The research, published on June 26 by cybersecurity firm Finite State, analyzed around 10,000 firmware images supporting over 550 devices within Huawei’s enterprise network product lines, and found 55 percent of them to contain at least one potential backdoor. Firmware is software that allows hardware to run in a computer.
Such potential backdoors could allow Huawei or a malicious attacker to hack into the gear, the report said.
It concluded that “Huawei devices quantitatively pose a high risk to their users.”
“In virtually all categories we examined, Huawei devices were found to be less secure than those from other vendors making similar devices,” the report added.
On average there were 102 known vulnerabilities in each Huawei device tested, the study said, adding that the highest number of vulnerabilities detected in one firmware was 1,419.
The report also said Huawei engineers “systematically” made poor security decisions in the devices tested.
“This overall weak security posture is concerning and obviously increases the security risks associated with use of Huawei devices.”
The report did not consider whether the security flaws were intentionally or accidentally introduced.
“Huawei does not disclose this covert access to customers nor local governments. This covert access enables Huawei to record information and modify databases on those local systems,” the official added.
Wyckhouse said that the finding was “particularly concerning given Huawei’s dominance on the eve of 5G implementation,” and suggested that governments rolling out 5G networks take these risks into account.
“Fundamentally, policymakers should be making data-driven decisions about which risks they are, and are not, willing to take,” he said.
Global Pushback
The findings add to the growing security concerns held by Western officials, lawmakers, and experts, who say that Huawei’s equipment could be sued for espionage or to disrupt communication networks.The company, the world’s dominant supplier of 5G network equipment, has been banned or restricted from supplying technology for the 5G networks in the United States, Australia, New Zealand, and Japan.
In May, the U.S. administration put the telecom provider and 69 of its subsidiaries on a trade blacklist on security grounds, effectively banning it from doing business with U.S. firms.
Meanwhile, the company is also fighting two federal indictments in the United States. In the first case, the Justice Department accuses Huawei of stealing trade secrets from U.S. mobile provider T-Mobile, while the second indictment charges the company in relation to violations of U.S. sanctions against Iran.
The report added that the watchdog no longer had confidence in Huawei’s ability to address these “underlying defects,” despite the company’s pledge to spend more than $2 billion fixing them.
A British cybersecurity official recently said that Huawei’s security is “shoddy” and “objectively worse” compared to its international rivals.
In a June 25 conference in London, Woody Johnson, the U.S. ambassador to the U.K., warned Britain against allowing Huawei to build its 5G network.
Friends Read Free