Latest in Gear

Image credit:

UK oversight board discloses potential Huawei security issues

They could cause risks to the country's telecom infrastructure.
Rob LeFebvre, @roblef
July 19, 2018
Share
Tweet
Share

Sponsored Links

OATH

Chinese phone maker Huawei continues to get quite a bit of scrutiny as it tries to push into western markets like the US and UK. The FBI, CIA and NSA have warned against buying the company's phones, AT&T backed out of reported plans to bring the handsets to the US and Best Buy stopped ordering its smartphones. In the UK, the annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board says that it has continued concerns with Huawei's software engineering processes and the possible risks it could cause UK telecommunication networks.

The HCSEC was created in 2010 as a way for the UK government to keep a close eye on the company as it moved into telecommunications infrastructure in the country. The oversight board came about four years later -- it contains a senior executive from Huawei and senior representatives from various levels of government and the telecommunications sector. After saying that the HCSEC has been effective in pursuing its mission, the report states that it has "identified shortcomings in Huawei's engineering processes" that have "exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management."

The HCSEC wants to make sure that Huawei can deliver consistent binary code for its products. That way, it can be assured that such code does not contain anything malicious that could attack UK telecommunications systems (or leave them vulnerable to attacks). Huawei was only able to show that one of four specific products had software builds that were reproducible. The report notes that this particular build has not yet been distributed by any UK operators, but may be in the near future, with the other three products becoming available later this year if they can provide reproducible binaries as well.

Ultimately, the oversight board reported to the UK's National Security Adviser that it can "provide only limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

iPhone 12 teardown reveals how 5G has changed things

iPhone 12 teardown reveals how 5G has changed things

View
What we bought: Our favorite USB-C chargers

What we bought: Our favorite USB-C chargers

View
Get ready to raid 'Ghost of Tsushima' on October 30th

Get ready to raid 'Ghost of Tsushima' on October 30th

View
A massive spam attack is ruining public 'Among Us' games

A massive spam attack is ruining public 'Among Us' games

View
Custom PS5 covers are already a thing

Custom PS5 covers are already a thing

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr