Why it matters: Huawei may be able to produce enticing hardware at lower costs than other smartphone makers, but its security practices leave a little to be desired. After reading through the UK's annual report on Huawei's abilities to fix flaws, there is little reason to expect secure hardware from the company any time soon.
An investigation into Huawei's security on networking products performed by UK officials with ties to GCHQ has revealed a bevy of problems. Known issues have not been fixed, leaving opportunity for third-party surveillance to occur on critical infrastructure.
The Britain-based Huawei Cyber Security Evaluation Centre's annual report declares that no progress has been made to address issues found last year in 2018. There are inherent "defects in Huawei's software engineering and cyber security processes," according to one of the findings. In spite of the latest discoveries, the EU still has not committed to banning Huawei's hardware from 5G networks.
Perhaps the most damning evidence of all is that the oversight committee that assembled the report clearly elicits that long term security is not a guarantee when working with Huawei. The Oversight Board offered a "limited assurance" that Huawei's products will even be able to be secured when looking ahead into the future.
Ironically, Huawei does receive some praise for being good at reverse engineering issues to find their root causes despite having a horrendously unorganized product development process.
In addition to the UK's very poor outlook on Huawei's security practices, the report also reveals just how vulnerable existing networks truly are. Several hundred vulnerabilities were reported in 2018 alone to network operators. Finding more than one security flaw every single day is not very confidence instilling. Although the report is focused on European networks, it is unlikely that any other LTE networks around the world are really that much better.
