Huawei security slammed by UK government report

(Image credit: Shutterstock)
(Image credit: Shutterstock)

Huawei has been strongly criticised by a UK government-backed report into the security protections of its products.

The report by the National Cybersecurity Centre (NCSC) said that it could only provide "only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK".

However it stopped short of confirming any concrete evidence of surveillance by the company, which unveiled its latest P30 Pro flagship this week, or the Chinese government.

Significant

The report comes from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, an organisation set up by the NCSC back in 2014.

It stated there were "significant technical issues in Huawei's engineering processes" and that the company's approach to software development brings "significantly increased risk to UK operators".

“If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network,” the report said, noting this could allow hackers to “access user traffic or reconfiguration of the network elements.”

Huawei currently supplies several of the top UK operators with 4G and 5G infrastructure, and the report comes a matter of weeks before the UK is set to decide its 5G network spectrum allowance.

The report noted that the current oversight process into Huawei means that any possible risks could for the moment be managed, but added this "can only provide limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks can be sufficiently mitigated long-term".

Huawei has continued to deny any wrongdoing, especially as the company comes under maintained criticism from the US over supposed government-backed spying.

In a statement, a Huawei representative said it understood the concerns over its software engineering capability and took them "very seriously".

It also reaffirmed its pledge to work closely with the NCSC and UK partners to meet their security requirements, and revealed it had invested $2bn to improve its capabilities and a high level plan had been developed.