Skip to main content

Featured Question

iPhone SE 4: How Apple’s Next Budget Phone Will Borrow iPhone 14’s Powerful Battery

Apple iPhone SE 4 is a smartphone that may come out in March 2024. It will look like the iPhone 14. The iPhone SE 4th Generation will also have the same battery as the iPhone 14. This battery has a model code of A2863 and can store 3,279mAh of power. This is what some sources have seen in the iPhone SE 4 prototypes. A prototype is a test version of … The post iPhone SE 4: How Apple’s Next Budget Phone Will Borrow iPhone 14’s Powerful Battery first appeared on XiaomiToday . The post iPhone SE 4: How Apple’s Next Budget Phone Will Borrow iPhone 14’s Powerful Battery appeared first on XiaomiToday .

How to test 5G to be sure the code and hardware are safe?

How to make sure your infrastructure is secure? How do you know that there are no backdoors, bugs or other issues that may affect the user experience? It's best to test it!

The same applies to 5G infrastructure, which has dominated the media headlines for several months due to the tension between China and the United States. What are the technology verification options? It turns out that the standard that perfectly fits the market needs is entering into force, namely NESAS, about which Rafał Jaczyński, Huawei's head of security in the region of Central and Eastern Europe and the Nordic countries, tells me.

We publish the interview a few days after both the core and wireless 5G network equipment from Huawei successfully passed the NESAS verification.

Karol Kopańko, Spider's Web: Can we first draw a wide landscape of technology testing in Polish (and not only) telecommunications?

Rafał Jaczyński: Let's go back to history - to the early 1990s. From the very beginning, the operators were mostly left to themselves in the field of hardware and software security testing. Governments were only interested in regulating the so-called legal wiretaps, leaving all tests to the operators. Meanwhile, building laboratories from scratch is associated with a high cost.

And the operator business is not coconuts - we often hear about reaching the end of market penetration.

Over the last five years, operators have lost approx. 40 percent. revenues. Penetration of the smartphone market is already stable.

Who was supposed to buy a cell phone, had already bought it.

Yes, we are the fourth country in this respect in the European Union. Penetration with mobile internet services is over 180%, which means that almost every statistical Pole already uses mobile internet on two different devices. We also had over 52 million active SIM cards at the end of 2019. So it is not special to whom to sell the new services.

On the other hand, traffic in mobile networks has increased almost sevenfold in the last 5 years. So it is a unique business. When a hot dog stand sells more sausages, its revenues increase. Here, however, you sell more and earn less and less.

So maybe vendors should finance testing to reassure operators they're not at fault with security?

This is happening now, but similarly to the above, unfortunately in the long term it has no economic justification. Association

GSMA has 750 members, so if we had to do independent testing for each of them, our business would unfortunately stop being profitable. Not the way. It is much better to rely on standards that would be repeatable for all market participants, regardless of the country they come from.

Currently, there are statements in the style of Trusted Vendor - can't this be what it is?

It has nothing to do with fair tests, because it usually means that the supplier comes from a country that we "like". Yet the future may bring suppliers who are great at technology but come from India or Malaysia. Without clear standards, we will be doomed to the same discussion as today.

So what is changing on the market?

We have been observing the changes for eight years. It was then that 3GPP started working on the NESAS standard.

It is to this organization that we owe SCAS (Security Assurance Specification), i.e. guidelines on what makes a given solution safe.

Two years later, the GSMA association joined the project, taking the baton and enriching NESAS with the process and competence side of the supplier.

What competencies are tested?

You need to check the supplier's skills and how he not only designs and builds solutions, but also the possibility of supporting them with security patches. Even if a given solution looks correct, we need to know if it is a stroke of luck or the provider simply knows what he is doing. We are associated with it for a longer time, so a process audit is necessary.

What about Common Criteria Certification? After all, it is also used to certify that the solution is safe. Huawei even got such a certificate from a Spanish laboratory.

This is true. The Common Criteria describes well the requirements for the lab itself and the test method. Graphically translating: we know whether to tap the box, open it, remove the screws and look at each one under a microscope. It's all well described so the whole process is repeatable.

