Der Spiegel hack and hacker Jacob Applebaum has found proof that products made by the Chinese outfit Huawei do have backdoors to allow access to spying.
This was the central reason why US Senators banned Huawei from taking US government projects claiming that the company was a tool of the Chinese military.
The only problem was that the backdoors being placed in the Huawei gear were put there because US spooks wanted to spy on everyone and the Chinese outfit was just doing what it was told.
A bit on the nose really to do what you are told by US spooks and then lose your contracts because you are following their security instructions.
Applebaum found that if any company tried to use traditional and reliable US companies, because they feared Chinese intrusion, they would find the same backdoor installed.
Talking to the 30th Chaos Computer Club conference in Hamburg, Germany, Applebaum presented a snapshot of dozens of zero day exploits used to spy on both US citizens and foreigners.
It looks like the NSA can use zero-day exploits to spy on communications passing through the switches and routers of all the world's largest networking vendors, Dell Cisco, Juniper Networks and Huawei.
Dell and HP servers have a backdoor as well as smartphones of Apple and Samsung.
Applebaum dubbed the companies collaborators with the spooks who had left their customers vulnerable.
"Fuck them for collaborating, and for leaving us vulnerable," he said. He hoped that by naming and shaming them they would close the backdoors on the spooks.
Apparently the backdoor is in the server hardware systems at the BIOS level.
The NSA's documents boast that these exploits work across servers running the Microsoft Windows, Linux, FreeBSD and even Sun Solaris operating systems.
This gives away the spook's cunning plan. After all how many people in Al Qaida are using Solaris? Applebaum asked the crowd.
Dell's best-selling PowerEdge servers (1850, 2850, 1950, 2950) all feature a vulnerability that allows the NSA to post spyware iton the BIOS using either remote access or via the inserting of a USB drive.
A related NSA exploit, dubbed GODSURGE, uses a JTAG debugging interface in the Dell PowerEdge 1950 and 2950. A JTAG debugging interface is usually used to test the BIOS/firmware for bugs, but it can also be used to reflash the BIOS from scratch.
HP's Proliant 380DL G5 server can be opened using IRONCHEF, which extracted data from the server using two-way RF communication.
The NSA has also developed an exploit for tapping Apple's iPhone called DROPOUTJEEP and another for Vole's Windows Phone called TOTEGHOSTLY, Applebaum said.