FCC Bans ZTE, Hytera (HTY / TYT) and Others

[marcspaz]

FYI... still trying to find out how this impacts the radios we use for GMRS and Ham radio.

 

“For these three companies, we will require them to document what safeguards they will put in place on marketing or sale for these purposes, and we are putting in place a freeze on all of their telecommunications and video surveillance equipment authorization applications until that work is done,”

 

EDIT:  I removed the link and just attached the document.  Not sure what went wrong with the link.

DOC-389524A1.pdf

[Lscott]

2 hours ago, marcspaz said:

FYI... still trying to find out how this impacts the radios we use for GMRS and Ham radio.

 

“For these three companies, we will require them to document what safeguards they will put in place on marketing or sale for these purposes, and we are putting in place a freeze on all of their telecommunications and video surveillance equipment authorization applications until that work is done,”

 

https://www.nextgov.com/emerging-tech/2022/11/fcc-bans-sale-new-devices-chinese-companies-huawei-zte-and-others/380214/

If they are so worried about "back-doors" then anything electronic coming from the Chinese mainland would be suspect. A few short years ago there were warnings about USB photo frames that came with a virus.

https://www.sfgate.com/business/article/Virus-from-China-the-gift-that-keeps-on-giving-3227869.php

 

[marcspaz]

@Lscott at this point in my life, I have come to distrust anything electronic.  There is a good chance that if electricity can flow through it, someone can use it improperly against you, without your knowledge. 

[MichaelLAX]

2 hours ago, Lscott said:

A few short years ago...

https://www.sfgate.com/business/article/Virus-from-China-the-gift-that-keeps-on-giving-3227869.php

 

2008; a few short years ago - what year do you think it is?!? 

[marcspaz]

The document says it was released November 25 of this year.  Here is the whole thing.

 

Media Contact:
Will Wiquist
will.wiquist@fcc.gov
For Immediate Release
FCC BANS EQUIPMENT AUTHORIZATIONS FOR CHINESE
TELECOMMUNICATIONS AND VIDEO SURVEILLANCE
EQUIPMENT DEEMED TO POSE A THREAT TO NATIONAL
SECURITY
New Rules Implement the Bipartisan Secure Equipment Act of 2021
--
WASHINGTON, November 25, 2022—The Federal Communications Commission adopted
new rules prohibiting communications equipment deemed to pose an unacceptable risk to
national security from being authorized for importation or sale in the United States. This is the
latest step by the Commission to protect our nation’s communications networks. In recent
years, the Commission, Congress, and the Executive Branch have taken multiple actions to
build a more secure and resilient supply chain for communications equipment and services
within the United States.
“The FCC is committed to protecting our national security by ensuring that untrustworthy
communications equipment is not authorized for use within our borders, and we are continuing
that work here,” said Chairwoman Jessica Rosenworcel. “These new rules are an important
part of our ongoing actions to protect the American people from national security threats
involving telecommunications.”
The Report and Order applies to future authorizations of equipment identified on the Covered
List published by the FCC’s Public Safety and Homeland Security Bureau pursuant to the
Secure and Trusted Communications Networks Act of 2019. The new rules prohibit the
authorization of equipment through the FCC’s Certification process, and makes clear that such
equipment cannot be authorized under the Supplier’s Declaration of Conformity process or be
imported or marketed under rules that allow exemption from an equipment authorization. The
Covered List (which lists both equipment and services) currently includes communications
equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications,
Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and
affiliates). The new rules implement the directive in the Secure Equipment Act of 2021, signed
into law by President Biden last November, that requires the Commission to adopt such rules.
The Commission also adopted a Further Notice of Proposed Rulemaking seeking further
comment on additional revisions that should be made to the rules and procedures prohibiting
the authorization of “covered” equipment. It also seeks further comment on potential revisions
to the Commission’s competitive bidding program. The Commission is also seeking comment
on future action related to existing authorizations.
The new rules follow a series of other FCC initiatives to keep U.S. networks secure. In
addition to today’s actions and maintaining the Covered List, the FCC has prohibited the use of
public funds to purchase covered equipment or services, launched the Secure and Trusted