The weakness of Common Criteria, however, is the lack of common requirements that would define what exactly is to be tested in a given type of product. So it could happen that supplier A tested the solution for X, and supplier B tested the same, but for Y. The results were therefore not reliable.

So when two suppliers come to an operator with the same certification, it doesn't mean that the operator is easy to crack.

That's why it's not easy to apply Common Criteria to 5G network testing right now.

How does NESAS approach this ?

Common Criteria and NESAS are two ideas that try to solve the same problem from different places.

How are they different?

Comparing the two approaches, the Common Criteria currently better answers the "how to test" question, and NESAS has a better answer to the "what to test" question.

And the test itself - practically already - how will it differ?

It starts very much the same. The manufacturer supplies the product that is the subject of the tests. Then, in the case of Common Criteria, we agree on a set of requirements, i.e. what we test. We share information about the product, explaining safety functions and their operation. We set the test level, for example at the fourth.

What does this fourth level mean?

This is the depth of the tests. The fourth level is the highest level of rational testing for a device that does not primarily provide security. So it is not as closed an environment as a single microprocessor card, which is mostly focused on ensuring security. A base station has hundreds of millions of lines of code and much more than just keeping it safe.

What would happen if we tested the base station on the seventh level?

It would be extremely safe, but it probably wouldn't work.

I understand. And then the laboratory starts working?

Yes, the Common Criteria has a specific test track. The work of the laboratory ends with a report that is sent to the certification body, i.e. in the Polish case to NASK, which analyzes the report and decides about issuing the certificate.

And what does it look like with NESAS?

The verification process itself is similar. In the case of NESAS, there is no certification body that stamps the report, there is a report signed by organizations that conduct technical tests and procedural audit

Another difference is the length of the tests. In the case of NESAS, they last from 3 to 6 months. In Common Criteria on the fourth level, we can even talk about 1.5 years of testing.

After all, it is an eternity in the world of technology, where each year brings a new generation of devices.

Exactly. NESAS has the chance to "keep up" with the product lifecycle much better. On the other hand, Common Criteria is a much more mature standard. It is already operated by 80 laboratories. In the case of NESAS, there are several of these laboratories and there are two companies that deal with their process audit.

Another challenge that arises from NESAS's short experience is the range of techniques that are used for verification - for example, there is no penetration testing. Only scans that look for known vulnerabilities are performed here. There is no attempt to make the device behave differently than the programmers requested.

Why? Both things seem crucial.

NESAS evolves from year to year, adding more elements to its specification. You suspect that the first version simply ran out of time to standardize penetration testing.

The challenge here is to ensure test comparability, as there is no such thing as an internationally recognized methodology for penetration testing. The idea is to make the tests of one laboratory comparable to the tests of another. And here everyone tests differently. It is difficult to place such a creative process in any formalized framework. NESAS 2.0, however, will definitely be improved over what we have now. It is already known that the standard will be extended to include penetration testing and verification of cryptographic mechanisms.

We started talking about a general standard that would give confidence to all market participants. Let's come back to this issue in the context of NESAS.

Currently, NESAS and Common Criteria complement each other, both are candidates for certification schemes in accordance with Regulation (EU) 2019/881 of the European Parliament and of the Council of April 17, 2019, known as the "Cybersecurity Act". NESAS has a greater chance of being used specifically for 4G and 5G networks, which is why it is increasingly recognized by European governments - for example, Germany promotes its adoption as a European testing standard. Austria will refer to NESAS when it created its own requirements for 5G technology.

Since it is already cited by countries, who will manage it in the future?

The management of NESAS will be delegated to the European Commission. It is she who has to take care of the standard, because the GSMA Association is a commercial organization that cannot - according to the Cybersecurity Act - accredit laboratories and certification bodies. Only in this way will NESAS become a pan-European standard recognized at the government level.

What will the consequences be?

When a technology is certified as compliant with NESAS in Poland, it will be a certification recognized in accordance with the Cybersecurity Act throughout the European Union.

And this should cut short discussions about the security of a given software or hardware?

It should.

* Huawei is the intelligence partner.

How to test 5G to be sure the code and hardware are safe?


  1. Nice list of bloggers. From this blog i learned more and get to know more .Thank you for sharing this great post. Field Network Testing


Post a Comment

Popular Questions This Week

What is VoLTE and how can you activate it on your Xiaomi

In recent years, phone calls have evolved to achieve great sound quality. So much so that today we can find technologies such as VoLTE allowing us to make voice calls in high definition on our Xiaomi. Beyond the classic GSM networks, movistar, vodafone and other operators have integrated this technology, which in turn derives from the advantages of Internet access. Thanks to 4G or LTE networks, VoLTE allows us to make not only high-definition calls, but also to improve consumption and add other services . What is VoLTE and what are its advantages after activating it on a Xiaomi In detail, VoLTE is a technology capable of transmitting voice communications over the Internet . For this, whether we have a Redmi Note 8 Pro, a Xiaomi Mi A2 or any other smartphone from the firm, our voice will be encoded from analog to digital allowing its transmission in the form of packets through the network. With this, as we have already said, after activating VoLTE we will achieve higher sou

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

Today, our smartphone has become one of the most important tools in our day to day. That is why the duration of its battery and the state of it is very important if we want to be able to use it with total peace of mind and in a continuous way. In view of this, MIUI includes a secret menu that allows us to verify the state or health of the battery of our Xiaomi smartphone and also check the cycles that we have performed . Let's not forget that each cycle represents a full battery charge from 0% to 100% Since lithium batteries degrade with the passage of time , use and recharges that we have made, knowing these two data will give us a vision of the general state of your state and with it knowing if it has worsened considerably with the passage of weather. How to check the battery status and cycles performed on our Xiaomi smartphone To access this hidden menu in MIUI and check the battery status of our Xiaomi smartphone we will only have to perform the following steps:

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Although, the fastboot mode of Xiaomi phones with MIUI allows us to solve bugs or change ROMs, it is also common to enter without wanting to. If this has been your case, you most likely want to get out of Xiaomi's fastboot without spoiling anything. In general, leaving this mode that includes all Xiaomi, Redmi and POCO with MIUI is extremely simple. Even so, on certain occasions, exiting fastboot mode is more complex , either because Recovery starts or because our smartphone does not work correctly. In view of this, below we are going to explain how to exit the fastbook mode of your Xiaomi if you have entered without wanting to . In addition, if the conventional mode does not work, we will also give you other tips to exit this mode without causing any damage at the software level. How to exit Xiaomi fastboot If we have accidentally entered the Xiaomi fastboot , to exit this way we will only have to perform the following steps: Press and hold the power button for about 10

How to activate the second space if your Xiaomi does not have this option

MIUI's Second Space functionality allows us to have two smartphones in one. A way to divide our Xiaomi into two different accounts , either for personal and work use, to perform tests or simply, to prevent our son or little brother from accessing our applications and documents. Unfortunately, terminals like the Redmi Note 10 lack this functionality . The same happens with other terminals of Xiaomi, Redmi and POCO of mid-range and entry. If we access the Settings, this functionality is not found among the various MIUI options . Even so, there is a little trick that allows us to access the Second Space functionality even if your Xiaomi does not have it . In this way we can create a second space without any type of restriction and in any Xiaomi, Redmi or POCO. Activate the second space on your Xiaomi If your Xiaomi, Redmi or POCO does not have the Second space functionality when accessing Settings> Special functions , do not worry, below we will explain how to use it with

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

In addition to the typical options that we find in the MIUI settings, Xiaomi also adds a mode called " Safe Mode " or " Safe Mode " to its smartphones. We will talk about this below, explaining its usefulness and how to activate or deactivate it on your Xiaomi, Redmi or POCO. Safe Mode allows us to start a special boot, loading only the system itself and the applications that were installed on our Xiaomi when we bought it. That is, starting the Safe Mode or Safe Mode our smartphone will start loading only the essential applications . This mode is a temporary state of our smartphone and does not make any important modification on the device. In itself, Safe Mode does not delete our data , it just starts our Xiaomi, loading the basics and essentials for its operation. Safe Mode only starts essential MIUI applications. Thanks to this, the Safe Mode will help us to rule out failures in our Xiaomi derived from the installation of an application or the modific

