U.K. says Huawei equipment has major security flaws

U.K. officials argue that Huawei has not addressed security concerns in its products and has failed to implement a companywide cybersecurity overhaul it promised in 2012. 

In the U.K. government’s Huawei cybersecurity evaluation center (HCSEC) oversight board’s annual report (PDF), the watchdog group said it “has continued to identify concerning issues in Huawei’s approach to software development, bringing significantly increased risk to UK operators, which requires ongoing management and mitigation.” 

The HCSEC was launched in 2010 as part of an agreement between Huawei and the British government to mitigate the “perceived risks” Huawei’s equipment might play in the U.K.’s critical national infrastructure. The HCSEC oversight board was later established in 2014, and has released five annual reports to date on Huawei security. 

RELATED: European Commission weighs in on 5G security 

The U.K. government has been vocally concerned about Huawei’s security practices for at least two years now. Following the HCSEC’s report from 2018, which found a number of security flaws in Huawei’s products, Huawei pledged to spend $2 billion on a security overhaul, but U.K. officials reportedly walked out of the meeting. 

The latest report found that despite numerous security concerns identified in the 2018 report, Huawei has made “no material progress” in addressing those issues. It also stated that it “has not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation program that it has proposed as a means of addressing these underlying defects.” 

The report pointed to a 2012 white paper Huawei released on cybersecurity and noted that none of the promised remediations laid out in that paper have come to fruition yet. 

Finally, the report notes that the board cannot “appropriately risk-manage future products” in U.K. deployments until Huawei addresses what HCSEC calls “defects in Huawei’s software engineering and cybersecurity processes.”

RELATED: Huawei files suit against U.S. as dispute around equipment intensifies 

The U.K. government is considering banning Huawei equipment from 5G deployments amid rising concerns globally over Huawei’s security. The U.S. government has led the charge against Huawei, lobbying its allies to ban the equipment maker in light of concerns that Huawei could possibly allow the Chinese government backdoor access to critical infrastructure. 

The U.K. government has said it hasn’t found any proof of espionage. Operators O2 and Three are currently testing 5G network equipment with Huawei, while Vodafone has said it will pause 5G tests with Huawei until further notice. Wireless carrier EE and its parent company BT have barred Huawei products from 5G deployments.