This Is Stupid
Recently the U.S. told Germany to drop Huawei (pronounced Wah Way) or lose out on intelligence gathering. I get that people do not trust this Chinese manufacturer and many think that they are a front for Chinese spying… But this approach is inane. How about Supermicro which was hacked by the Chinese, should they also be banned? How about Apple and Amazon who have also been compromised? In fact, one of the largest costs for making smart devices is working with the few component manufacturers that actually attempt to provide secure hardware and even those devices have been hacked. So what – smoke signals?!?
Stop Relying On Manufacturers
The truth of the matter is that hardware has grown from dumb electrical boards into sophisticated micro-computers capable of both wondrous and horrible functionality. We need to move away from the complete trust we had before into an approach that mimics modern networking approaches. Trust Nothing. If every device has a core controller that can be managed by the end customer and will enforce comprehensive security over the individual aspects of a device then who cares from where the components derive? If we assume that everything is bad and only let each piece of hardware perform a tightly-controlled set of actions then these concerns will dissipate. Telling another country to drop a manufacturer just does not make sense as too many devices are compromised and simply eliminating every exploited provider is a zero-sum game. Obtaining secure, remote device control and locking down untrusted hardware is the only thing that makes any sense.