Does your Xiaomi charge slowly or intermittently? So you can fix it

Does your Xiaomi charge very slowly or intermittently? This error is usually very common when our cable is in poor condition, we use a low-quality charger or even when the USB or USB Type-C port of your Xiaomi is dirty or obstructed. With a view to this, below we will explain the main steps or solutions to take if your Xiaomi charges slowly , if the charge is intermittent or if in the worst case, your mobile does not detect the USB that is connected to the socket electric. 1. Clean the USB port Although it may sound simple, in most cases slow charging problems are usually caused by a piece of paper or a speck of dust that obstructs the pins of the USB port . Taking into account the nature of this connector, it is normal that after repeated use dirt accumulates inside. A dirty USB C port is usually the main cause of slow or intermittent charging. To solve this charging problem and clean the USB C port of your Xiaomi, it is recommended to blow lightly inside the port itself.

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

One of the most common problems in Xiaomi smartphones is usually related to the WiFi connection and its automatic disconnection . A quite annoying problem, which in most cases is usually caused by a bad MIUI configuration . If you have a Xiaomi, Redmi or POCO and you notice that sometimes your smartphone disconnects only from the WiFi without having taken any action, do not miss this article where we tell you how to solve it in most cases. Disconnection of WiFi on your Xiaomi, how to solve it Although it is true that the problem may be caused by some other failure, in most cases the spontaneous disconnection of the WiFi connection is caused by a bad MIUI configuration, specifically, its automatic connection to the networks with better signal . By having this option activated on our smartphone, if the WiFi signal drops at any time, it will automatically disconnect to use the data connection . To deactivate it enough to do the following steps: Go to Settings> WiFi> Wi-Fi

So you can activate the double tap on MIUI to wake up or turn on the screen of your Xiaomi

Among all the functionalities that we can find in MIUI, today we want to talk about the double tap on the screen . This functionality allows us after activation to wake up the screen of our Xiaomi with a double click on it. This will avoid having to press the power button or having to position our finger on the fingerprint recognition area. An extremely useful utility, which can also be used in case the power button stops working. In this way, the functionality " Double tap on the screen to wake up " will allow us to turn on or off the screen of our mobile in a quick and simple way by just doing a double tap on your XIaomi.i How to activate the double tap to wake up the screen of a Xiaomi mobile To activate the double tap functionality on the screen of your Xiaomi we only have to make the following settings: Go to Settings> Lock screen Activate Double tap on screen to wake up After its activation we will only have to double-click on the off screen of our X

Problems with Android Auto and your Xiaomi? So you can fix it

Unfortunately Android Auto continues to present certain problems on some Xiaomi . Errors such as error 16 that prevent our smartphone from correctly linking to this Google vehicle system. Still, these bugs are largely solvable. And it is that, in most cases the impossibility of using Android Auto through our Xiaomi is given by the dual applications themselves. In view of this and taking as a source this interesting article from Mi Community , below we will explain how to solve two of the most common errors that we usually find when linking or connecting our Xiaomi to a car with Android Auto. Fix Android Auto error on Xiaomi devices One of the main errors of the type « An error has occurred » that we usually find when connecting Android Auto to our Xiaomi is related to Google Play Services . In itself, this error shows the message « It seems that Google Play Services does not work at the moment «, making it impossible to connect Android Auto to our Xiaomi. To solve it we j

How to hide the content of notifications on the lock screen of your Xiaomi

Receiving a notification on our Xiaomi and viewing it without further ado from the lock screen is very comfortable. Still, prying eyes could read this information , details that in many cases we would not like to know and that put our privacy at risk . In addition, if we forget our smartphones or it is stolen, anyone could have access to the information contained in new messages . Let's not forget that many services make use of SMS to send the access code, not to say that the same happens with some online payment methods. That is why hiding the messages of the notifications on the lock screen of our Xiaomi becomes one of the most important recommendations in order to protect our private information and thus improve our own privacy. How to hide notifications from the lock screen of a Xiaomi If we want to continue receiving notifications but their information is hidden from the lock screen, MIUI has the setting we are looking for. For this, we will only have to carry out th