The News

UK report finds technical risks in Huawei network gear

LONDON (AP) — British cybersecurity inspectors said Thursday they found significant technical issues in Chinese telecom supplier Huawei’s software that pose risks for the country’s mobile networks.

It’s the latest salvo in a global battle over Huawei , which the U.S. says could give the Chinese government backdoor access to sensitive data worldwide.

The annual update on Huawei Technologies’ security said officials are not confident Huawei is up to fixing the problems, pointing out that the company still hasn’t done anything to address flaws identified in last year’s report.

Thursday’s report said it’s possible to only give “limited assurance” that long-term national security risks from Huawei’s involvement in critical British telecom networks can be adequately managed.

The U.S. government wants its European allies to ban the company from next-generation mobile networks set to roll out in coming years over fears China’s communist leaders could use Huawei gear to carry out cyberespionage.

Britain has so far resisted, saying it can manage the risks without resorting to a boycott. The European Union is also leaning toward a similar approach, with the bloc’s executive commission avoiding a ban when it released security recommendations for 5G networks earlier this week.

Security of superfast 5G mobile networks, which promise to unlock a new wave of innovation, is taking on more urgency as European countries prepare to auction off frequencies to mobile phone companies this year.

Thursday’s report noted that Britain’s cybersecurity authorities did not believe Huawei’s defects were a result of “Chinese state interference.”

Since 2010, Huawei equipment in British networks has been inspected by an evaluation center, which is funded by the Chinese company and, starting in 2014, overseen by a board chaired by a top British cybersecurity official. Other board members include officials from Huawei and Britain’s mobile phone companies.

The oversight board’s report criticized Huawei for making “no material progress” in fixing technical shortcomings noted in last year’s report.

“We understand these concerns and take them very seriously,” Huawei said in a statement. The issues that have been identified “provide vital input for the ongoing transformation of our software engineering capabilities,” a global effort for which the company in November pledged $2 billion over five years, it said.

The oversight board, however, said it hasn’t seen anything that gives it confidence Huawei has the capacity to carry out the transformation.

One big concern: In 2018 the center found “several hundred issues and vulnerabilities” in Huawei gear that were reported to British mobile companies.

Alarmingly, it said attackers who knew of the vulnerabilities and had the right access could potentially exploit them to affect a network’s operation, in some cases by causing it stop to operating correctly.

The report’s findings don’t suggest that British mobile networks are more vulnerable than last year, and can be used to flag up issues so phone companies can more effectively mitigate them, it said.

The oversight report is separate from a government review of the risks to Britain’s 5G telecom equipment supply chains due out this spring, though it is one of the things that review will take into account.

Huawei overtook Scandinavian rivals Nokia and Ericsson to become the world’s biggest telecom equipment maker because of its reputation for cheap, good quality products.

___

Follow Kelvin Chan at www.twitter.com/chanman

___

Follow the AP’s coverage of technology at: https://apnews.com/apf-technology