web analytics

New Zealand’s media enjoyed a day where computer, or maybe cyber, hacking made the headlines.

Here’s the RNZ take:

National Party ‘Budget leak’: Treasury ‘deliberately hacked’ — RNZ website

There is a lot to unpack in the story. You can find that elsewhere. One thing that needs clarification is what is meant by the word ‘hacking’.

Hacking is a term that’s meaning changes depending on who uses it.

Hacking once meant one thing…

It means one thing to old school computer programmers — kids note that’s what people who wrote computer software were called before the job description was upgraded to developer.

For those people a hacker can be someone who cuts a piece of code.

It can mean someone who writes good code or it can mean someone who writes bodged code. I never quite caught the nuance there but definitely heard it used both ways in different contexts.

You may argue, but for most people this meaning of hacker is now archaic.

… it then meant another thing

It means another thing to people who work in and around computer security. Most of the time they take care not to use the word hacker. I assume that’s a least in part because there can be slightly glamorous connotations.

Or it could be they are lanugage pedants who don’t want to get in a fitght.

Many modern computer security folk prefer terms like bad actor, which makes me think of Tom Cruise.

Or maybe they talk about attackers. At one industry event, some high flying US security experts kept referring to hostiles.

Whatever. The key here is that in some security and enterprise system circles the word hacker can, but doesn’t always, refer to a person who manages to breach a system’s perimeter security and get inside.

Once again there are nuances.

Media see hacker another way

For the more excitable parts of the media, a hacker is someone who wears a balaclava while using a computer. They might also wear military fatigues.

You don’t often get to see the computer, but if you do, it’s often an old fashioned-looking computer, never a tablet or a phone, which seems odd to me, but there you go.

Another feature of this kind of hacker is they ofter work with green, text-based screens. What they do may be advanced and scary, but their computer hardware seems to come from the cold war era. More Trabant than Tesla.

Much of the media and the general public think of hackers as people who do bad things with computers. It’s not just newspapers, radio and TV journalists. When you see computer crime in movies or TV shows, the bad guys are hackers.

Far be it for me to cast aspersions on my colleagues, but there is something a tad click-baity about hacker.

As an aside, I’ve written before about how the word cyber now seems to be related to hacker. In a nutshell when something computery is good, the prefix is computer. When it’s bad the prefix is cyber.

See, “Cyber” is a bad thing…

Which explains why the great unwashed now understands the term hacker in this context.

Guilty your honour

I’ve found myself using the term, most likely incorrectly in your eyes, on TV and radio precisely because it is a shortcut to explaining things to the audience.

You might only have 120 seconds to explain something complicated. If you spend that qualifying terms defining the attack like a crusty old classics academic deconstructing Ancient Greek texts you’ve lost the audience.

It’s all Greek to them anyway.

Treasury hack

So, was this week’s Treasury Hack actually a hacking attack or was it something else? It appears that someone found some data that was stored on a web page or series of pages that had not yet been made public.

You can, I sometimes do, stumble over things like this by accident.

Now that’s not necessary hacking as we know it in 2019. It might well have been described as hacking in 1999.

You can sometimes get to these pages using spiders. This is something Google does every day. No-one thinks of that as hacking.

Dozens, even hundreds of pages on this site are spidered every day. This can include deleted pages, draft posts and posts that will never formally see the light of day,

Hostiles everywhere

If I look at the weblogs there are also thousands of probs every day where people — let’s call them hostiles, after all, it starts with an H — are looking for ways to compromise my security.

Some are easy to spot as they are calling URLs that don’t exist on my site, but might exist on some sites and can contain known vulnerabilities.

I just checked. This site, that’s little old me, had 1486 let’s say, dubious, calls in the last 24 hours.

If I’m getting that. And trust me, there is no information on here worth stealing, then a government system like Treasury will be getting an order of magnitude more probes. At least.

Another aside: There might not be anything worth stealing, but it could be worth gaining access to launch a bot attack or other mischief.

Is that hacking? Not in the sense computer professionals and geeks use the term. But it is in the sense that the media use the term and the sense the general public has come to understand the word.

You don’t have to like seeing the word used this way, but you don’t have any control over it. Those people speak a different language to you. They know what it means to them.

Navigating the Huawei story is one of the toughest jobs in technology journalism at the moment.

There are many facts and statements, lots of suppositions swirling around, but no smoking guns, no hard evidence of wrong doing. 

Huawei may have a case to answer, but that question is almost submerged now.

A lot of damage is already done, not just to Huawei but to supply chains as well. I can’t ever remember seeing a company taken down like this before.

One danger is that it could have created a precedent. Who might be next?

Huawei P30 Pro screen

The US government has blacklisted Huawei. As a result Google has stopped providing and supporting the Android software used on Huawei phones. American chip makers can no long supply technology to Huawei. The Huawei blacklist is part of a wider trade dispute between the US and China. 

Does the Huawei blacklist mean I have to stop using my phone?

No. If you already have a Huawei it will carry on working as normal for now.

Could China be spying on me through my Huawei phone?

Don’t be silly. If you’re like the average Android phone user you already let Facebook, Google and others spy on you. They make money that way.

If China wanted to casually spy on you it could buy data from one of those companies. If you’re a serious intelligence target for Chinese agents they’re probably able to spy on you regardless of your phone’s brand.

Is my Huawei phone a security risk?

No more than any other Android phone. Android is more prone to malware and nasty stuff than other phones, but this changes nothing in that department.

Huawei has not always been the best at providing necessary software updates and security patches in the past. The company says it will go on supporting existing customers.

I was thinking of buying a Huawei phone…

That’s probably not a great idea although if sales slump you may be able to pick up a bargain.

If you buy a Huawei phone today you’ll get updates for the current version of Android. It’s most likely you’ll get upgrades for the next version. After that things start to get tricky.

At the moment we’re on Android Pie. The next version, Android Q is due in a few months. Huawei has had all the code for both of these.

The next version, R, should turn up in about 14 months. The way things stand today Huawei won’t get that code.

Without official support, you could be cut adrift from the Android mothership in as little as 14 months. Huawei says it will continue with security upgrades, but you may struggle to run some apps once R is mainstream.

What about other Chinese Android phone brands?

How much of a gambler are you? The recent Huawei blacklist is specific to one company, but it’s part of an escalating trade war between the US and China. If you count yourself as cautious, then wait to see how the dust settles before buying an alternative Chinese brand.

Isn’t Android supposed to be open source?

Only up to a point.

Android has a number of layers. At the top there’s Huawei’s own software overlay, that’s EMUI on the premium phones. There’s a service layer which connects to things like the Google Play store, Maps and Gmail.

There’s a low level layer that connects the operating system to the hardware. The underlying Android operating system, AOSP is open source. Huawei will still be able to use that. It will be updated as normal.

However, Google usually shares this code with favoured phone makers months before the code is made public. Phone makers pay vast sums for this.

The blockade means Huawei will now get the code on release day, so users may wait months for upgrades.

This is how AOSP works for many smaller Chinese phone makers. If you’ve tried one of those phones you’ll know the customer experience often leaves much to be desired.

Yet it’s also how Huawei’s Chinese phone business works, so the company already knows how to deal with the restrictions.

The real problem is with those services or those of us living in western countries. If Google makes changes there could be problems for existing phone users.

Will I be cut off from Google services?

No. At least not for the foreseeable future. You might not get any new services introduced from next year on.

Is any of this covered by the Commerce Act?

That’s a good question. The simple answer is you probably won’t be able to use the Commerce Act as a way of getting your money back if the phone goes on working as normal. Although there’s an interesting precedent that suggests otherwise.

In the longer term you may have a case if a lack of software updates means the phone is, in effect, rendered useless before a reasonable period of time. 

If this happens, it won’t matter if Huawei is no longer active in New Zealand (see below). The phone retailer is liable, not the manufacturer.

What does this mean for Huawei’s phone business in New Zealand?

It’s possible the spat between the US and China blows over in a few weeks and things will return to normal. If not, it will soon be hard for Huawei to sell phones here. Anecdotal evidence says customers are already avoiding the brand.

That’s a shame because Huawei makes some of the best Android phones. It is the number three phone brand here. While it may not always look like it, Huawei acts to keep Samsung and Apple competitive.

Phones account for about half of Huawei’s revenue worldwide. Half of its sales are in China where losing Google isn’t a problem. So a quarter of the company’s revenue is at risk.

On the other hand, no-one knows if Huawei make much, if any, profit from phone sales. The Huawei blacklist could lead to the company exiting the phone market outside of China. If that’s the case, it could be doing Huawei a favour.

President Donald Trump’s latest attack on Huawei did not come as a surprise.

Earlier this month the US banned American companies from using equipment made by firms that pose a risk to national security. Chinese technology giant Huawei wasn’t named. It wasn’t necessary. Everyone got the hint.

At the same time, the US government asked American firms to withhold technology from those companies.

Google pulls Android Support

In the most dramatic move to date, Google said last week it would no longer supply the proprietary parts of its Android mobile operating system to Huawei.

At the same time American chip makers said they have stopped supplying the company. It turns out Huawei has been stockpiling some parts in anticipation of this move.

There has since been a temporary halt on the parts supply ban for existing Huawei products. Parts for new sales, which for a technology company come around fast, are still banned.

Billions at stake

We don’t know how Huawei’s investors reacted to the news, the company is in private ownership.

We do know that if the ban stays it will cost American firms billions of dollars in years to come. It could shut them out of the world’s largest consumer market. That’s been reflected in the share prices of Huawei’s US suppliers.

Trump, and America in general has been ratcheting up the pressure on Huawei for the best part of a year.

Things kicked-off in earnest months ago. Then, American officials warned the world that Chinese spies might use Huawei’s network hardware and phones.

It’s a story Huawei has denied often since spying accusations first emerged in Australia some years ago. Huawei also denies it has links to Chinese military.

Intelligence threat

More recently America threatened to withhold intelligence material for any ally with Huawei hardware on their networks.

It would be easy to dismiss America’s attack on Huawei as mere protectionism. That’s a clear part of what’s going on. Trump has since suggested he could clear up this spat if China cuts a new trade agreement with the US.

There is no evidence Huawei uses its network to spy on behalf of the Chinese government.

There is no smoking gun. Huawei’s accusers have not managed to dredge up any plausible documented evidence.

That speaks volumes.

Where Huawei is a threat

Still, Huawei represents a risk. That’s because Huawei dominates the telecommunications hardware market like no other company.

Telecommunications is essential, critical and strategic. It is a key infrastructure. Without it commerce and finance grind to a halt. So does almost everything else. Telecommunications touches almost every aspect of modern life.

America has suggested that while there’s no evidence of Huawei spying, it could hold countries to ransom.

Should, say, relations with a country deteriorate enough, China’s government might insist Huawei shuts networks. That would be a crippling blow to any economy.

Trade repercussions

It’s possible, but unlikely. The long-term repercussions for Chinese trade would be disastrous. Even threatening this would be fatal. After all who would trade with a partner who behaves like that?

And anyway, a shut-down would escalate matters. It could even tip relations over the brink with some countries. China can be aggressive, but there is no sign it is looking for a war.

There is more pressing long-term economic risk to America and the West. For the first time in living memory a Chinese company holds the key to an important, must have technology.

5G mobile

Huawei leads the way in 5G mobile telecommunications. Its technology is months, if not years, ahead of its rivals. The company has been the driving force behind the move to 5G for the past four or five years. Until the latest US intervention, it looked like Huawei would stay out in front.

A lot of the words and projections for 5G are hype. Yes it means more wireless bandwidth, but it is no more transformational than 4G or 3G.

Even so 5G is set to become a vital component of every country’s critical infrastructure. It’s not only about voice calls or web surfing. The technology is able to control power networks, sewage and logistics.

Huawei dominating this technology puts it in a very powerful position. By extension this could extend to China. The fear is the country could call in its favours from its home grown technology success story.

Technological dominance

We seen this kind of technology-lead dominance before. IBM was, in effect, the entire computing market until the late 1960s. It stayed in control of the sector until the 1980s. After that time Microsoft Windows and Intel processors defined the PC era.

In part these technologies contributed to America’s economic and technological pre-eminence. They helped America assert and project military power on a hitherto unseen scale.

There’s a fear Huawei and China could do the same1. Older readers may remember America had similar fears about Japanese technology. It appeared to pull ahead during the 1980s. The difference there was that Japan was never a military rival. 

Huawei already accounts for about a third of all telecommunications network hardware. Until recently it was on a growth trajectory. There is no reason to think that without intervention that proportion could climb to IBM or Microsoft levels of monopoly control.

Yet this frightens strategic thinkers in the US and other western nations.

Part of their concern is they worry about what it might mean for their industries if a Chinese company dominates a strategic market. They know how powerful this can be.

Embargoes

The US has often embargoed key technology product sales to out-of-favour countries. Indeed, an early chapter in the current Huawei spat came when the US accused it of violating Iran trade sanctions.

All this means Huawei doesn’t need to install backdoors in its 5G network hardware to be a threat. Not does it need to push out malicious code during software updates. There is no kill switch, but even if there was, it would be unnecessary. 

Huawei prepared for the US action. It stockpiled essential parts. It has its own mobile operating system under development and has worked to decouple its supply chains from the US.

Google that!

It’s hard to see how Huawei can stay competitive in phones without access to new Google software. It needs to offer Google search, Google Maps and other services that are now off limits. Chinese customers might live without them, customers in other markets demand and expect these services.

Huawei may stay competitive in network equipment in markets where it is still welcome. It may need US chips and software. China could, in theory either develop its own or source both elsewhere. That’s assuming the US doesn’t lean hard on other countries.

At this point things can go one of two ways. If it’s about the US putting trade pressure on China, things could blow over, albeit with some damage.

Huawei knock-out?

That’s the optimistic view. A more negative view is that America aimed to knock out China’s most prestigious technology company. It did so either to make a point or to stop Huawei from becoming too powerful.

This can backfire. China is powerful, rich and smart. America may have a more advanced software industry. It’s chip makers may be better, but China could view this as a wake up call to bolster its own industries.

Only a brave person would bet on China not catching up if it puts its shoulder to the wheel. America may have created the monster it had hoped to strangle at birth.

Disclaimer Huawei has flown me overseas three times in the last five years. I aim to take a balanced view of this story, but I’m only human. If you think I’m missing anything important feel free to comment.


  1. This argument forgets the UK government revelation that Huawei’s network software is a shambles. ↩︎

Telecommunications contracts

Once again telecommunications is New Zealand’s most complained about industry. It’s a story we’ve heard over and over. The latest report is MBIE’s New Zealand Consumer Survey 2018.

Almost one in three people buying a home service experienced a problem. That’s according to According to the Ministry of Business, Innovation & Employment.

The most common problem, almost half, is that the product or service didn’t work as expected.

home based telecommunications problems

Fixed line, mobile complaints

It’s not only fixed line home services. One in five consumers buying a mobile service had a problem in 2018.

Even allowing for overlap between the two categories, this is a lot of people. The odds are close to even that you, the reader, are among them. The chance that you know a person who had trouble is close to certainty.

Part of the problem is that telecommunications touches everyone.
MBIE says almost two-thirds, 62 percent, of consumers bought a home service in the last two years.

Even so, the category is a long way ahead of building repairs, the next most complained about sector.

Over a quarter of people surveyed say their most recent consumer problem was with telecommunications.

That’s bad. It’s diabolical. But it gets worse. MBIE goes on to say the poorest New Zealanders get a worse deal from the industry’s bad customer service. These are often the people least equipped to deal with poor service.

It adds up to another digital divide. This one looks harder to fix than lack of access. Sorting this out could do much to improve poor New Zealanders’s telecoms experience.

Telecommunications Forum CEO Geoff Thorn defends the industry. He says the sector has been working hard to improve customer satisfaction.

“We know that New Zealand consumers have access to world-class telecommunications services when measured by coverage, speed and price. However, we recognise there are areas where the telecommunications industry can improve”, Thorn says.

That’s fair enough. Although it’s unlikely outsourcing customer support to an Indian company will improve matters. Vodafone already always ranks last in surveys comparing telco performance.

New service quality regime coming

Meanwhile the TCF is working with the Commerce Commission on a new service quality regime. The two plan to develop this in the next few months.

Thorn has a point when he says the poor showing in the report: “…is not surprising given the number of connections and associated transactions people have, and that, in the case of fibre, it is new infrastructure that is being rolled out across the country.”

One area the TCF could investigate is how New Zealand compares with other countries. A quick, unscientific online search shows telecoms where there are comparable statistics.

It’s possible companies don’t set realistic customer expectations. Consumer magazine runs frequent comparisons of local company support. It’s no accident that the firms that do best are those who promise next to no support.