Troubles are mounting for Huawei. First they were caught up in an international trade war between China and the United States that ultimately may cost them use of the Android OS, as well as other popular American apps, such as Facebook, but a new report is saying the popular devices are much more likely to be hacked than that of their competitors.
Huawei Device Vulnerability
Huawei is trying to claw its way through the P.R. messes trying desperately to be sure the public sees that if they trust them and buy a Huawei device, that they’ll do everything they can to make sure everything is okay.
After Google indicated they may not continue to allow them to include their apps and the Android system on their devices to follow the new U.S. government demands, they promised potential customers that they would refund their money if Google and Facebook stopped working.
But while they’re painting a smile on the face of the company, top United States officials are saying cybersecurity experts appear credible after they called out the devices as being vulnerable and said they are more likely to be hacked than other competing devices.
Researchers found that more than half of the nearly 10,000 firmware images that were encoded into more than 500 devices that were tested contained at least one vulnerability that could be exploited.
The percentage of Huawei vulnerabilities was much higher than their competitors. 55 percent of firmware images tested contained at least one vulnerability. Researchers described that as a “potential backdoor.”
These results were submitted recently to U.S. and U.K. government agencies and lawmakers. Administration officials in the U.S. are circulating the results to validate their decision to issue an executive order to not allow U.S. companies to sell technology to Chinese companies.
“This report supports our assessment that since 2009, Huawei has maintained covert access to some of the systems it has installed for international customers,” said a U.S. official who reviewed the report by the Finite State cybersecurity firm.
“Huawei does not disclose this covert access to customers nor local governments. This covert access enables Huawei to record information and modify databases on those local systems.”
The report called out extensive cybersecurity flaws in Huawei devices and a pattern of poor security decisions on the part of engineers. Yet, it does not accuse them of deliberately creating devices with these vulnerabilities and doesn’t address the U.S. claims that the devices could be used for espionage by the Chinese government.
A Huawei official reports specifics of the Finite State report have not been shared with them but that they would welcome the research so that it can improve device security.
“Without any details, we cannot comment on the professionalism and robustness of the analysis,” said the official.
Finite State Chief Executive Matt Wyckhouse, who co-founded the company two years ago, admitted that they did the research pro-bono and not on behalf of the U.S. government. He believes the best way to make lawmakers aware of the vulnerabilities is to make the research publicly available.
Moving Forward
Wyckhouse plans to publish the results this week. “We want 5G to be secure,” he issued, while allowing that the numbers reported of his company’s research of Huawei were the highest “we have ever seen.”
The results back up a 2012 U.S. government review of Huawei security risks. It didn’t find proof that China was using the devices for espionage but believed there were significant security risks.
How does this affect the future of Huawei as a whole? Will this affect their reputation throughout the world and not just the U.S.? Do you have a Huawei device? Are you more concerned after learning of these findings? Let us know your thoughts in the comments below.
