British Report Highlights Security Issues in Huawei Networking Gear

While the country still doesn’t recommend a ban, Britain this week publicly complained about the security risk of Huawei’s networking gear, citing years-long quality problems and Huawei’s inability to fix them.

“These findings are about basic engineering competence and cyber security hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors,” a National Cyber Security Centre (NCSC) report notes, adding that Huawei will need to dramatically improve its response to issues. “The evidence of sustained change is especially important as strongly-worded commitments from Huawei in the past have not brought about any discernible improvements.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

The report describes “significant” flaws in Huawei’s existing networking hardware, which has been present in the UK’s infrastructure for over 15 years. This report is notable because the United States is calling, mostly unsuccessfully, for its allies to ban Huawei as they build out next-generation 5G networks. It has never provided any evidence that backs up its fears of the company and other Chinese-based technology giants.

The NCSC previously reported that Huawei hardware is not used in any governmental or otherwise sensitive networks. As it does with all governmental technology providers, Huawei is subject to strict and ongoing security reviews in the country, and none have ever led to any suspicions.

On that note, the UK-based security agency’s report stopped short of recommending a ban, noting that past problems with Huawei networking gear were just design flaws, not backdoors for the Chinese government. The problem, put simply, is a lack of quality and follow-through when problems are identified.

“NCSC does not believe that the defects identified are a result of state interference,” the report explains.

Huawei has already pledged to spend $2 billion over the next five years to improve the quality of its software and security processes. And it says it will address the NCSC complaints.

“The report details some concerns about Huawei’s software engineering capabilities,” a corporate statement reads. “We understand these concerns and take them very seriously.”

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 10 comments

  • wright_is

    Premium Member
    28 March, 2019 - 8:19 am

    <p>You see, NSA, this is the way you do it. You know, point at something concrete and say there is a problem. </p><p>Not act like some pouty jilted lover saying, "I don't like them and if you shack up with them, I won't talk to you again, so nah!"</p><p>As noted, it is a cause for concern and they need to improve their focus on security, if they want to continue selling their kit, but no sign of any backdoors or spying software.</p>

    • lvthunder

      Premium Member
      28 March, 2019 - 11:19 am

      <blockquote><em><a href="#416093">In reply to wright_is:</a></em></blockquote><p>Just because the NSA isn't shouting what they know to the world doesn't mean they aren't telling the allies in a confidential setting.</p>

  • waethorn

    28 March, 2019 - 8:36 am

    <p>This! THIS is why you can't have Chinese 5G.</p><p><br></p><p>Oh, and then there's this: arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/</p>

    • wright_is

      Premium Member
      28 March, 2019 - 9:51 am

      <blockquote><em><a href="#416097">In reply to Waethorn:</a></em></blockquote><p>A driver with a local user escalation problem, that had been fixed by the time of the article. You need to be logged on as a legitimate user on the system, before you could exploit this. Not good, but hardly something to really panic over. It just shows that Huawei have a long way to go in tightening up their coding quality.</p><p>You could just as well say, that is why we can't use Windows, or macOS, or Android or iOS or Linux…</p>

  • waethorn

    28 March, 2019 - 8:38 am

    <p>"NCSC does not believe that the defects identified are a result of state interference,”</p><p><br></p><p>What next? Your personal data is safe on Facebook?</p>

    • skane2600

      28 March, 2019 - 11:47 am

      <blockquote><em><a href="#416098">In reply to Waethorn:</a></em></blockquote><p>You might just as well say "What next? You're personal data is safe on the Internet?" Once you connect your computer to the Internet you risk your data. There's a long history of vulnerabilities everywhere.</p>

  • Daekar

    28 March, 2019 - 9:52 am

    <p>Seems like the kind of thing that will work via the market to keep Huawei from dominating the 5G landscape – bugs are not backdoors even though they can be functionally identical in the end, and have the same cost. Some countries and companies will care, some won't. Regardless, this doesn't really have more than tangential bearing on the other security concerns that have been bandied about regarding Huawei, and this won't sway either side to change their opinions. </p>

    • wright_is

      Premium Member
      28 March, 2019 - 10:18 am

      <blockquote><em><a href="#416114">In reply to Daekar:</a></em></blockquote><p>Just look at Cisco, they have removed dozens of backdoors into their systems over the last 12 – 18 months. It seems like nearly every month has come up with another backdoor removed from something or another.</p><p>Some of them were from acquisitions, but even so, it is not a good look for Cisco.</p>

      • Daekar

        28 March, 2019 - 1:25 pm

        <blockquote><em><a href="#416122">In reply to wright_is:</a></em></blockquote><p>Yes, I remember hearing Steve Gibson talk about those vulnerabilities. Scary to hear about that kind of thing from such a trusted and established player.</p><p>Honestly, I think almost every system we use is full of holes, and we just don't know it. I am also perfectly willing to believe that almost every system we use is somehow compromised by nation-state actors regardless of the country of origin. Looking at history and human behavior, that is absolutely a no brainer to do. As much as I hate to say it, any government that DOESN'T is run by idealistic fools that will eventually be trampled by those who don't share their scruples.</p>

  • skane2600

    28 March, 2019 - 12:37 pm

    <p>Dear UK, your check is in the mail. Sincerely US.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC