rely on the same outsourcing partner<\/a>, any issue or security breach affecting the outsourced provider can have a widespread impact.<\/p>\n<p>Still, outsourcing by mobile operators is widespread. And firms in the UK and across Europe have often turned to Huawei to provide <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.mobileeurope.co.uk\/press-wire\/9588-three-uk-joins-telefonica-by-outsourcing-core-management-to-huawei\">IT services<\/a> and to help build <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.information-age.com\/o2-outsources-core-network-management-to-huawei-2103318\/\">core networks<\/a>. In 2010, Huawei was managing the security-critical functions of KPN\u2019s core network.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Administrator_access\"><\/span>Administrator access<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>At the same time, equipment suppliers like Huawei are trying to move away from merely selling equipment and towards providing a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.thefastmode.com\/expert-opinion\/18162-the-ultimate-guide-to-open-ran-openran-integration-part-2-integration-stages-and-models\">managed service<\/a>, including installation, maintenance, and support. This helps them create recurring revenue in an industry that has <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly been dominated by large five-year or ten-year purchasing cycles.<\/p>\n<p>But as these vendors add services to their repertoire, they gain wider access to the mobile networks they work with. This could include <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ncsc.gov.uk\/files\/Advice-on-use-equipment-from-high-risk-vendors-in-UK-telecoms.pdf\">certain security-critical parts<\/a> of telecoms networks, which are often designed to work in trusted, secure environments.<\/p>\n<p>In the scenario where a vendor like Huawei also provides a managed service, they find themselves sitting in a uniquely privileged position, with inside knowledge of their own equipment, and with direct access to trusted management interfaces.<\/p>\n<p>This creates the high-tech equivalent of putting all your eggs in one basket. It\u2019s akin to giving the combinations of the bank vault to the same security guard in charge of the CCTV camera footage. It\u2019s difficult to reliably monitor operations carried out by the vendor without relying on that vendor\u2019s own software.<\/p>\n<p>In cases where a vendor has been designated as high-risk as a result of their <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/923309\/Huawei_Cyber_Security_Evaluation_Centre__HCSEC__Oversight_Board-_annual_report_2020.pdf\">own product security practices<\/a>, it\u2019s very difficult to know whether that vendor didn\u2019t do anything untoward. This is the situation KPN apparently found themselves in with Huawei back in 2010.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Are_changes_needed\"><\/span>Are changes needed?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>With at least one operator aiming to reduce European operating expenditure by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ft.com\/content\/8d2287ad-d0a3-4972-9b0d-9e32846f3164\">\u20ac1.2 billion<\/a>, and 5G deployments bringing new opportunities for managed services and software-based solutions to be used in networks, decisions around outsourcing will continue to play an important role for mobile operators going forwards.<\/p>\n<p>But legislation is rapidly catching up. The UK has proposed a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.gov.uk\/government\/collections\/telecommunications-security-bill\">telecoms security bill<\/a>, and associated <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.gov.uk\/government\/publications\/draft-electronic-communications-security-measures-regulations\">draft secondary legislation<\/a> includes requirements for network operators to monitor all activity carried out by third-party providers, to identify and manage the risks of using them, and to have a plan in place to maintain normal network operations if their supplier\u2019s service is disrupted.<\/p>\n<p>For some operators, it\u2019s conceivable this might mean bringing key skills back in-house to ensure there\u2019s someone watching the (outsourced) watchmen. In the case of KPN, these measures would likely have prevented Huawei from having seemingly unchecked and privileged access to its customers\u2019 mobile data.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img loading=\"lazy\" decoding=\"async\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"js-lazy\" src=\"https:\/\/counter.theconversation.com\/content\/160316\/count.gif?distributor=republish-lightbox-basic\"\/><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https:\/\/theconversation.com\/republishing-guidelines --><\/p>\n<p><noscript><img loading=\"lazy\" decoding=\"async\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" src=\"https:\/\/counter.theconversation.com\/content\/160316\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" class=\"\" srcset=\"\"\/><\/noscript><\/p>\n<p><em>This article by\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/greig-paul-602705\">Greig Paul<\/a>, Lead Mobile Networks and Security Engineer, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/university-of-strathclyde-1287\">University of Strathclyde<\/a> is republished from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/huaweis-ability-to-eavesdrop-on-dutch-mobile-users-is-a-wake-up-call-for-the-telecoms-industry-160316\">original article<\/a>.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/huawei-eavesdropped-on-6-5-million-dutch-mobile-users-heres-how\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Huawei eavesdropped on 6.5 million Dutch mobile users \u2014 here\u2019s how&#8221; Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN. The revelations are from a secret 2010 report made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei&#8230;<\/p>\n","protected":false},"author":1,"featured_media":247580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/05\/huawei-man.jpg&signature=d3d166ee8c76f69ff2dc7ffe85b6c0ef","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-247579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/247579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=247579"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/247579\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/247580"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=247579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=247579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=247579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}