I was opening a small office in an old building in the UK with no wired Internet service. I decided to use a wireless 4g service from Three.co.uk as an easy and good enough option to start with. I ordered online, enticed by the "unlimited data" for this unit. It took about a month of the router to arrive. Today I unboxed it and slipped in the SIM card and powered up - all as easy as can be.

Once I had the unit powered up I decided to do a quick test and visit hacker news at https://news.ycombinator.com. I had turned the 4g off on my phone so I would be able to see how the new router was working when this screen appeared.

I chose NOT to go to the compromised site but I did chose to look at the security certificate.

This was rather odd - a thirty year certificate!

So I decide to look at the details.

A root certificate from China in my Three.co.uk 4G router - that was an unadvertised feature.

For those who like details -- more photos.

It is a public key after all so I thought I would share.

WOW, it even comes with enhanced DNS.

And that is the end of the certificate information.

I have looked at the documentation with the unit and I have 14 days from receipt to ship the unit back to Three.co.uk and cancel my contract. So glad I bought it online, as the documentation says that if I had purchased it in one of their stores I would not be able to return it :-(

I have seen a lot of articles in the new about Huawei and security but frankly I was not really following it that closely. I assumed that there was the typical news hype cycle and that there was likely a heavy dose of politics involved.

But WOW - I would never have expected to find root certificate for China in a device purchased in the UK. That gives a new meaning to "A special surprise in every box".