Sky News: GCHQ discovered “nationally significant” vulnerability in Huawei equipment
Thu October, 2020, Age: 4 weeks
A new oversight report has revealed that investigators at the UK’s Huawei Cyber Security Evaluation Center (HSCEC) found a severe national security issue that was withheld from the company. The report explicitly states that investigators “[do] not believe that the defects identified are as a result of Chinese state interference” but are instead the result of “poor software engineering and cyber security processes”. Such vulnerabilities could be exploited by potential attackers, either state or non-state. The report adds that HCSEC “continues to reveal serious and systematic defects in Huawei’s software engineering and cyber security competence” – and warns that despite fixing specific issues when directed to do so, the agency has “no confidence that Huawei will effectively maintain components within its products”. This highlights that the poor quality and weakness of Huawei’s code, which is commonly known in the information security community, poses a national security risk even when there is no malicious intent.