Pentagon orders military exchanges to pull Chinese smartphones over security risks

The Pentagon has banned the sale of Chinese phones at military exchanges over security risks, it said on Wednesday.

Spokesman Maj. Dave Eastburn told Stars and Stripes that the Department of Defense’s (DOD’s) undersecretary for personnel and readiness issued a ban of “all Huawei and ZTE cellphones, personal mobile internet modems and related products from locations worldwide.”

More from his emailed statement:

Given the security concerns associated with these devices, as expressed by senior US intelligence officials, it was not prudent for the Department’s exchange services to continue selling these products to our personnel.

Military personnel haven’t been banned from using the Chinese phones yet, but that may well come: Eastburn said the DOD is “evaluating the situation” to see whether more security measures such as an outright ban might be needed.

In the meantime, they should keep an eye on the headlines, he said:

Servicemembers should be mindful of the media coverage about the security risks posed by the use of these devices, regardless of where they were purchased.

This is par for the course. Chinese companies Huawei and ZTE have a history of being telecoms non gratae.

In 2012, the US House of Representatives issued a report recommending that the firms be banned because of concerns over spying. A year-long investigation had shown that the companies had maintained close ties to the Chinese Communist Party and People’s Liberation Army back home while trying to expand their US businesses.

ZTE was also found to have violated an American embargo on technology sales to the Iranian government. In 2010, ZTE helped to send over software and hardware from US companies including Oracle, Microsoft and Cisco for use in building what was described as a $130m, nationwide surveillance system.

Lawmakers on 9 January, 2018, introduced the Defending US Government Communications Act (H.R. 4747), which would prohibit federal agencies from contracting with an entity that uses telecom gear or services from Huawei, ZTE, or any other entity thought to be under China’s thumb.

A companion bill, the Defending U.S. Government Communications Act, was filed in the Senate on 7 February.

Also in February, the heads of the FBI, NSA and CIA all testified to Congress that they and their organizations don’t use Huawei or ZTE phones or products. They also warned others against doing so.

The hearing influenced the Pentagon’s decision to ban Huawei and ZTE phone sales from military exchanges, according to what Eastburn indicated to FCW, a publication that covers the business of federal technology.

During a 2 May Pentagon news conference, Navy Secretary Richard Spencer gave more details on the Chinese phone ban: according to FCW, he alluded to testimony from a 19 April Senate Armed Services committee hearing, where it was revealed that the DOD had put a recent contract award on hold when officials realized Huawei would be one of the subcontractors.

FCW quoted Spencer:

The mobile phone ban was due to the location devices more than anything else – the ability to be located.

That’s definitely worth worrying about. We’ve already seen troop location given away inadvertently: In November, fitness app Strava posted its impressive Global Heat Map, which logs the activity history of the software’s tens of millions of active users. That’s a lot of data: users jogged or cycled along 17bn miles and three trillion GPS data points over two years.

As we reported in January, in short order, a student looked more closely at Heat Map countries such as Afghanistan and Syria, where he noticed vast dark areas dotted with small islands of user activity… which he tweeted about… and which other users pointed out might coincide with the location of US military personnel in places the DOD doesn’t necessarily want made public.

That was inadvertent intelligence gathering done by taking a close look at publicly available location data. With the Chinese phone ban and other regulations and pending bills, the US government is of course concerned with purposeful data theft.

Huawei spokespeople have repeatedly denied that their devices carry security risks. Nonetheless, Eastburn said, the company’s equipment might pose “an unacceptable risk to [the] department’s personnel, information and mission.”

During the February hearing, FBI Director Christopher Wray testified that Huawei’s products enable the Chinese government to covertly gather or alter sensitive corporate and military information. The concern about the company’s products first focused on routers, switches and other high-bandwidth commercial products, and later expanded to include consumer mobile phones, which are already banned for most official government use.

Huawei also makes personal mobile internet modems, called pucks, which in recent years it’s sold to US troops at a coalition base near Irbil, the capital of Iraq’s Kurdish region. reports that some soldiers may have purchased similar devices made by ZTE.