Site icon IT World Canada

UK security oversight board still finds coding quality issues with Huawei

Huawei Canada HQ

Huawei Technologies is facing another critical security review report from a U.K. auditing board.

The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, an independent agency set up by the government and Huawei 16 years ago to oversee the security of the telecom equipment maker’s gear, continued to raise questions about the quality of the company’s code.

The board, which reports to the U.K. national security advisor, said in a report released last week that:

As usual, the board didn’t deal with allegations that Huawei is susceptible to pressure from the Chinese government because of a national security law that obliges Chinese-based companies to work with its intelligence agencies.

The report covers the calendar year 2019 so it also doesn’t deal with July’s decision by the government of Prime Minister Boris Johnson preventing British carriers from buying new Huawei 5G equipment after December 31st, and ordering them to remove all Huawei equipment from their 5G networks by the end of 2027.

The Globe and Mail reported that the Canadian government and Huawei operate a similar independent lab for evaluating Huawei network gear.

RELATED:

Huawei UK agrees to address technical issues

Reacting to the report SC Magazine quoted Huawei saying it found no evidence of baked-in espionage. “As innovators, we continue significant investment to improve our products. The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities,” wrote the company in a statement.

The role of the Oversight Board is to oversee and ensure the independence, competence and overall effectiveness of the Evaluation Centre as part of the overall U.K. security risk mitigation strategy.

Many of the serious vulnerabilities found by analysts included unprotected stack overflows in publicly accessible protocols, protocol robustness errors leading to denial of service, logic errors, cryptographic weaknesses, default credentials “and many other basic vulnerability types.”

The Canadian government still hasn’t made a decision on whether to allow carriers here to install Huawei gear in their new 5G wireless networks. Bell and Telus, which have Huawei equipment in their 4G networks, have decided not to wait and have chosen other suppliers.

The federal government’s decision is complicated by the detention of two Canadians in China while a Vancouver hearing on an extradition request from the U.S. for Huawei chief financial officer Meng Wanahou continues.

 

 

Exit mobile version