5G Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the “internet of things,” is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.

But keeping untrusted companies like Huawei out of Western infrastructure isn’t enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards—­the protocols and software for 5G—­ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security.

To be sure, there are significant security improvements in 5G over 4G­in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren’t enough.

The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it.

Second, there’s so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems.

Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

Already problems are being discovered. In November 2019, researchers published vulnerabilities that allow 5G users to be tracked in real time, be sent fake emergency alerts, or be disconnected from the 5G network altogether. And this wasn’t the first reporting to find issues in 5G protocols and implementations.

Chinese, Iranians, North Koreans, and Russians have been breaking into U.S. networks for years without having any control over the hardware, the software, or the companies that produce the devices. (And the U.S. National Security Agency, or NSA, has been breaking into foreign networks for years without having to coerce companies into deliberately adding backdoors.) Nothing in 5G prevents these activities from continuing, even increasing, in the future.

Solutions are few and far between and not very satisfying. It’s really too late to secure 5G networks. Susan Gordon, then-U.S. principal deputy director of national intelligence, had it right when she said last March: “You have to presume a dirty network.” Indeed, the United States needs to accept 5G’s insecurities and build secure systems on top of it. In some cases, doing so isn’t hard: Adding encryption to an iPhone or a messaging system like WhatsApp provides security from eavesdropping, and distributed protocols provide security from disruption­—regardless of how insecure the network they operate on is. In other cases, it’s impossible. If your smartphone is vulnerable to a downloaded exploit, it doesn’t matter how secure the networking protocols are. Often, the task will be somewhere in between these two extremes.

5G security is just one of the many areas in which near-term corporate profits prevailed against broader social good. In a capitalist free market economy, the only solution is to regulate companies, and the United States has not shown any serious appetite for that.

What’s more, U.S. intelligence agencies like the NSA rely on inadvertent insecurities for their worldwide data collection efforts, and law enforcement agencies like the FBI have even tried to introduce new ones to make their own data collection efforts easier. Again, near-term self-interest has so far triumphed over society’s long-term best interests.

In turn, rather than mustering a major effort to fix 5G, what’s most likely to happen is that the United States will muddle along with the problems the network has, as it has done for decades. Maybe things will be different with 6G, which is starting to be discussed in technical standards committees. The U.S. House of Representatives just passed a bill directing the State Department to participate in the international standards-setting process so that it is just run by telecommunications operators and more interested countries, but there is no chance of that measure becoming law.

The geopolitics of 5G are complicated, involving a lot more than security. China is subsidizing the purchase of its companies’ networking equipment in countries around the world. The technology will quickly become critical national infrastructure, and security problems will become life-threatening. Both criminal attacks and government cyber-operations will become more common and more damaging. Eventually, Washington will have do so something. That something will be difficult and expensive—­let’s hope it won’t also be too late.

This essay previously appeared in Foreign Policy.

EDITED TO ADD (1/16): Slashdot thread.

EDITED TO ADD (3/16): This essay has been translated into Spanish.

EDITED TO ADD: This essay has been translated into Portuguese.

Posted on January 14, 2020 at 7:42 AM30 Comments


Faustus January 14, 2020 8:17 AM

Bruce refers to WhatsApp frequently and Signal not so much. I am sure that WhatsApp, being under the Facebook umbrella, is still being mined as much as possible, if only for metadata, but I also have little doubt that Facebook subverts their own encryption when it suits them. They have been caught again and again in lies and misrepresentations.

I use Signal. Is there any dirt on Signal I should know about?

JonKnowsNothing January 14, 2020 8:24 AM


Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access.

You could have done much better than this trope.

The USA isn’t any different. There are the 5EY folks and every LEO on the planet demanding exactly the same thing.

The US Fed is leaning on Apple over the failed Trump Immigration Vetting preventing a pile of military grade “not wanteds” being admitted to a US Military Training Program and Demanding Backdoors (Again)

iirc-badly: Which is one reason China years ago stopped buying IBM mainframes and started building their own code base and their own hardware to go with it. There were questions about backdoors in US HW+SW. Most of this got covered up back in the days when we thought “we were the good guys” and wouldn’t believe the US would do anything like THAT. One photo was all it took to tell us how wrong we were.

Security of the upcoming porous system is of importance but it isn’t going to happen. All that juicy data is going to be flying across the globe to anyone who wants it.

ht tps://www.emptywheel.net/2020/01/14/is-bill-barr-picking-a-fight-with-apple-to-distract-from-the-failure-of-trumps-social-media-vetting/

ht tps://arstechnica.com/tech-policy/2020/01/fbi-seeks-apples-help-in-unlocking-iphones-belonging-to-pensacola-gunman/

ht tps://www.theguardian.com/technology/2020/jan/14/johnson-huawei-critics-must-tell-us-whats-the-alternative
(url fractured to prevent autorun)

Anders January 14, 2020 10:51 AM


You might review this essay – in the course of
copy/paste lot of spaces took a walk.



(and then please feel free to delete this comment)

David Leppik January 14, 2020 11:08 AM

Eventually, Washington will have do so something

That’s what I’ve been saying about healthcare for decades! I’m starting to doubt the inevitability that cooler/wiser heads will prevail.

phil January 14, 2020 12:05 PM

“The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access.”

Little difference from the US then really.

Sok Puppette January 14, 2020 12:43 PM

untrusted companies

All companies have to be untrusted, and that has always been the case. Always.

There are no trustworthy companies. Not trustworthy enough that you can bet any widespread infrastructure on them. Not trustworthy enough that you can let them become monocultures, or even members of two-or-three-cultures. Not in any country. They can all be pressured or infiltrated by somebody. They all have complicated incentives that you don’t understand, and those incentives may change at any time.

Eliminating all unnecessary points of trust is a fundamental security principal… as you well know.

A corollary of that is that if you are allowing any secret, unauditable, or even single-source technology to become important to your system, then you show you’re not serious about security. You have to tell profiteers, marketeers, and bean counters to shove their “intellectual property” and their barriers to entry… or you’re just wasting everybody’s time.

It’s really too late to secure 5G networks.

Secure them how, exactly? The only function that any network should be offering is delivering messages, unmodified, to their intended recipients. Therefore that is the only thing you should be trying to ensure, and the only thing you should be using to measure their “security”.

In particular, if you are relying on any network to guarantee the integrity or provenance of any message without unforgeable checks in place to make tampering futile, or to provide any confidentiality whatsoever, or even to deliver messages in the first place without some way of detecting failure to perform, then you are doing it wrong. No (realistic) network can ever provide those guarantees… because every network will always be operated by some company, which you should not be trusting.

“Dirty networks” aren’t new. “Dirty networks” are basically a law of nature, and there’s nothing you can do about that fact.

Expat January 14, 2020 1:54 PM

Another one of the ideas forced upon us by those who are betting everything on a hyper-bottled and automated future is the progress of high-capacity telephone networks, which are currently crowned by the new 5G protocol.
The discussion of why the introduction of 5G is the closest thing in the field of telecommunications to the construction of the moais of Easter Island, that is, the swan song before the collapse, would need a post by itself.
Suffice for it to say here that in order to have the gigantic bandwidths that are both advertised and proclaimed to us by the virtues of 5G, electromagnetic waves of frequencies well above those currently being used and which probably will be associated with millimeter wavelengths, ought to be implemented.

The wavelength is an important aspect, because the ability of an electromagnetic wave to “circumvent” an obstacle depends on how long the wave is. Conventional radio waves, with lengths in the metric range, can easily circumvent a span such as a window or a door, while microwaves, with lengths in a centimeter range, are greatly attenuated if there is no relatively direct unobstructed pathway or view between the emitter and the receiver, furthermore if the range of visible light is considered (scales below the micron range or thousandth of a millimeter) the energy is so focused that illuminated areas coexist right next to other shadow areas not being illuminated by the nature of physics, simply depending on where and in what direction is the light waves are emitted.

It is estimated that with 5G technology, using the higher frequency bands (and therefore higher bandwidth to transmit data more quickly) to be able to have a good receiver-sender link quality the number of antennas would have to be multiplied by 5 with respect to the current 4G standard. In addition, in interior areas, repeaters would have to be strategically arranged to be able to improve the interior coverage, since each obstacle (wall, door, etc.) would greatly attenuate the signal. With these approaches, it is clear that 5G is a megalomaniac idea that only makes sense under the assumption that the world has unlimited resources to spare and that we can upholster it with antennas to be able to transmit the latest fashion movies in about 1.2 seconds.

Curious January 14, 2020 2:07 PM

“It’s really too late to secure 5G networks”

Maybe Mr. Schneier gives us an example how to do this, fast and properly, so that they are indisputably SECURE, for decades to come?

SpaceLifeForm January 14, 2020 3:20 PM

@ Expat

“With these approaches, it is clear that 5G is a megalomaniac idea that only makes sense under the assumption that the world has unlimited resources to spare and that we can upholster it with antennas to be able to transmit the latest fashion movies in about 1.2 seconds.”

ATT no longer wants to roll out anything that requires further digging.

They are pushing 5g. Looks like a can on a pole.

But, I’m sure they will rent you an antenna at the right price.

Clive Robinson January 14, 2020 8:56 PM

@ Bruce,

That something will be difficult and expensive­let’s hope it won’t also be too late.

Those strange noises you hear are the distant sound of hoofbeats and the stable door in the wind…

With regards

Maybe things will be different with 6G, which is starting to be discussed in technical standards committees.

The story filtering out is that the US is already hinting with a big heavy stick “no Chinese tech” with the subtext of “Only US tech”.

The chances are that neither 5G or 6G will ever get implemented as anything other that “finance district” coverage.

Keep your eye on 4G LTE, because unless thus new sulphur-LiPo batteries with their 6x storage capability become a reality handsets and similar are not going to deal with the increased power needs of 5G let alone 6G.

But there are other issues, the use of microwave frequences to get the sorts of bandwidth people talk about don’t like wet tree leaves let alone metalized glass and brick walls. As for those soggy sacks of salty water that have pockets, the microwaves like them even less than wet tree leaves…

The ideal frequencies for mobile phones are actually around 700MHz, but the bandwidth is low.

maybe January 15, 2020 6:48 AM

One of the better 5G sec summaries I saw…congrats that is rare….

Some aspects are missing. The SBA (core network service based architecture) is based on IT protocols ie. htttp2, json, restapi. Which means that there are more “tools” out there for good and bad…
Yeah and getting the authentication & authz right for that one is going to be interesting…..
The NEF Network exposure function is opening up the core network to the external parties. How that weird-industry-protocol-to-weird-telco-flavour-of-REST-API firewall will look like that is a good question…..
Not to mention that GTP_U between operators still is not properly protected in 5G “per default”.

There are tools & guidelines how to deal with those risks, but in the past the US has not been very keen of regulating the cellular industry and usually most stuff (exception robocalls) ended up in a “guideline”. And security costs money, so guess what happens…

Peter Schneider January 15, 2020 6:59 AM


I agree to a lot of your arguments, but I think you are wrong about the role of the “5G standards committees”, when you say that they have missed opportunities by making new security features optional. Bodies like 3GPP have no means to force operators to use security. National authorities do have, and they have also the power to FORBID the use of security such as encryption. You say it yourself: “operators even ignored security features defined as mandatory in the standard”.

You claim that security “was treated as an afterthought” – how would you substantiate this claim? Note that early 3GPP documents clearly state security requirements, the 3GPP security group (SA3) has conducted extensive studies before the normative work started, and publicly funded 5G research projects have considered 5G security right from the beginning.

You refer to research papers that have been published, uncovering flaws in the 5G security specification. I have read all these papers. While some of the issues are real, this does not mean security was treated as an afterthought. Note also the statement of the GSMA quoted in the TechCrunch article you refer to, about one of the papers: The claimed vulnerabilities have been “judged as nil or low-impact in practice”. This is in line with my own analysis. These potential protocol flaws are insignificant compared to the general software and supply chain vulnerabilities.

Faustus January 15, 2020 7:26 AM

@Peter Nader



Per wikipedia Signal had some seemingly minor issues that were addressed throughout the 2010’s. Maybe the piece referred to them. Thanks for the information.

Clive Robinson January 15, 2020 11:04 AM

@ Faustus, zajic,

With regards,

I use Signal. Is there any dirt on Signal I should know about?

In the specific or general?

It’s reasonably probable that Signal like all such complex applications has vulnerabilities, and that they can be exploited. That’s true of most software applications that are getting on toward being moderatly complex.

That as they say is a fact of life. Likewise is the fact that currently the security of Signal in of little or no relevance to anyone trying to maintain “privacy”.

Because even in the very unlikely event Signal has no vulnerabilities other applications and the OS certainly do, and with the communications channel endpoint being on the same device as Signal’s plaintext output to the user being on the same device an attacker has three choices,

1, Attack the OS and lower in the stack.
2, Attack other Applications at the same stack level and above.
3, Attack the Signal application at, above, and below Signals position in the stack.

As in our “walled garden” smart device market the user has no control over the other applications or the OS, an attacker has little reason to attack Signal at all, they can simply do an “End Run” attack around to the user interface with little difficulty.

Bill January 15, 2020 2:36 PM

@Jonathan Wilson:

“Why do cellular standards need to be so complex in the first place?”

Because we want our technology to do everything including wiping our bums. And all wirelessly.

1&1~=Umm January 15, 2020 7:34 PM

@Bill: @Jonathan Wilson:

“including wiping our bums. And all wirelessly.”

Yes ‘wiping our bums’ with wire might bring a pained look to say the least of it.

Remember folks that the packet says ‘Pot Scourer’ not ‘Bot Scourer’…

Topher Eliot January 16, 2020 12:06 PM


The U.S. House of Representatives just passed a bill directing the State Department to participate in the international standards-setting process so that it is just run by telecommunications operators and more interested countries

Is there a “not” missing from this?

TRX January 21, 2020 12:00 PM


Signal claims to be open source, but there’s no link to the source code on their web site. There’s a github project that claims to be the source, but it’s not linked from the Signal site.

They also don’t provide the app directly; only through the Google or Apple app stores, which means, at least with Android, you have to pwn your clean LineageOS install with Google’s own spyware before you can even download it.

That’s two major trust fails, even if the app is legitimate.

JS February 10, 2020 8:09 AM

Your main Points:
The Telecoms industry hasn’t solved 4G issues
1. There are already misses in 5G and it is too late to fix
2. Beijing would use “Chinese-made 5G networking equipment” for remote access or for interception.
3. Beijing could access to “Chinese-made 5G networking equipment” to degrade or disrupt communications services.
4. 5G standard is not secure and not mandatory.

Your basic premise is wrong in your article. First the Telecom Industry through 3GPP have studied the issues in 4G and ensured they are not carried forward to 5G. According to the 3GPP website “The reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.” 5G has the following security enhancements over 4G:
− Enhanced cryptographic algorithms: 5G standards have defined security mechanisms such as 256-bit key transmission, and future 5G standards will support 256-bit cryptographic algorithms capable of mitigating attacks by quantum computers.
− Enhanced privacy protection: In 2G/3G/4G networks, users’ permanent IDs (international mobile subscriber identities — IMSIs) are transmitted in plaintext over the air interface. This leaves users vulnerable to being tracked by attackers. In 5G networks, IMSIs are transmitted in ciphertext, effectively mitigating such attacks.
− Operator roaming security: Operators usually need to set up connections via third-party operators’ devices, which can be manipulated by attackers to forge legitimate core network nodes to initiate Signaling System 7 (SS7) and other attacks. 5G defines Security Edge Protection Proxy (SEPP) to implement E2E security protection for inter-operator signaling at the transport and application strata through IP security mechanisms such as Transport Layer Security (TLS) and Javascript Object Signing and Encryption (JOSE).
− User plane integrity protection over the air interface: 2G/3G/4G networks provide no integrity protection for communications between users and networks, leaving communications content vulnerable to being tampered with by attackers. 5G provides user plane integrity protection to defend against such attacks.
− Service Based Architecture (SBA) domain security: The new 5G SBA domain security includes network function registration, discovery, and authorization security mechanisms and protocols, effectively addressing security risks posed by the SBA.
We do accept that the base technology is only one part of the security environment that needs considering and we fully agree that the complete value chain needs securing. We support that view.

Your point about 5G standard is not mandatory. I am not sure what you mean by mandatory, I assume by mandatory you mean legally mandatory? No they are not but we would support such a move.

You say it is too late to influence 5G. Clearly you are not knowledgeable on how the Telecoms Industry works. Currently release 15 is frozen, but work is still ongoing on the standards for release 16 and 17. If you have a positive contribution to make you have plenty of time. Do not sit on the side whingeing and whining please take positive action and make a contribution.

