Leaf&Core

UK Security Firm Finds Significant Issues with Huawei Devices

Reading Time: 3 minutes.

Huawei's logo with the stars from the Chinese flag over itWhile the U.S. has been more strict about blocking Huawei’s 5G infrastructure, the U.K. was not. In fact, the U.K. may have been the deciding factor in the “Five Eyes” security group not banning Huawei outright from Australia, Britain, Canada, New Zealand, and the United States. Huawei is popular in the U.K. and the rest of Europe. A new report suggests their new infrastructure may be compromised. The Chinese government may consider Huawei a primary target for infiltration, and may have already succeeded in infiltrating it at multiple levels. The wide popularity of the manufacturer makes it perfect for data collection and espionage.

Last year, a similar report brought up security concerns. Huawei said it would work to fix them, but, one year later, these issues are still present. Perhaps they don’t want to close them, willingly allowing the government access, or perhaps people within Huawei are working in secret on behalf of the government. Either way, Huawei has serious security issues, and poses a danger to consumers.

The Huawei Report

The Huawei P30 Pro with telephoto zoom

In a report to the National Security Advisor of the U.K., the researchers outlined the new and existing security risks found in Huawei electronics. The report found zero security improvement from Huawei since their 2018 report. However, it noted that its primary holdover security concerns were not “high or medium priority,” that the only found one “low-rated finding.” However, any security vulnerability can be a sign of larger issues, and a potential access point that a hacker could use to gain access to other systems through other, still hidden security vulnerabilities.

Furthermore, the researchers found “significant technical issues” in Huawei’s engineering process. They said it could lead to “new risks in the UK [sic] telecommunications networks.”

No Ban?

However, the report stopped short of banning Huawei technology. This would be an exceptional undertaking, as Huawei has woven itself into The U.K.’s primary infrastructure since 2010, when this oversight board was established. They say that, because Huawei made no improvements over last year, they wouldn’t change their advice on the company. However, they noted that this lack of progress was due to “underlying defects in Huawei’s software engineering and cyber security process.”

Huawei’s triple camera system with time of flight sensor

The officials were not able to replicate Huawei’s software. They couldn’t verify Huawei’s code, meaning there may be issues they weren’t able to find and couldn’t get access to. The fact that Huawei would keep this from them is worrying, but understandable. Companies are protective of their software.

Security vulnerabilities and technical issues that persist over a year with no improvement is a cause for concern. Allowing them to fester for just a few months would be troubling. But what do I know? I’m just a software engineer.

However, it’s worth noting that we don’t have a similar risk assessment for other cellular carriers or manufacturers. They could be equally insecure.

Chinese Government Involvement

According to previous reports, ranging from the “Five Eyes” security group to a Bloomberg report on Supermicro circuits, the Chinese government often infiltrates its own companies. They’ll find factory workers they can leverage, placing malicious hardware into devices to improve their oversight capability. In the case of Supermicro, this was a small chip that allowed them to have remote and even wireless access. In Huawei’s case, it could be in the manufacturing process, in the software development process, or even their leadership.

If the government does have access to Huawei’s software development process, it would explain why their security vulnerabilities haven’t been fixed. This could support claims of security experts who believe Huawei is, intentionally or not,, working on behalf of the Chinese government for data collection.

The small chip that the Chinese government supposedly installed on Supermicro boards.

Huawei has spread all around the world. It’s in consumer devices as well as cellular networks. The Chinese government would be foolish not to leverage that access. Depending on how they did it, they Huawei could shift blame to individuals and recover from a controversy. The only reason not to would be the potential risk to Huawei’s brand, which China cares about, but could repair through a rebranding, marketing, assurance that it was a lone actor, or propaganda.

Propaganda Campaign

The Chinese government has ran a propaganda campaign for Huawei. They’ve worked to encourage Chinese people to buy Huawei devices out of nationalistic pride, while touting the features of the phones. Furthermore, and seemingly without prompting, Chinese companies, all around the same time, started punishing employees for using iPhones or other foreign-made devices. They’re also offering incentives for buying Huawei devices.

This could be just some patriotism out of Chinese companies, or it could have been due to governmental influence.

Moving Forward

Photo: Thomas Peter/Reuters

The U.K. report didn’t call for an outright ban of Huawei equipment. However, the rest of the Five Eyes security experts have pushed for caution when dealing with Huawei. The U.S. government has forbidden use of Huawei tech for government purposes or government contractors. It cites it as a security risk, though they haven’t revealed their reasoning, likely to protect sources and methods. For consumers, the best bet would be to avoid Huawei. For anyone designing your nations infrastructure, does weaving lasting security concerns into your most sensitive infrastructure sound appealing? No? Then avoid Huawei as well.


Sources:
Exit mobile version