Chinese telecoms companies like ZTE and Huawei face severely tightened access to the US market despite the Trump administration’s deal this week to give ZTE a lifeline after it agreed to a steep fine.
Amid persistent worries that their phones, routers and other products will open a path for Beijing’s spying on the United States, analysts say the US government will remain broadly closed to products of the two companies and that the US telecoms industry will remain under pressure to avoid their equipment.
Indeed, four Democratic and Republican senators, criticizing the deal that will permit ZTE to resume purchasing US electronics components, proposed legislation Thursday for an outright ban on the government buying products and services from both ZTE and Huawei.
“Huawei and ZTE pose a serious threat to America’s national security. These companies have direct links to the Chinese government and Communist Party,” said Republican senator Marco Rubio.
“Their products and services are used for espionage and intellectual property theft, and they have been putting the American people and economy at risk without consequence for far too long.”
But experts say the move could hinder the growth of next-generation 5G wireless networks in the United States. The two Chinese companies are poised to become global leaders in the 5G rollout, just beginning this year in several countries.
“The overall concern is that these companies are close to the Chinese government,” said Paul Triolo, a China security specialist at the Eurasia Group.
With fifth-generation mobile technology, he said, “the concern becomes magnified” because the technology is heavily cloud-based, potentially leaving sensitive data accessible by the service provider.
– No proof of security threat –
Indeed, US officials have repeatedly suggested that the two companies could design their equipment to allow Chinese intelligence to hack into American networks and siphon off personal data and communications from cellphones.
A 2012 congressional report said the use of Huawei and ZTE equipment in US critical infrastructure “could undermine core US national-security interests.”
In February, six top intelligence and security chiefs told a Senate panel they would not use equipment from either company.
“We are deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” said FBI Director Christopher Wray.
And in May the country’s top counterintelligence official, William Evanina, likewise confirmed that ZTE phones are too risky.
The warnings come at a time of growing concerns over Chinese technology and spying.
Facebook was excoriated this week for having allowed Chinese smartphone makers, including Huawei, to access a broad range of Facebook users’ personal data.
The threat is plausible. Many intelligence experts believe that the US government has asked American technology vendors for backdoor access to technology. And US intelligence is constantly pressuring Silicon Valley to create ways they can get around encryption apps.
Still, no one has publicly detailed any concrete examples of such attempts by Huawei or ZTE.
“So far there is no smoking gun on these companies,” said Triolo.
But one recent example shows the risks.
In 2016, US security consultant Kryptowire discovered that millions of Android smartphones made in China contained firmware that relayed their data, contacts and texts back to a Shanghai marketing company every 72 hours, unknown to users.
The Shanghai company, which counts Huawei and ZTE as its customers, said the function was intended to monitor how the phones were used, and was not supposed to be installed on units sold in the United States.
But it was, and no one could be certain how the data would be employed.
“We can’t know the intention of the persons who actually created the vulnerability,” said Tom Karygiannis, vice president of Kryptowire.
“Is it an accident or is it there intentionally?”
– Proving a negative –
But Karygiannis said the danger is near-impossible to avoid in consumer electronics, since all devices have risks, and an overwhelming number of them are manufactured in China.
It’s impossible for a consumer to test the firmware on a phone, which is often updated automatically. Only large enterprises can really vet the technology they are getting, he said.
Triolo said network operators can control what’s on their equipment.
The problem is proving it’s clean.
“It’s really hard for the companies to prove the negative of this,” he said.