During 2018, 74 different companies (including their subsidiaries) plus a few agencies, sent technical experts to the seven 3GPP SA3 meetings, expending 2676 staff days and submitting 3574 documents devoted specifically to 5G security specifications and liaison communications. The metrics for the top four participating entities are shown below and can be openly obtained from the SA3 portal site.
Staff Days Entity
305 Huawei
170 Ericsson
170 Qualcomm
140 China Mobile

For your reference Huawei has made, by far the largest contribution to 5G security recommendations. For the last 4 years (2016-2019) Huawei has submitted 1609 5G security proposals and more than 1800 security proposals to 3GPP SA3. Based on who is contributing the most to security proposals Huawei is the NO.1 contributor in security standard work. In contrast those that complain the most have made the least input. To put it bluntly USA complains 99% of the time yet I cannot find one security recommendation from the USA Government or its Agencies.

Huawei invests over twice as much on R&D as Ericsson and Nokia combined and in 2020 we will increase that even further.

You also seem to fail to understand other vendors. All the major telecom vendors, have located their R&D or manufacturing facilities in China.

a) Ericsson in China:
• Employee: 11,000 employee, ~11.6% of Global 94,580, and 5000 of them are R&D employee
• Research: 5 Innovation Centers, incl. one 5G Innovation Center
• Manufacture and supply chain: Nanjing is the largest Telecom System Manufacture and Supply Center, including 5G.

b) Nokia in China:
• Business Units: Nokia Shanghai Bell Ltd(owned by China Government 50%, NOKIA 50%+1)
• Employee: 16,000+ employee, ~15.5% of Global 103,000. for R&D, more than 10,000 (i.e. ~1/3 R&D) employee in China
• Manufacture and supply chain: 4 Telecom System Manufacture Base(Dongguan, Shenzhen, Beijing, Suzhou)

Nokia is part owned by the Chinese Government and their CEO is appointed by the Chinese Government. So much of the US infrastructure that uses Ericsson, Nokia is made in China. Any USA classified networks running Nokia…oh dear. The CEO is the CCP Party Secretary and Chairman of Shanghai Nokia-Bell Co., Ltd. since July 2017 From January 2002 to June 2017, he served as the CCP party secretary and chairman of Shanghai Bell Co., Ltd.
So where is the actual risk coming from?

We need grown up conversations, with grown up people about security. The Telecoms Industry is good at doing this, we have done it since the days of 3G.

You say that Beijing could get access to “Chinese-made 5G networking equipment” to degrade or disrupt communications services. Do they really need to rely on 5G? How many vulnerabilities were published last year across all the major vendors? How many were critical? How many were zero day? How many major flaws have been discussed within this forum? This is not a 5G issue. This is not a China issue. We seem to forget Mr. Snowden’s revelations, the NSA and other Governments are not waiting for 5G they are happily crawling over global infrastructure

@Bruce less shoddy reporting, more analysis, more considered thinking please. If you want to come and see for yourself, please let me know and I will host you in our labs and manufacturing centers…. You might want to wait a few months!

Clive Robinson February 10, 2020 9:48 AM

@ JS,

Whilst your points are as far as I can see –and remember– are accurate. There is a serious problem.

Firstly it matters not a jot who designs or manufactures the equipment. At the end of the day due to issues within the industry all the manufacturers will end up using somebody elses chips or chip masks in their designs and not be able to test them as being secure.

Secondly all the security measures you talk about are in effect above the CPU ISA level in the computing stack. As we have seen with RowHammer and Meltdown there are always attacks lower down the computing stack that will “bubble up” and make a nonsense of any security processes higher up the computing stack.

Which is why people keep forgeting the cardinal rule of systems,

    Any exploit you add to a system is not “your exploit” it will become “everybody’s exploit”. By accident or design all systems of any use will have exploits, therefore “all systems are vulnerable to everybody that can reach them”.

Those are the realities of life, the rest is politics and usually jingoistic or zenophobic politics at that.

Appart from the first paragraph and a half[1], @Bruces article is fairly matter of fact about all Governments and their IC and LEO guard labour’s interests in surveilance. Basically all Governments that can spy will spy, and if they can not spy they will find some way to spy, be it by forcing changes in legislation or paying others.

As for Huawei I actually feel sorry for them, they have done way more than any other of the companies you mention to ensure that they are seen to be being not just open but honest. It’s fairly clear that it is the US attacking them not because of the risk of spying but the “Open Market” threat they present to the US telco industry and the very weakened state it’s in due to the past third of a century of “self inflicted wounds” by managment outsourcing and all maner of other short sighted “shareholdet pleasing” activities, in this respect they are little different to Enron or the Banks etc. But the solutions to this US-Corp problem are the subject for another day.

[1] Which in the current faux news and distorted MSM reporting is insignificant (and an editor would probably push for a “more inline” series of mods that would be wotse if it was not there…).

Nick Levinson February 16, 2020 10:17 PM

Aren’t most major microprocessors and microcircuity systems beyond being completely reverse-engineered, in practical terms, to identify all of the functionality and bugs (exploitable and otherwise)?

Even when someone can reverse-engineer in full one of them, doesn’t that take so long that a new microprocessor or microcircuitry system model would be in use before the first one has been entirely reverse-engineered?

I found this: https://reverseengineering.stackexchange.com/questions/5878/reverse-engineering-modern-intel-cpus

I don’t know; I’m asking. I ask because if it is impractical even for major governments, which can of course do partial reverse-engineering with some benefit, then banning the products of a Chinese company for the usually-stated reason is a waste.

If so, wouldn’t the ban be rather like a world heavyweight boxing champion objecting to a 98-pound weakling entering the ring because he might wallop the champ? The Chinese likely have substantial programming skills, but if their or anyone else’s major product is bug-free that’ll be bigger news than a ban.

JonKnowsNothing February 17, 2020 1:46 AM

Nick Levinson

NAren’t most major microprocessors and microcircuity systems beyond being completely reverse-engineered

generically there are several considerations to achieving a “reverse engineered” of anything.

  1. Copyright and/or Patents.
    If the item has either of these then it depends on the jurisdiction and who is doing the reversing. If the jurisdiction you are in doesn’t give a toss about either then the reversing will go ahead.
  2. Copyright applies to the software.
    If you are going ahead with a reverse you need to black-box/white-box the outputs if you wish to avoid court but only if you are in a jurisdiction that matters. Pull down menus vs Throw up menus, Quick Keys and Keyboard Shortcuts all have had issues.
  3. Patents may apply to software and/or hardware.
    In USA Patents must detail how something is done. So you can read all about it but if someone can show that you used the word “Muggle” after another person used “Muggle” in a timeline, you end up in court.
  4. Costs.
    In the normal course of business, reversing goes on all the time. We call it me-too products. They don’t reverse stuff that doesn’t pay. If it doesn’t pay they create an adversarial version. Mutually exclusive products.
  5. Time. In market driven systems anything that takes more time than the pay off doesn’t happen. Even when it can be shown that X,Y,Z would make money it doesn’t always happen. IBM shed their PC division (eons ago) not because it didn’t make money, it did. It didn’t make ENOUGH money for the Blues to be Happy.

For governments anywhere that have a budget for such things, none of the above matter. They can spend what they want. They can hire, threaten or corrupt folks into helping the “home team” efforts. Any STATE can out-spend and out-class an individual company. They can also direct companies to do the work for them.

So, if a government wants to do a reverse, they can throw as many people as they like at the problem. Think Manhattan Project.

It would be unlikely that the some of this has not been done already, which is what the excitement is about.

The question isn’t can they do it or have they done it but exactly what is it they found and why does it “jeopardize military intelligence and alliances”? The US isn’t saying and they apparently aren’t saying enough to the folks the USA want to convince.

Nick Levinson February 22, 2020 3:15 AM

National security and the international legal right to self-defense (the right to try to continue existing, for example) may override treaty-provided intellectual property rights. E.g., if we (of the U.S.) discover that Russia has a good feature in its nuclear-warheaded ICBMs that are aimed at us and we’d like to copy that feature for our ICBMs aimed at Russia, we don’t need to apply for a license from Russia. Ditto vice versa. That’s different from a feature in Russian consumer TVs that a US-based private company would like to copy; a Russian patent license might be needed; ditto vice versa. But the China case is being presented as a national security issue, and if that’s about either China’s or U.S.’s right of self-defense then intellectual property rights probably would not matter, even as a matter of law.

Nations and other parties with more money, like the U.S., P.R. China, and Russia, can throw lots of resources at reversing, but I wonder if it’s still too difficult to do completely in less than a bunch of years and by then new technology of the same type would already be in use, so that the reversers would have to start again before they finish the prior effort.

GPerki June 28, 2020 8:14 PM

“JonKnowsNothing • February 17, 2020 1:46 AM

Aren’t most major microprocessors and microcircuity systems beyond being completely reverse-engineered”

And now there’s RISC-V on FPGAs.

And then the PowerPC ISA was made Open Source.

   And then MIPS.

A lot of patents, costs, time, and copyrights go away.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.