A report by Huawei’s Cybersecurity Evaluation Centre (HCSEC) has found that the company’s products, which are deployed or are contracted to be deployed in the UK, have underlying engineering issues.
Addressed to the UK National Security Advisor, HCSEC Oversight Board’s fourth annual report explained that there were still concerns regarding the company broadband and mobile infrastructure products, referring to a security critical third party software used in a variety of products which was “not subject to sufficient control.”
“There have been a number of detailed technical discussions between Huawei R&D and HCSEC, some including National Council Security Centre,” said the report. “These discussions are working towards a full understanding of the problem, a short-term mitigation plan and a more strategic fix for the underlying cause of the problem.
“However, there is a significant risk in the UK telecoms infrastructure if Huawei and the operators are unable to support these boards long-term.”
According to the BBC, the HCSEC was set up in 2010 in response to concerns that BT and others’ use of Huawei’s equipment could pose a threat. The body is overseen by UK security officials, including GCHQ.
Prior to this report, the previous three had concluded that any risks posed to the UK’s national security “had been mitigated.” However, in this latest report, the HCSEC had found two areas of concern; the building of consistent binary code and insufficient management of third-party software.
In other countries such as the US, Chinese companies such as Huawei and ZTE have been banned, most recently from retail stories on US military bases. In Australia, there is also talk of Huawei being banned from its new 5G network due to security concerns.
In April 2018, the Wall Street Journal reported that the company was under US criminal investigation for illegal Iran sales, violating export sanctions.
In a statement, Huawei said: “The oversight board has identified some areas for improvement in our engineering processes. We are grateful for this feedback and committed to addressing these issues.”
Source: infosecurity-magazine.com