U.K. says Huawei equipment has major security flaws

Huawei MWC19
The U.K. government is considering banning Huawei equipment from 5G deployments. (Monica Alleven/FierceWireless)

U.K. officials argue that Huawei has not addressed security concerns in its products and has failed to implement a companywide cybersecurity overhaul it promised in 2012. 

In the U.K. government’s Huawei cybersecurity evaluation center (HCSEC) oversight board’s annual report (PDF), the watchdog group said it “has continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators, which requires ongoing management and mitigation.” 

The HCSEC was launched in 2010 as part of an agreement between Huawei and the British government to mitigate the “perceived risks” Huawei’s equipment might play in the U.K.’s critical national infrastructure. The HCSEC oversight board was later established in 2014, and has released five annual reports to date on Huawei security. 

Sponsored by Southco Inc.

How To Secure 5G Equipment With Electronic Access

Learn how to protect small cell enclosures from physical threats and deliver better, stronger and more reliable networks with electronic locks and access control systems.

RELATED: European Commission weighs in on 5G security 

The U.K. government has been vocally concerned about Huawei’s security practices for at least two years now. Following the HCSEC’s report from 2018, which found a number of security flaws in Huawei’s products, Huawei pledged to spend $2 billion on a security overhaul, but U.K. officials reportedly walked out of the meeting. 

The latest report found that despite numerous security concerns identified in the 2018 report, Huawei has made “no material progress” in addressing those issues. It also stated that it “has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation program that it has proposed as a means of addressing these underlying defects.” 

The report pointed to a 2012 white paper Huawei released on cybersecurity and noted that none of the promised remediations laid out in that paper have come to fruition yet. 

Finally, the report notes that the board cannot “appropriately risk-manage future products” in U.K. deployments until Huawei addresses what HCSEC calls “defects in Huawei’s software engineering and cybersecurity processes.”

RELATED: Huawei files suit against U.S. as dispute around equipment intensifies 

The U.K. government is considering banning Huawei equipment from 5G deployments amid rising concerns globally over Huawei’s security. The U.S. government has led the charge against Huawei, lobbying its allies to ban the equipment maker in light of concerns that Huawei could possibly allow the Chinese government backdoor access to critical infrastructure. 

The U.K. government has said it hasn’t found any proof of espionage. Operators O2 and Three are currently testing 5G network equipment with Huawei, while Vodafone has said it will pause 5G tests with Huawei until further notice. Wireless carrier EE and its parent company BT have barred Huawei products from 5G deployments.

Suggested Articles

While 3GPP is busy creating new standards for 5G that encompass a range of technologies, LTE-based IoT is getting relatively little overhaul.

Wi-Fi 6 has just launched, but Wi-Fi 7 is already on the horizon; read on for an overview of Wi-Fi 7 and anticipated benefits

The cellular-connected IoT module is built with Microsoft’s Azure Sphere.