A UK government cybersecurity watchdog has once again raised serious concerns about Huawei’s security practices, the Financial Times reports. The report comes from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, an organisation set up by the UK’s National Cyber Security Centre to evaluate the security risks posed by using Huawei’s equipment in critical national infrastructure.
HCSEC’s report does not claim to have found any direct evidence of state-backed espionage. However, what it does do is criticize Huawei’s “basic engineering competence and cyber security hygiene,” which could be exploited in a future cybersecurity attack. In particular:
“HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported to UK operators to inform their risk management and remediation in 2018. Some vulnerabilities identified in previous versions of products continue to exist.”
The report notes that, “If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network” and even “access user traffic or reconfiguration of the network elements.” However, it also said that the security management of UK operators “makes exploitation of vulnerabilities harder.”
The report comes in the wake of intense scrutiny of Huawei’s security practices, which critics fear could be exploited to make networks more vulnerable to state-sponsored hacking attempts. The US is moving to ban the use of Huawei’s equipment in its forthcoming 5G networks, and is reportedly pressuring its allies to do the same. Australia and New Zealand have already banned or blocked the equipment from being used, and Canada is also expected to follow suit.
Source: The Verge