Mon, Aug 06, 2018 - Page 16 News List

Huawei in UK spotlight over aging software


China’s Huawei Technologies Co (華為) is facing increased scrutiny in Britain because it is using an aging software component sold by a firm based in the US, one of the countries where lawmakers allege its equipment could facilitate Chinese spying, sources told Reuters.

A report last month by a British government oversight board charged with analyzing Huawei equipment said it had found technical and supply chain “shortcomings” that exposed the country’s telecoms networks to new security risks.

One of those is due to Huawei’s use of the VxWorks operating system, which is made by California-based Wind River Systems Inc, said three people with knowledge of the matter, all of whom spoke on condition of anonymity.

The version of VxWorks being used by Huawei is to stop receiving security patches and updates from Wind River in 2020, even though some of the products it is embedded in are to remain in service, potentially leaving British telecoms networks vulnerable to attack, the sources said.

“Third-party software, including security critical components, on various component boards will come out of existing long-term support in 2020, even though the Huawei end-of-life date for the products containing this component is often longer,” said the July report, which did not name VxWorks.

All three sources said there is no indication that the VxWorks mismatch was deliberate. There is also no suggestion that the software itself represents a security risk.

Reuters was not able to establish which Huawei products were involved or what steps the Chinese company was taking to address the issue.

A Wind River Systems spokeswoman said she was unable to comment on Huawei, but added that the company often helped customers upgrade to newer software versions.

“Wind River offers migration routes and paths for its customers, which should be pretty well-known and understood in the industry,” she said.

A Huawei spokesman declined to comment on specific issues in the report, but said the company would address any areas for improvement that were raised by British authorities.

“Cybersecurity remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems,” he said.

While the US and Australia have moved to restrict the use of its gear due to security concerns, Huawei has been deepening ties with Britain, supplying broadband equipment to its largest telecoms provider, BT Group PLC, and mobile networks for wireless giant Vodafone Group PLC.

Consultant Edward Amoroso, a former chief security officer at AT&T Inc, said Huawei’s experience in Britain showed the challenges of securing international supply chains.

Although no one should dismiss Huawei as a supplier solely because of its geographical location, reliance on software that is going out of support is a legitimate concern, Amoroso said.

“I don’t care if it’s from China, Indiana or the moon, it speaks badly for them,” he added.

The globalized nature of the technology industry has come under increasing scrutiny as countries seek to limit the use of equipment from nations they regard as adversaries.

In the US, the Pentagon is working on a “do not buy” list to block vendors that use software code originating from Russia and China, but in the UK, London says it effectively addresses any security issues presented by the use of Huawei products as part of Britain’s critical national infrastructure by having the equipment reviewed by staff at a special company laboratory.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top