China’s Huawei Technologies Co (華為) is facing increased scrutiny in Britain because it is using an aging software component sold by a firm based in the US, one of the countries where lawmakers allege its equipment could facilitate Chinese spying, sources told Reuters.
A report last month by a British government oversight board charged with analyzing Huawei equipment said it had found technical and supply chain “shortcomings” that exposed the country’s telecoms networks to new security risks.
One of those is due to Huawei’s use of the VxWorks operating system, which is made by California-based Wind River Systems Inc, said three people with knowledge of the matter, all of whom spoke on condition of anonymity.
The version of VxWorks being used by Huawei is to stop receiving security patches and updates from Wind River in 2020, even though some of the products it is embedded in are to remain in service, potentially leaving British telecoms networks vulnerable to attack, the sources said.
“Third-party software, including security critical components, on various component boards will come out of existing long-term support in 2020, even though the Huawei end-of-life date for the products containing this component is often longer,” said the July report, which did not name VxWorks.
All three sources said there is no indication that the VxWorks mismatch was deliberate. There is also no suggestion that the software itself represents a security risk.
Reuters was not able to establish which Huawei products were involved or what steps the Chinese company was taking to address the issue.
A Wind River Systems spokeswoman said she was unable to comment on Huawei, but added that the company often helped customers upgrade to newer software versions.
“Wind River offers migration routes and paths for its customers, which should be pretty well-known and understood in the industry,” she said.
A Huawei spokesman declined to comment on specific issues in the report, but said the company would address any areas for improvement that were raised by British authorities.
“Cybersecurity remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems,” he said.
While the US and Australia have moved to restrict the use of its gear due to security concerns, Huawei has been deepening ties with Britain, supplying broadband equipment to its largest telecoms provider, BT Group PLC, and mobile networks for wireless giant Vodafone Group PLC.
Consultant Edward Amoroso, a former chief security officer at AT&T Inc, said Huawei’s experience in Britain showed the challenges of securing international supply chains.
Although no one should dismiss Huawei as a supplier solely because of its geographical location, reliance on software that is going out of support is a legitimate concern, Amoroso said.
“I don’t care if it’s from China, Indiana or the moon, it speaks badly for them,” he added.
The globalized nature of the technology industry has come under increasing scrutiny as countries seek to limit the use of equipment from nations they regard as adversaries.
In the US, the Pentagon is working on a “do not buy” list to block vendors that use software code originating from Russia and China, but in the UK, London says it effectively addresses any security issues presented by the use of Huawei products as part of Britain’s critical national infrastructure by having the equipment reviewed by staff at a special company laboratory.
This is overseen by British government and intelligence officials who report annually on its work.
In addition to the issue with VxWorks, this year’s report also cited technical issues that limited security researchers’ ability to check internal product code.
Many in the cybersecurity industry say efforts to bar equipment or software on grounds of nationality are futile, because of the deeply inter-dependent nature of the global technology business.
“There’s a real dilemma for policymakers, for politicians,” said Robert Hannigan, executive chairman for Europe at cybersecurity services firm BlueVoyant and former director of Britain’s Government Communications Headquarters spy agency. “How do we find a way of taking advantage of foreign technology in a way that we don’t think compromises our security?”
Among the rows of vibrators, rubber torsos and leather harnesses at a Chinese sex toys exhibition in Shanghai this weekend, the beginnings of an artificial intelligence (AI)-driven shift in the industry quietly pulsed. China manufactures about 70 percent of the world’s sex toys, most of it the “hardware” on display at the fair — whether that be technicolor tentacled dildos or hyper-realistic personalized silicone dolls. Yet smart toys have been rising in popularity for some time. Many major European and US brands already offer tech-enhanced products that can enable long-distance love, monitor well-being and even bring people one step closer to
TRANSFORMATION: Taiwan is now home to the largest Google hardware research and development center outside of the US, thanks to the nation’s economic policies President Tsai Ing-wen (蔡英文) yesterday attended an event marking the opening of Google’s second hardware research and development (R&D) office in Taiwan, which was held at New Taipei City’s Banciao District (板橋). This signals Taiwan’s transformation into the world’s largest Google hardware research and development center outside of the US, validating the nation’s economic policy in the past eight years, she said. The “five plus two” innovative industries policy, “six core strategic industries” initiative and infrastructure projects have grown the national industry and established resilient supply chains that withstood the COVID-19 pandemic, Tsai said. Taiwan has improved investment conditions of the domestic economy
Malaysia’s leader yesterday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation’s role in the global chip industry. A prominent player in the semiconductor industry for decades, Malaysia accounts for an estimated 13 percent of global back-end manufacturing, according to German tech giant Bosch. Now it wants to go beyond production and emerge as a chip design powerhouse too, Malaysian Prime Minister Anwar Ibrahim said. “I am pleased to announce the largest IC (integrated circuit) Design Park in Southeast Asia, that will house world-class anchor tenants and collaborate with global companies such as Arm [Holdings PLC],”
MAJOR BENEFICIARY: The company benefits from TSMC’s advanced packaging scarcity, given robust demand for Nvidia AI chips, analysts said ASE Technology Holding Co (ASE, 日月光投控), the world’s biggest chip packaging and testing service provider, yesterday said it is raising its equipment capital expenditure budget by 10 percent this year to expand leading-edge and advanced packing and testing capacity amid strong artificial intelligence (AI) and high-performance computing chip demand. This is on top of the 40 to 50 percent annual increase in its capital spending budget to more than the US$1.7 billion to announced in February. About half of the equipment capital expenditure would be spent on leading-edge and advanced packaging and testing technology, the company said. ASE is considered by analysts