What's new

Huawei 'failed to improve UK security standards

rent4country

BANNED
Jul 31, 2020
441
0
210
Country
United States
Location
United States

Huawei has failed to adequately tackle security flaws in equipment used in the UK's telecoms networks despite previous complaints, an official report says.
It also flagged that a vulnerability "of national significance" had occurred in 2019 but been fixed before it could be exploited.

The assessment was given by an oversight board, chaired by a member of the cyber-spy agency GCHQ.

It could influence other nations weighing up use of Huawei's kit.


The report said that GCHQ's National Cyber Security Centre (NCSC) had seen no evidence that Huawei had made a significant shift in its approach to the matter.
And it added that while some improvements had been made, it had no confidence they were sustainable.

As a result, it concluded, the board could only provide "limited assurance that all risks to UK national security" could be mitigated in the long-term.
In July, the government announced that due to US sanctions Huawei would eventually be excluded from the new 5G telecoms network by 2027, but the Chinese company can continue to play a role in older mobile phone networks and fixed broadband.

The US has argued that using Huawei's equipment creates a risk of the Chinese state carrying out espionage or sabotage, something the company has always denied.
Despite the criticisms, British security officials say they can manage the current risks posed by using Huawei's existing kit, and they do not believe the defects they have found are a result of Chinese state interference.

Huawei has responded saying the report highlights its commitment to openness and transparency.

"The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities," a spokesman said.

Although the company now has limited prospects in the UK, it is still hoping to sell its 5G kits to other parts of Europe.

Earlier this week, the chief of its Italian business suggested that other countries could carry out detailed inspections of their own to help overcome security concerns.
"We will open our insides, we are available to be vivisected to respond to all of this political pressure," said Luigi De Vecchis.

However, the Financial Times has reported that Germany is set to be next to ban local networks from using the firm's 5G products.

One expert said setting up an operation like HSEC required a state to provide considerable resources, and offered no guarantee of success.

"Even if Huawei passes the technical evaluation, which we see from today's report is not certain, they may yet be blocked at the political level," said Emily Taylor, editor of the Journal of Cyber Policy.

Delayed findings
Huawei equipment has been used in the UK for a decade and a half.

Since 2010, a special Huawei Cyber Security Evaluation Centre (HCSEC), based in Banbury, has been tasked with checking its telecoms infrastructure products.
An oversight board then examines the work of HCSEC and reports to the UK's National Security Advisor annually, although the latest report covering 2019 was delayed because of the coronavirus pandemic.

Last year, the report raised serious concerns about standard of Huawei's equipment and software, and there is no major change in the latest assessment.
In 2018, Huawei committed to a $2bn (£1.5bn) five-year plan to improve its software engineering processes in response to previous criticism.
But the new report complains that Huawei has yet to convince that it can complete the effort on time, and adds that "unless a detailed and satisfactory plan has been provided, it is not possible to offer any degree of confidence that the identified problems can be addressed by Huawei".

In particular it highlighted "poor coding practices" and said there was a "range of evidence" employees were not following Huawei's own guidelines.
Huawei argues it is still in the early stages of the plan and real improvements will only be reflected in future reports.

Broadband flaw
The report adds the amount of vulnerabilities reported in 2019 were "significantly beyond" the number found in 2018, but says this is partly due to the increasing effectiveness of the checks rather than an overall decline in standards.

But it highlights one vulnerability of "national significance" in 2019, which required extraordinary measures to fix.

The BBC has learned this was related to broadband - but officials do not believe anyone exploited the flaw.

The report covers 2019, and so does not address the period when the US imposed new sanctions affecting Huawei.

Those sanctions technically affect HCSEC itself, since it is part of Huawei, and will require changes in its organisational structure.

@Feng Leng @hualushui @Beast @FairAndUnbiased
 

Attachments

Last edited:

rent4country

BANNED
Jul 31, 2020
441
0
210
Country
United States
Location
United States
So-if India steals the IP of Pakistani companies, your reaction would be the same?

what about if you are working in a company in the UK, where your livelihood depends on it, and they have their Intellectual property stolen and you lose your job because of loss of revenue. Good on that too?
 

Path-Finder

ELITE MEMBER
Feb 7, 2013
18,781
1
26,964
Country
Pakistan
Location
United Kingdom
So-if India steals the IP of Pakistani companies, your reaction would be the same?

what about if you are working in a company in the UK, where your livelihood depends on it, and they have their Intellectual property stolen and you lose your job because of loss of revenue. Good on that too?
my old worked for marconi long time ago. The soviets were able to get info on the projects that were being developed for Britain's defence and one project my old was part of. once the leak was discovered all those projects had to be shelved! Long story short that is the world we live in. I am pretty sure the indians want their hands on american IP's if they could. so let's not play the holier than thou game.
 

rent4country

BANNED
Jul 31, 2020
441
0
210
Country
United States
Location
United States
my old worked for marconi long time ago. The soviets were able to get info on the projects that were being developed for Britain's defence and one project my old was part of. once the leak was discovered all those projects had to be shelved! Long story short that is the world we live in. I am pretty sure the indians want their hands on american IP's if they could. so let's not play the holier than thou game.
You don't know the difference between spying, military espionage versus economic espionage and IP theft.
 

Globenim

SENIOR MEMBER
Aug 19, 2011
2,049
-1
3,447
Country
China
Location
Thailand
its called only the yanks shall have a backdoor.
Basically Huawei did improve its security as it always does and still does not actually have any concrete known "backdoors" as proclaimed by the US regime, but on pressure of the US regime they increased scrutinity against Huawei with standards no other service provider can deliver either, to justify replacing it with the gaping holes of "trusted" US regime affiliated bugged hardware that fails every test unless you pretend the known backdoors aren't there.
 
Last edited:

8888888888888

FULL MEMBER
Nov 29, 2016
1,278
0
1,228
Country
China
Location
China
Huawei at least allow UK to check their code and equipment, other USA and EU comapny would just say mind their own business with their government support.
 

hualushui

FULL MEMBER
Jul 3, 2019
1,008
-1
1,558
Country
China
Location
China
Huawei blocked the US surveillance backdoor, which is a national security issue for the US. Because they can't monitor Merkel anymore :omghaha: :omghaha: :omghaha:
 

rent4country

BANNED
Jul 31, 2020
441
0
210
Country
United States
Location
United States
Huawei blocked the US surveillance backdoor, which is a national security issue for the US. Because they can't monitor Merkel anymore :omghaha: :omghaha: :omghaha:
and as thank you, you got this :p:
 

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)

Top