SoylentNews is people
SoylentNews
from the deep-seated-insecurities-and-paranoia dept.
Huawei's equipment poses 'significant' security risks, UK says:
The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks.
In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators."
The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing.
In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
"The issues identified in the OB (oversight board) report provide vital input for the ongoing transformation of our software engineering capabilities," a Huawei spokesperson said.
Other links:
Huawei Equipment Has Major Security Flaws, U.K. Says
Huawei's Perception Problem Deepens as U.K. Spies Identify Security Risks
So don't buy Huawei telecom equipment. Buy only US made telecom equipment. Because the NSA would never put bugs in for spying.
(Score: 2, Interesting) by Anonymous Coward on Friday March 29 2019, @12:17PM
Huawei's are more public I'd say.
I'm subscribed to Cisco's security notifications for their various products, since I maintain a number of them in local government estates here in the UK, and the security notices from Cisco are frequent. The usual privilege escalations, buffer overflows, not checking input correctly etc., spanning across a wide range of products from networking gear to telephony to software-based management platforms. To be fair, a lot of the alerts are due to bugs in upstream open-source products where they re-use code. But there are still massive failures in their own code, such as 2 years ago, their ASA firewall software had a remote exploit which allowed an unauthenticated untrusted attacker to gain the equivalent of root from over the Internet. Not something you want in a firewall product connected directly to the Internet with a public routable IP address. But it's not just Cisco, I'm pretty sure Juniper's also had an equally severe issue in their firewalls as well.
So no, I wouldn't necessarily say Huawei is worse, just the "normal" level of software quality of what we're currently seeing in the market from various big name vendors (I include Microsoft in this list).
Interestingly, we've actually been in discussions with Huawei for various network-related projects recently, and one of the selling points they were touting was that if there's a new missing technical feature we want in their product e.g. some obscure multicast behaviour, they can get the dev resources onto it and have a turn-around of days to implement the feature, if not next day. On one hand this speaks something about their dev resources available; on the other hand, it doesn't paint a good picture of their testing processes or potential code quality behind what they're churning out. I guess the latter agrees with the reports.