UK Officials Find Serious Security Flaws in Huawei Equipment

March 28, 2019, 3:54 PM UTC

Huawei Technologies Co. has not addressed security flaws in its products, or committed to fixing them, concludes a report by a United Kingdom panel published Thursday.

British officials said the evaluation found “serious and systematic defects in Huawei’s software engineering and cyber security competence.”

The report was written by the UK’s Huawei Cyber Security Centre Oversight Board as part of an annual review of Huawei products used in British telecom networks.

The rebuke of Huawei follows U.S. lawmakers in 2012 banning telecom firms from buying Huawei equipment, after a congressional report labeled the Chinese company a national security threat.

The U.S. recently launched a campaign to shun Huawei worldwide, on the basis that Chinese officials could manipulate security flaws, and order the company to engage in espionage. Last fall, U.S. officials reached out to foreign government officials and telecommunications executives, including in Germany, Italy and Japan, and urged them to blacklist the company.

U.K. officials in the new report say Huawei hasn’t taken the necessary steps to address security concerns. The oversight board wrote it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects.”

A Huawei spokesperson told the Wall Street Journal the company is taking security concerns seriously. Huawei committed $2 billion to fix its security flaws over five years, and the spokesperson reiterated the company is committed to that project. “A high-level plan for the program has been developed and we will continue to work with U.K. operators,” they said.

Nonetheless, the UK report is a damning assessment of the company’s practices, which could subject Huawei to even more international examination.

Strongly worded commitments from Huawei in the past haven’t brought about any discernible improvements,” officials wrote. The company did not follow through on its 2012 promises, leaving British officials to question whether Huawei will commit to improving its cybersecurity competence, according to the report.

The report did not call for an outright ban on the products, but EU member states have the individual right to exclude Huawei products from their markets over national security concerns.