According to a UK government report, while analysing Huawei’s tech, security experts discovered a flaw of “national significance”.
The Huawei Cyber Security Evaluation Centre (HCSEC) was opened in 2010, tasked with assessing the potential risk presented by Huawei’s technologies, which were be used as part of the UK networks.
In the recently released report, HCSEC detailed Huawei’s engineering, software and cyber security processes.
The report reveals that there is an increased risk to UK operators, which calls for ongoing management and mitigation.
Some of the issues raised in the previous report still remain unaddressed.
Of particular concern was the increasing number of build and architectural issues discovered.
With sufficient knowledge and a high enough access level, an attacker could exploit them to affect the operation of a UK network and in some cases even disrupt its stability.
Typically, Huawei is the first to learn of a flaw upon identification, but in the case of an extreme vulnerability that is of national significance, an exception is made.
The issues identified are unlikely to be due to any Chinese state interference, but rather bad cyber security hygiene and engineering competence.
The analysts also found evidence of poor coding practices.
It was discovered in 2019 that Huawei is doing a poor job at following its own internal secure coding guidelines.
Despite Huawei having fixed these specific vulnerabilities in the UK, some deficiencies still remain.
The company states that it is making continued investment into improving its products.
Huawei used to be a key provider of network technology in the UK – however, in July, the government decided not to purchase 5G equipment from the company from 2021 due to national security concerns.
Telecommunications companies have been instructed to remove Huawei’s 5G network technology over the next seven years.