Communications Networks Reimbursement Program to remove insecure equipment that has

already been installed in U.S. networks, revoked operating authorities for Chinese state-owned
carriers based on recommendations from national security agencies, updated the process for
approving submarine cable licenses to better address national security concerns, and launched
inquiries on IoT security and internet outing security, among other actions.
###
Media Relations: (202) 418-0500 / ASL: (844) 432-2275 / Twitter: @FCC / www.fcc.gov
This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official
action. See MCI v. FCC, 515 F.2d 385 (D.C. Cir. 1974).

[KAF6045]

The subject line is misleading.

TYT is NOT part of Hytera -- and was even sued by Hytera when they were marketing under the name "Tytera".

https://www.listcompany.org/Quanzhou_Nanan_Tyt_Electronics_Co_Ltd_Info.html Doesn't seem to have any company names related to the list https://www.fcc.gov/supplychain/coveredlist I couldn't find any sites in Google that implied Tyt was a subsidiary of any other company that might have been on the list.

Hytera was put on the list in March 2021 (at that time, Hytera was banned from providing equipment to public service and security systems, but wasn't prohibited from general public -- the November 2022 report seems to change that to reject any filing for certification).

Note that the FCC list includes Kaspersky anti-virus products.

This all came about as part of an effort to protect the Internet (routers -- especially those with an ability to redirect packets to other addresses, I think; maybe DSL modems, WiFi access points) https://docs.fcc.gov/public/attachments/FCC-20-176A1.pdf

 

[Lscott]

9 minutes ago, KAF6045 said:

This all came about as part of an effort to protect the Internet (routers -- especially those with an ability to redirect packets to other addresses, I think; maybe DSL modems, WiFi access points) https://docs.fcc.gov/public/attachments/FCC-20-176A1.pdf

 

There are a lot of security issues with the old IPV4 protocols. The new IPV6 tried to fixed them.

The packet redirect was part of the DNS poisoning issue. It had more to do with the firmware running on the DNS servers that didn't dump their cash often enough as outlined by the protocol. The reason given it cut down the time spent updating the lookup tables.

The attack would target a DNS server by sending it spoofed updates from a higher level authoritative DNS server trying to get the requesting lower level DNS server to read it's spoofed update first. The spoofed update would send the IP address of the spoofed web site etc. in-place of the real correct address when an inquiry was made to the poisoned DNS server. Because the now "poisoned" DNS server isn't dumping it's cash frequently the poisoned DNS server could be returning the spoofed address for an extended length of time. The above is just a basic outline how the scheme worked.   

[WRKC935]

The issues with the made in china gear specifically was it would call home and do data transfers that were outside of what folks thought was normal for firmware updates and general maintenance issues. 

To have something like this happening in podunk nowhere, isn't really a huge deal.  Issue is that if you have this sort of gear running in certain places like Washington DC it becomes an issue. 

 

To the comments about poison DNS servers.  This struggle is real.  Personally I would think that some code could be attached to the current subordinate DNS servers so they would round robin, or check any record against at least 3 other servers to verify the correct address was being passed once the cached address timed out.  But that's just my opinion. 

 

 

[PACNWComms]

I know some companies within the oil industry that tried to go cheaper, buying Hytera radios instead of Motorola DMR gear, and now they can't send broken radios in for repair, nor purchase replacements from Hytera.

In recent conversations with some of my former co-workers in that industry, they even bought some of the Hikvision IP cameras that are also banned in this FCC release as well. Hikvision cameras often get rebranded as many other vendor's product, which makes them harder to identify unless you have the product in hand to look deeper. 

[tcp2525]

18 hours ago, PACNWComms said:

I know some companies within the oil industry that tried to go cheaper, buying Hytera radios instead of Motorola DMR gear, and now they can't send broken radios in for repair, nor purchase replacements from Hytera.

