Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

The Huawei logo is pictured inside the Ox Horn campus at Songshan Lake, in Dongguan, Guangdong province, China, on March 25, 2019.

Tyrone Siu/Reuters

Britain publicly chastised China’s Huawei Technologies Co. for failing to fix long-standing security flaws in its mobile network equipment and revealed new “significant technical issues,” increasing pressure on the company as it battles Western allegations that Beijing could use its gear for spying.

In a report published on Thursday, the government-led board that oversees vetting of Huawei gear in Britain said continued problems with the company’s software development had brought “significantly increased risk to U.K. operators.”

The board – which includes officials from Britain’s GCHQ intelligence agency – said in the report that the company had made “no material progress” addressing security flaws and it didn’t have confidence in Huawei’s capacity to deliver on proposed measures to address “underlying defects.”

Story continues below advertisement

The unusually direct criticism is a fresh blow to the world’s largest maker of mobile network equipment, which has been under intense scrutiny in recent months.

Officials in the United States and elsewhere have been increasingly public in voicing concerns that Huawei’s equipment could be used by Beijing for spying or sabotage, particularly as operators move to next generation mobile networks, known as 5G.

Shenzhen-based Huawei said in a statement it took the oversight board’s concerns “very seriously” and that the issues identified in the report “provide vital input for the ongoing transformation of our software engineering capabilities.”

David Wang, Huawei executive director for research and development spending, said the hardware and software were “very complicated systems” and were subject to human error. He said Huawei was committed to improving its software engineering but changing processes, culture and staffing would be “a very difficult and painful process” that would take time.

Huawei pledged last year to spend more than US$2-billion as part of efforts to address problems previously identified by Britain, but has also warned it could take up to five years to see results.

British security officials previously said they believed any risks posed by Huawei could be managed.

In the report, the government-led board said: “These findings are about basic engineering competence and cybersecurity hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors.”

Story continues below advertisement

It said Britain’s National Cyber Security Centre “does not believe that the defects identified are a result of state interference.”

The work of the oversight board and its findings will help inform future government policy on network security, officials say, but the final decision lies with ministers.

British officials now need to see evidence of significant change, the report said, adding that Huawei had failed to follow through on security commitments made as far back as 2012.

“The evidence of sustained change is especially important as similar strongly worded commitments from Huawei in the past have not brought about any discernible improvements,” it said.

The 40-plus-page report identified several new technical issues with Huawei equipment and revealed that the problems were greater than previously publicly acknowledged. This included concerns related to a product called eNodeB, which provides a connection between the network and a user’s mobile phone.

According to the report, the oversight board looked at updated versions of software that were intended to incorporate security improvements but found “the general software engineering and cybersecurity quality of the product continues to demonstrate a significant number of major defects.”

Story continues below advertisement

The report also said the lab had reported to British operators “several hundred vulnerabilities and issues” during 2018.

The board said the problems revealed “serious and systematic defects in Huawei’s software engineering and cybersecurity competence”.

As a result, the board said it could still only provide limited assurances that the security risks posed by Huawei equipment could be managed long term.

“The oversight board advises that it will be difficult to appropriately risk manage future products in the context of U.K. deployments, until the underlying defects in Huawei’s software engineering and cybersecurity processes are remediated,” it added.

The board first downgraded its level of assurance in its last report, published in July, 2018. In addition to top British government officials, the board includes senior representatives from British telecom operators and Huawei executives.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies