Huawei UK security concerns arise from aging software

The UK government’s security concerns about Huawei telecoms equipment result from the ongoing use of aging software, insiders have claimed.

A report published last month by the Banbury-based Huawei Cyber Security Evaluation Centre (HCSEC), a specialist unit formed in 2010 to monitor the use of the equipment in the UK’s network infrastructure, could only offer “limited assurance” that Huawei kit was safe to use.

Several countries, most notably the US, have effectively frozen Huawei out of the market due to fears about links between the company and the Chinese government. However, several British telcos are Huawei customers and the firm has pledged to spend billions in the UK.

For its part, Huawei has continually denied such allegations.

Huawei UK

The HCSEC report said there had been a lack of progress in resolving previous concerns, while a visit to Huawei facilities in Shenzhen had identified a lack of scrutiny with third party components.

Reuters now says the continued use of an older version of Wind River’s VxWorks operating system is one of the causes of these concerns. The version used by Huawei will stop receiving security updates in 2020 even though some of it is powering equipment in UK telecoms networks.

There is no suggestion that this is deliberate, nor is there any evidence that Wind River’s software is insecure. The company offers several ways to migrate to newer versions of VxWorks.

Huawei did not comment on the specific claims but told TechRadar Pro it was committed to addressing the concerns raised by the HCSEC last month.

“The HCSEC model is unique; it is considered to deliver world class network integrity assurance through ongoing risk management, and underlines the strong partnership between Huawei, the UK Government and operators, based on openness and transparency,” said a spokesperson.

“Cyber security remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems.”

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media. 

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does