Last year, a similar report brought up security concerns. Huawei said it would work to fix them, but, one year later, these issues are still present. Perhaps they don’t want to close them, willingly allowing the government access, or perhaps people within Huawei are working in secret on behalf of the government. Either way, Huawei has serious security issues, and poses a danger to consumers.
In This Article:
The Huawei Report
In a report to the National Security Advisor of the U.K., the researchers outlined the new and existing security risks found in Huawei electronics. The report found zero security improvement from Huawei since their 2018 report. However, it noted that its primary holdover security concerns were not “high or medium priority,” that the only found one “low-rated finding.” However, any security vulnerability can be a sign of larger issues, and a potential access point that a hacker could use to gain access to other systems through other, still hidden security vulnerabilities.
Furthermore, the researchers found “significant technical issues” in Huawei’s engineering process. They said it could lead to “new risks in the UK [sic] telecommunications networks.”
No Ban?
However, the report stopped short of banning Huawei technology. This would be an exceptional undertaking, as Huawei has woven itself into The U.K.’s primary infrastructure since 2010, when this oversight board was established. They say that, because Huawei made no improvements over last year, they wouldn’t change their advice on the company. However, they noted that this lack of progress was due to “underlying defects in Huawei’s software engineering and cyber security process.”
The officials were not able to replicate Huawei’s software. They couldn’t verify Huawei’s code, meaning there may be issues they weren’t able to find and couldn’t get access to. The fact that Huawei would keep this from them is worrying, but understandable. Companies are protective of their software.
Security vulnerabilities and technical issues that persist over a year with no improvement is a cause for concern. Allowing them to fester for just a few months would be troubling. But what do I know? I’m just a software engineer.
However, it’s worth noting that we don’t have a similar risk assessment for other cellular carriers or manufacturers. They could be equally insecure.
Chinese Government Involvement
If the government does have access to Huawei’s software development process, it would explain why their security vulnerabilities haven’t been fixed. This could support claims of security experts who believe Huawei is, intentionally or not,, working on behalf of the Chinese government for data collection.
Huawei has spread all around the world. It’s in consumer devices as well as cellular networks. The Chinese government would be foolish not to leverage that access. Depending on how they did it, they Huawei could shift blame to individuals and recover from a controversy. The only reason not to would be the potential risk to Huawei’s brand, which China cares about, but could repair through a rebranding, marketing, assurance that it was a lone actor, or propaganda.
Propaganda Campaign
The Chinese government has ran a propaganda campaign for Huawei. They’ve worked to encourage Chinese people to buy Huawei devices out of nationalistic pride, while touting the features of the phones. Furthermore, and seemingly without prompting, Chinese companies, all around the same time, started punishing employees for using iPhones or other foreign-made devices. They’re also offering incentives for buying Huawei devices.
This could be just some patriotism out of Chinese companies, or it could have been due to governmental influence.
Moving Forward
The U.K. report didn’t call for an outright ban of Huawei equipment. However, the rest of the Five Eyes security experts have pushed for caution when dealing with Huawei. The U.S. government has forbidden use of Huawei tech for government purposes or government contractors. It cites it as a security risk, though they haven’t revealed their reasoning, likely to protect sources and methods. For consumers, the best bet would be to avoid Huawei. For anyone designing your nations infrastructure, does weaving lasting security concerns into your most sensitive infrastructure sound appealing? No? Then avoid Huawei as well.
Sources:
- Christine Fisher, Engadget
- Huawei Cyber Security Evaluation Centre Oversight Board
- Williams Pelegrin, Android Authority
- Elizabeth Schulze, CNBC