Cybersecurity analysts carrying out research into Huawei networks in the UK last year discovered a major vulnerability that left them open to cyberattacks.
The issue, discovered by investigators at the UK’s Huawei Cyber Security Evaluation Centre (HCSEC), turned out to be so severe that it was withheld from Huawei and not reported due to security concerns.
In a report carried out annually by the HCSEC, the vulnerability was flagged as being of ‘national concern’ and Huawei’s software engineering and cybersecurity practices were criticised.
“While Huawei has demonstrated some minor improvements in 2019, the serious and systematic defects in Huawei’s software engineering and cybersecurity competence identified in the previous Oversight Board report remain,” the report states.
“The UK’s mitigation strategy for the use of Huawei equipment in the UK telecommunication sector, of which HCSEC and the Oversight Board is one part, expects industry good practice software engineering and cybersecurity development and support processes as a basis.
“Evidence demonstrates that Huawei currently does not meet that basic expectation. Consequently, the NCSC has advised the Oversight Board that it can continue to provide only limited assurance in the security of the currently deployed equipment in the UK.”
There are hypothetical concerns that vulnerabilities are the work of the Chinese state to purposefully add a flaw in Huawei’s equipment which could be exploited in the future, an idea previously floated by the US government.
However, the report states that the NCSC “does not believe that the defects identified are as a result of Chinese state interference,” and said there is no evidence the vulnerabilities were exploited.
Investigators went on to say that “poor software engineering and cybersecurity processes lead to security and quality issues, including vulnerabilities” – and that “the increasing number and severity of vulnerabilities discovered” is of particular concern.
- New report calls for action to improve tech sector neurodiversity
- Scottish students bag top awards at Young Software Engineer of The Year
- CyberScotland week to return as pandemic drives up cyberattacks
This latest flaw in Huawei’s network comes as another blow to an already battered company. A review was previously carried out by the NCSC in May to assess the influence of Huawei’s involvement in British 5G networks.
The review sought to examine the use of Huawei equipment in Britain’s critical infrastructure after the company was blacklisted by the US government.
Huawei was hit by further bad news after the UK government’s U-turn on the use of its equipment in the country’s 5G networks.
Westminster announced in July that the UK would be banning the firm’s equipment from its networks by 2021 and would seek other companies as a replacement.