> to a degree that Western companies simply aren't.
NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library[1]
Juniper routers had an apparently deliberate Dual EC backdoor allowing VPN traffic to be decrypted.[2]
I'd say that there is probably more evidence of the west putting state-level backdoors in things than there is of China doing so. (although there may be sampling bias in this!)
How many journalists in China are you aware of that have investigated Chinese state interference in their technology companies, and reported on it? Yes western intelligence agencies do make use of western technology companies from time to time. I still think it's obvious that China is willing to go much, much further in the control it exercises. In fact exercising complete control over all aspects of business is official party doctrine.
There’s more evidence of everything in the west because of the openness of governments compared to China. China isn’t responding to FOIA requests all that much these days.
I don't believe this. Nearly anything complex and networked, after a few months investigation by a good security professional, will have a good number of exploits found.
These could be plain old bugs, or they could be planted backdoors. (usually indistinguishable)
Even after months of effort, there is a high probability there remain undiscovered security issues (either deliberate or accidental) that more effort would have found.
For that reason, I don't believe any claim when they say "nah, we couldn't find anything". They either didn't look, or don't want to reveal what they found.
They assessed the kit to ensure it was safe to install on British networks, they announced it was safe, and the kit was installed.
Further, when America's anti-Huawei panic started HMG were looking for an excuse to ban Huawei kit. If problems had been found it's likely they would have been mentioned.
> Huawei kit has been extensively analysed by GCHQ. They found nothing untoward.
That's not true. GCHQ looked at source that was provided and found many unpatched vulns, and then found that the firmware binaries were not matching the source that was provided (with a single exception), so only Hwawei really knows what their devices do.
The data you show isn't proof of anything other than ineptitude of western agencies and the freedom of the press in the west. Go look for ICMB and warhead leaks, you'll always find better and more extensive documentation for NATO weapon systems. Does this mean the former communist block had no such weapons? No. It has to do with freedom of press and the legal system in the west making plans and docs public knowledge compared to a pretty locked down system in Russia and china.
NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library[1]
Juniper routers had an apparently deliberate Dual EC backdoor allowing VPN traffic to be decrypted.[2]
I'd say that there is probably more evidence of the west putting state-level backdoors in things than there is of China doing so. (although there may be sampling bias in this!)
[1]: https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9... [2]: https://eprint.iacr.org/2016/376.pdf