In recent conversations with some of my former co-workers in that industry, they even bought some of the Hikvision IP cameras that are also banned in this FCC release as well. Hikvision cameras often get rebranded as many other vendor's product, which makes them harder to identify unless you have the product in hand to look deeper. 

I got rid of all my Hikvision cameras back in 2010 due to security risks. All my systems from then forward has always been Bosch. Great hardware and I don't have to worry about Chinese parasites finding their way in.

As for radios, I only use a VM with all my programming software, no matter the brand. WM stays off until programming is needed and shut down when completed. Way too much crap in all this software.

[Lscott]

4 hours ago, tcp2525 said:

As for radios, I only use a VM with all my programming software, no matter the brand. WM stays off until programming is needed and shut down when completed. Way too much crap in all this software.

I'm not worried about the older radio programming software. A simple stand alone PC works just fine. I have the software installed on several PC's, laptops, desktops etc. depending on where I'm at or traveling on the road.

The stuff I don't like, or trust, is the newer trend where the manufactures force you to use a license server, requires an Internet connection for validation, activation and or use. Then it's locked down to one PC. Sucks if you need to use more than one computer. This model is designed for radio shops that have a dedicated PC(s) for programming, not for the lone radio hobbyist. That's just plain BS I don't want to deal with.

Your suggestion of running the software on a VM likely would circumvent the locked to one PC garbage. You can run the VM on any computer that will support the VM. The VM is noting more than a few files you copy from one computer to another. I have several different OS's running on VirtualBox on one desktop machine. While not as convenient as a direct install at least you can use the software where you want when you want.

https://www.virtualbox.org/

[Lscott]

If you need an older version of a Windows OS to use in a VM look here. Some of the older radio programming software will only work on the older OS versions.

https://winworldpc.com/library/operating-systems

[wrci350]

11 minutes ago, Lscott said:

The stuff I don't like, or trust, is the newer trend where the manufactures force you to use a license server, requires an Internet connection for validation, activation and or use. Then it's locked down to one PC. Sucks if you need to use more than one computer. This model is designed for radio shops that have a dedicated PC(s) for programming, not for the lone radio hobbyist. That's just plain BS I don't want to deal with.

Gee, which major commercial radio vendor does THAT make me think of?

[Lscott]

32 minutes ago, wrci350 said:

Gee, which major commercial radio vendor does THAT make me think of?

Well right now it's Motorola and now Kenwood is following their lead with the software you need to use their new NX-5000, 3000 and 1000 series radios.

The new Kenwood radios look great, but then they had to bugger it all up with their crappy software licensing business model. That's why I'm staying away from those new models until such time as somebody figures out how to crack the software and eliminate the Internet activation and single PC use lock stupidity.

[tcp2525]

3 hours ago, Lscott said:

I'm not worried about the older radio programming software. A simple stand alone PC works just fine. I have the software installed on several PC's, laptops, desktops etc. depending on where I'm at or traveling on the road.

The stuff I don't like, or trust, is the newer trend where the manufactures force you to use a license server, requires an Internet connection for validation, activation and or use. Then it's locked down to one PC. Sucks if you need to use more than one computer. This model is designed for radio shops that have a dedicated PC(s) for programming, not for the lone radio hobbyist. That's just plain BS I don't want to deal with.

Your suggestion of running the software on a VM likely would circumvent the locked to one PC garbage. You can run the VM on any computer that will support the VM. The VM is noting more than a few files you copy from one computer to another. I have several different OS's running on VirtualBox on one desktop machine. While not as convenient as a direct install at least you can use the software where you want when you want.

https://www.virtualbox.org/

You got it. That's why I use VMware on my Windows and Linux machines. Like you said, I can use one image on many machines. Plus, having the benefit of taking a snapshot before installing new software protects me in case I get a Chinese parasite. Just roll back to the snapshot and I'm back up in a few seconds. It's getting to the point that not using VMs for business is counterproductive.