China’s Huawei Technologies Co (華為) is facing increased scrutiny in Britain because it is using an aging software component sold by a firm based in the US, one of the countries where lawmakers allege its equipment could facilitate Chinese spying, sources told Reuters.
A report last month by a British government oversight board charged with analyzing Huawei equipment said it had found technical and supply chain “shortcomings” that exposed the country’s telecoms networks to new security risks.
One of those is due to Huawei’s use of the VxWorks operating system, which is made by California-based Wind River Systems Inc, said three people with knowledge of the matter, all of whom spoke on condition of anonymity.
The version of VxWorks being used by Huawei is to stop receiving security patches and updates from Wind River in 2020, even though some of the products it is embedded in are to remain in service, potentially leaving British telecoms networks vulnerable to attack, the sources said.
“Third-party software, including security critical components, on various component boards will come out of existing long-term support in 2020, even though the Huawei end-of-life date for the products containing this component is often longer,” said the July report, which did not name VxWorks.
All three sources said there is no indication that the VxWorks mismatch was deliberate. There is also no suggestion that the software itself represents a security risk.
Reuters was not able to establish which Huawei products were involved or what steps the Chinese company was taking to address the issue.
A Wind River Systems spokeswoman said she was unable to comment on Huawei, but added that the company often helped customers upgrade to newer software versions.
“Wind River offers migration routes and paths for its customers, which should be pretty well-known and understood in the industry,” she said.
A Huawei spokesman declined to comment on specific issues in the report, but said the company would address any areas for improvement that were raised by British authorities.
“Cybersecurity remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems,” he said.
While the US and Australia have moved to restrict the use of its gear due to security concerns, Huawei has been deepening ties with Britain, supplying broadband equipment to its largest telecoms provider, BT Group PLC, and mobile networks for wireless giant Vodafone Group PLC.
Consultant Edward Amoroso, a former chief security officer at AT&T Inc, said Huawei’s experience in Britain showed the challenges of securing international supply chains.
Although no one should dismiss Huawei as a supplier solely because of its geographical location, reliance on software that is going out of support is a legitimate concern, Amoroso said.
“I don’t care if it’s from China, Indiana or the moon, it speaks badly for them,” he added.
The globalized nature of the technology industry has come under increasing scrutiny as countries seek to limit the use of equipment from nations they regard as adversaries.
In the US, the Pentagon is working on a “do not buy” list to block vendors that use software code originating from Russia and China, but in the UK, London says it effectively addresses any security issues presented by the use of Huawei products as part of Britain’s critical national infrastructure by having the equipment reviewed by staff at a special company laboratory.
This is overseen by British government and intelligence officials who report annually on its work.
In addition to the issue with VxWorks, this year’s report also cited technical issues that limited security researchers’ ability to check internal product code.
Many in the cybersecurity industry say efforts to bar equipment or software on grounds of nationality are futile, because of the deeply inter-dependent nature of the global technology business.
“There’s a real dilemma for policymakers, for politicians,” said Robert Hannigan, executive chairman for Europe at cybersecurity services firm BlueVoyant and former director of Britain’s Government Communications Headquarters spy agency. “How do we find a way of taking advantage of foreign technology in a way that we don’t think compromises our security?”
‘BIG LOSS’: This year might see the last generation of Huawei’s Kirin chips, as their production would stop next month because they are made using US technology Chinese tech giant Huawei Technologies Co (華為) is running out of processor chips to make smartphones due to US sanctions and would be forced to stop production of its own most advanced chips, a company executive has said, in a sign of growing damage to Huawei’s business from US pressure. Huawei, one of the biggest producers of smartphones and network equipment, is at the center of US-Chinese tension over technology and security. Washington last year cut off Huawei’s access to US components and technology, and those penalties were tightened in May, when the White House barred vendors worldwide from using US
’WHITE BOX’: The open platform would give local firms access to Cisco’s cloud-based mobile network to develop 5G telecom equipment and tap into the global market The Ministry of Economic Affairs (MOEA) yesterday introduced a new 5G “open lab” in collaboration with US-based information technology and networking giant Cisco Systems Inc to address the rapidly growing “white box” 5G networking equipment market. The open lab will be a platform where Taiwanese manufacturers can access Cisco’s cloud-based mobile network to develop their own 5G telecom equipment, such as small-cell base stations, network switches, modems and Internet of things (IoT) devices, a ministry statement said. The open platform would allow Taiwanese manufacturers to tap into the lucrative 5G telecom equipment market, which was previously monopolized by Nokia Oyj, Ericsson AB
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday reported that revenue last month expanded 25 percent annually, but fell 12.8 percent month-on-month to NT$105.96 billion (US$3.59 billion). In the first seven months of this year, the chipmaker’s revenue surged 33.6 percent to NT$727.26 billion, compared with NT$544.46 billion a year earlier. TSMC has said it aims to grow its revenue by more than 20 percent this year. The company has since May 15 stopped taking new orders from Huawei Technologies Co (華為), its second-biggest customer after Apple Inc, due to the US’ restrictions on exports containing US technologies. TSMC has no plans to
CORPORATE SCANDAL: Cathay Life has invested NT$13.3 billion in Bank Mayapada since 2015, but the latest loss of NT$8.8 billion has completely written off its investment Cathay Life Insurance Co (國泰人壽) yesterday said it would recognize an investment loss of NT$8.8 billion (US$298.1 million) in Indonesia’s Bank Mayapada Internasional Tbk PT due to concerns about the lender’s operations amid a corporate scandal. The company said it would revise its earnings result for June, from a net profit of NT$6.52 billion to a net loss of NT$520 million, its first monthly loss over the past 17 months. After booking an investment loss of NT$5.2 billion in Bank Mayapada earlier this year, Cathay Life has so far recognized total investment losses of NT$14 billion in the lender, executive vice president