In October last year, ZTE and Huawei were accused of being threats against U.S. national security, after the two firms were named in a report by the House of Representatives. Both companies denied the allegations, and despite some subsequent fallout, have seemingly continued to go about their business as usual. It’s telling though, that both Huawei and ZTE’s newest smartphones are without an international release date yet, and will make their debut in China.
ZTE is keen to fix the PR nightmare caused by the investigation, in which no clear evidence was discovered, and has announced a partnership with a firm named Intrepidus, a U.S. company which specializes in finding security problems with mobile hardware and networks. The company – which was acquired by NCC Group, an information assurance company, in mid 2012 – apparently has a good reputation in industry circles, and is well-known for its work identifying vulnerabilities inside Google’s Android operating system. Sounds like a match made in heaven.
The resulting press release makes it very clear what Intrepidus is tasked with doing for ZTE. It says, “Intrepidus will evaluate the security mechanisms of ZTE smartphones … including identifying potential vulnerabilities, conducting penetration testing of device management interfaces and ZTE device features; and performing reverse engineering and source code review.” It’s surely no coincidence many of these are examples of the problematic areas identified in the House of Representative’s report. Ultimately, all this effort will apparently help ZTE provide us with, “smart, stylish choices for smartphone users with the added peace of mind that their device is secure.”
ZTE’s U.S. CEO, Lixin Cheng, calls the partnership with Intrepidus, “An important milestone in handset security.” He goes on to slightly obscure Intrepidus’ rather obvious mission by claiming all these security tests are to help, “Protect personal information,” as phones are used for, “an increasing number,” of mobile wireless payments. We’re sure this is the case, but it sounds like a by-product of the real, albeit unspoken, goal of the partnership – to convince us ZTE hardware isn’t sending clandestine messages back to China. Apparently, this is just the first in a series of new measures ZTE will take to do this, and it’ll set about convincing carriers, developers and, “policymakers,” next.
Exactly how ZTE will promote its phones to consumers as being secure isn’t clear, and Intrepidus isn’t really a household name, so slapping a, “Tested by Intrepidus,” sticker on the box probably won’t mean much. So perhaps its work will be more for the network’s benefit. Whatever the situation, if it speeds up the international release of ZTE products such as the Grand Memo and ZTE’s smartphone powered by a Tegra 4 processor, then we’re all for it.
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- U.K. cybersecurity agency warns against using ZTE telecom equipment
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Hackers broke into a casino’s high-roller database through a fish tank
- Lyft to send its own self-driving cars out on the country’s biggest test track