Huawei 'Failed To Improve UK Security Standards'

Huawei has failed to adequately tackle security flaws in equipment used in the UK's telecoms networks despite previous complaints, an official report says. From a report: It also flagged that a vulnerability "of national significance" had occurred in 2019 but been fixed before it could be exploited. The assessment was given by an oversight board, chaired by a member of the cyber-spy agency GCHQ. It could influence other nations weighing up use of Huawei's kit. The report said that GCHQ's National Cyber Security Centre (NCSC) had seen no evidence that Huawei had made a significant shift in its approach to the matter. And it added that while some improvements had been made, it had no confidence they were sustainable. As a result, it concluded, the board could only provide "limited assurance that all risks to UK national security" could be mitigated in the long-term. In July, the government announced that due to US sanctions Huawei would eventually be excluded from the new 5G telecoms network by 2027, but the Chinese company can continue to play a role in older mobile phone networks and fixed broadband.

The US has argued that using Huawei's equipment creates a risk of the Chinese state carrying out espionage or sabotage, something the company has always denied. Despite the criticisms, British security officials say they can manage the current risks posed by using Huawei's existing kit, and they do not believe the defects they have found are a result of Chinese state interference. Huawei has responded saying the report highlights its commitment to openness and transparency.

Interesting; Huawei security in the news now

[Geoffrey.landis]

Interesting that this story comes only 5 hours after the early story saying that Huawei is going to open their "inner workings" to show that there's no security threat: https://it.slashdot.org/story/... [slashdot.org]

(that article was not very explicit on what "open their inner workings" actually means. Publishing their source code, as well as all the hardware details?)

Re:

[account_deleted]

Comment removed based on user account deletion

By whom?

[hackingbear]

The assessment was given by an oversight board, chaired by a member of the cyber-spy agency GCHQ.

(high-lighted by me.)

By the same Five Eye agencies that hijack a whole security product company [washingtonpost.com] and implanted back-doors to Made-in-USA telecom equipment [infoworld.com], against the Chinese company whose "security threat" has still been as elusive as the Iraq WMDs.

What's new?

Re:

[Geoffrey.landis]

Well, actually that makes sense. A good portion of the work of a spy agency is counter-espionage. Who better to know what hardware would be used for spying?

No big surprise here, I say.

[Rick Schumann]

So far as I'm concerned 'Huawei' is just a mask that the Chinese government is wearing, and as such they have no interest in 'fixing security flaws' because fixing those 'flaws' would disable their ability to use Huawei equipment as a global surveillance system -- which is their ultimate goal: equip the entire planet with Huawei technology, so they can surveil anyone in any country at will.
Of course now the China shills and reality deniers will scoff and insult me and use their mod points to silence me. Th

Huawei 'Failed To Improve UK Security Standards

[alexsunny123]

Presuming an overhead factor of 2, that's $30K for salaries, Huawei 'Failed To Improve UK Security Standards which presuming $100K per employee is enough for three months of developer time. If you figure a team of 3 (including QA/testing) you've got about a month. For a highly visible application that requires excellent security and transparency or it will attract suspicions of having been hacked/gamed/rigged.