U.K. says Huawei equipment has major security flaws

Huawei MWC19
The U.K. government is considering banning Huawei equipment from 5G deployments. (Monica Alleven/FierceWireless)

U.K. officials argue that Huawei has not addressed security concerns in its products and has failed to implement a companywide cybersecurity overhaul it promised in 2012. 

In the U.K. government’s Huawei cybersecurity evaluation center (HCSEC) oversight board’s annual report (PDF), the watchdog group said it “has continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators, which requires ongoing management and mitigation.” 

The HCSEC was launched in 2010 as part of an agreement between Huawei and the British government to mitigate the “perceived risks” Huawei’s equipment might play in the U.K.’s critical national infrastructure. The HCSEC oversight board was later established in 2014, and has released five annual reports to date on Huawei security. 

eBook

Get the keys to unlock the full potential of 5G

Are you prepared to navigate the maze of challenges involved in deploying 5G infrastructure? F5 can guide you past the pitfalls and help you unlock the full promise of 5G. Download this whitepaper to learn how to navigate this challenge.

RELATED: European Commission weighs in on 5G security 

The U.K. government has been vocally concerned about Huawei’s security practices for at least two years now. Following the HCSEC’s report from 2018, which found a number of security flaws in Huawei’s products, Huawei pledged to spend $2 billion on a security overhaul, but U.K. officials reportedly walked out of the meeting. 

The latest report found that despite numerous security concerns identified in the 2018 report, Huawei has made “no material progress” in addressing those issues. It also stated that it “has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation program that it has proposed as a means of addressing these underlying defects.” 

The report pointed to a 2012 white paper Huawei released on cybersecurity and noted that none of the promised remediations laid out in that paper have come to fruition yet. 

Finally, the report notes that the board cannot “appropriately risk-manage future products” in U.K. deployments until Huawei addresses what HCSEC calls “defects in Huawei’s software engineering and cybersecurity processes.”

RELATED: Huawei files suit against U.S. as dispute around equipment intensifies 

The U.K. government is considering banning Huawei equipment from 5G deployments amid rising concerns globally over Huawei’s security. The U.S. government has led the charge against Huawei, lobbying its allies to ban the equipment maker in light of concerns that Huawei could possibly allow the Chinese government backdoor access to critical infrastructure. 

The U.K. government has said it hasn’t found any proof of espionage. Operators O2 and Three are currently testing 5G network equipment with Huawei, while Vodafone has said it will pause 5G tests with Huawei until further notice. Wireless carrier EE and its parent company BT have barred Huawei products from 5G deployments.

Suggested Articles

Global Data principal analyst Ed Gubbins thinks more real-world activity like this could help Nokia get skeptical operators on board with vRAN.

Keysight Technologies recently announced that it has joined the multi-party 6G Flagship Program supported by the Academy of Finland and led by the University…

A new investigative study by the Chicago Tribune found some models of smartphones tested above the legal limit for RF radiation exposure. Device makers,…