Britain found ‘critical’ weakness in Huawei equipment
- Chinese telecoms giant made to fix flaws that could have put security of British networks at risk, government agency says
- Repairs, however, created different ‘major issue’, pointing to ‘deficiencies in Huawei’s engineering processes’
British intelligence forced Huawei Technologies to fix flaws in its products that could have put the security of the country’s networks at risk, a government agency said.
“Critical, user-facing vulnerabilities” were found in the Chinese supplier’s fixed-broadband products caused by poor code quality and an old operating system, the Huawei Cyber Security Evaluation Centre Oversight Board said in a report. “UK operators needed to take extraordinary action to mitigate the risk.”
The centre, near Oxford in England, was set up between the Shenzhen-based technology giant and the British government in an arrangement to let the UK’s National Cyber Security Centre examine its hardware and software.
In the annual report published on Thursday, the HCSEC Oversight Board said Huawei repaired the security issue. No exploitation of it was detected. However, the fix then created a new, different “major issue”. The incident was “further evidence that deficiencies in Huawei’s engineering processes remain”, it concluded.
02:27
UK bans Huawei from 5G network after US sanctions
The event had “national significance” and marked a rare occasion where a full description of the problem was temporarily held back from Huawei while Britain assessed its impact. The NCSC does not believe the defects identified were due to Chinese state interference, the report said.
The revelation comes at a sensitive time for Huawei after the British government decided to ban telecoms operators from using its gear in their fifth-generation mobile networks. The government is now reviewing Huawei’s role in supplying fixed-broadband infrastructure.