CNET también está disponible en español.

Ir a español

Don't show this again

Internet Services

Huawei faces cybersecurity questions after UK finds 'shortcomings'

The Chinese company's use of aging US software may expose the UK's telecoms to hacking.

Daily life in Bucharest

Huawei's choice of software for products used in UK's telecoms raised concerns.

NurPhoto

The UK is reportedly concerned that technical "shortcomings" in Huawei equipment might leave the country's telecoms networks vulnerable to cyberattack.

An oversight board that analyzes the Chinese telecom's products used in British infrastructure highlighted potential security problems with the VxWorks operating system, according to Reuters.

The version of VxWorks that Huawei is using will stop getting security patches and updates from Wind River in 2020. Some telecoms products it is used in will still be in use, leaving them open to hacking or surveillance, sources told the news gathering service.

VxWorks, made by the California-based Wind River, is touted as the "industry-leading real-time operating systems (RTOS) for building embedded devices and systems for more than 30 years," which lowers development costs and cuts production cycles, our sister site ZDNet notes.

'We cannot comment on specific issues, but Huawei is committed to addressing any areas for improvement in our engineering processes identified by the Oversight Board," a Huawei spokesperson said in a statement.

"The HCSEC model is unique; it is considered to deliver world class network integrity assurance through ongoing risk management, and underlines the strong partnership between Huawei, the UK Government and operators, based on openness and transparency. Cyber security remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems."

Wind River noted that it's "very common" for systems running their tech to be used in critical infrastructure for more than a decade.

"Wind River offers several options to provide customers support and maintenance past the normal commercial software lifecycle to ensure they can maintain the operational, safety, and security integrity of the systems," a company spokesperson said.

"Customer options include long term support and long term maintenance programs, including long term security services to ensure systems are kept current with the latest security patches."

It also pointed out the differences between software developed for infrastructure and the IT space in a blog post.

Huawei forecasted 200 million shipments for its phones on Friday, and hopes to see that side of its business overtake Samsung to become the world's largest phone vendor by the end of 2019.

It has targeted the Chinese and European markets due to fraught relationships with the US and Australian governments.

Earlier in 2018, the US Federal Communications Commission (FCC) recommended that funding not be awarded to "suppliers that pose a national security threat to the integrity of communications networks or the communications supply chain" -- specifically mentioning Huawei and its Chinese rival ZTE.

In February, US intelligence officials advised Americans not to purchase Huawei products, for fear that they're being used to spy for the Chinese government. Carriers following suit -- AT&T ended a plan to sell Huawei's Mate 10 Pro, and Verizon reportedly did the same.

In June, Huawei was revealed to be the biggest corporate sponsor of overseas travel for Australia's politicians, an analysis said, despite the company's efforts to assure the country's government that it wasn't a security threat.

First published, Aug. 6 at 3:51 a.m. PT.
Update, 4:07 a.m. PT: Adds Huawei comment.
Latest update, Aug. 8 at 1:58 a.m. PT: Adds Wind River comment.

Now playing: Watch this: Best Buy to drop Huawei phones
1:25

Australia to ban Huawei from 5G rollout: The ban came amid security concerns.

Don't use phones from Huawei or ZTE: That's advice from the director of the FBI.