[ad_1]
British intelligence forced Huawei Technologies Co. to correct flaws in its products that could have put the security of the country’s networks at risk, a government agency said.
“Critical user-facing vulnerabilities” were found in the Chinese provider’s fixed broadband products caused by poor code quality and an old operating system, the Oversight Board of Huawei’s Cyber Security Assessment Center said in a report. . “UK operators had to take extraordinary measures to mitigate risk.”
The center, near Oxford in England, was established between the Shenzhen-based tech giant and the British government in an agreement to allow the UK’s National Center for Cyber Security to examine its hardware and software.
In the annual report released Thursday, the HCSEC Oversight Board said Huawei fixed the security issue. No exploitation of it was detected. However, the solution created a different new “major problem”. The incident was “further proof that the deficiencies in Huawei’s engineering processes persist,” he concluded.
National importance
The event was “nationally significant” and marked a rare occasion when Huawei temporarily withheld a full description of the issue while the UK assessed its impact. The NCSC does not believe the identified defects are due to interference from the Chinese state, according to the report.
The revelation comes at a sensitive time for Huawei, after the UK government decided to ban telecom operators from using its equipment on its fifth-generation mobile networks. The government is now reviewing Huawei’s role in providing fixed broadband infrastructure.
The HCSEC Oversight Board said it “can only provide a limited technical assurance on the security risk management of Huawei equipment on UK networks”, reiterating a finding from last year’s report.
‘Huawei barometer’ shows political pressure on 5G launch: map
“This is a bad state of affairs, especially as Huawei’s kit will remain on UK networks and may even be added to it, despite the ban,” said lawmaker Bob Seely, a member of the ruling Conservative Party who has made campaign to impose stricter restrictions on Huawei.
US Black List
When asked about the report’s findings, a Huawei spokesperson said the vendor is the only one facing such a harsh level of scrutiny.
“Huawei calls for all vendors to be evaluated against an equally robust benchmark, to improve security standards for all,” the spokesperson said.
The UK had previously decided that it could manage the risks of keeping some Huawei on 5G networks. That It changed course in July after US sanctions cut off Huawei’s access to US microprocessor technology. UK security services said this meant that the safety of Huawei’s supplies could not be guaranteed.
The HCSEC oversight board report covered the situation in 2019. However, famous that Huawei had already started trading US components for replacements from elsewhere towards the end of 2019 to comply with US blacklist rules. This may “limit the number of products that can be tested by HCSEC and thus So much for the amount of products that can be used in the UK, “he said.
The US “entity list” made it difficult for the HCSEC to do its job for another reason, the report noted: The facility is owned by Huawei, making it more difficult to obtain security monitoring products that use intellectual property from US officials are looking at how to solve the problem.
– With the assistance of Kitty Donaldson
(Contextual updates in the fifth paragraph and legislators comment in the eighth)
