China’s Huawei faces more security scrutiny in UK

China’s Huawei is facing more scrutiny in UK because it is using an aging VxWorks operating system made by US-based Wind River Systems due to fear that its telecom equipment may facilitate Chinese spying, Reuters reported.
Huawei booth in MWC 2018Earlier, a report by a British government oversight board charged with analyzing Huawei equipment said it had found technical and supply chain shortcomings which exposed the UK’s telecoms networks to new security risks.

The VxWorks OS being used by Huawei will stop receiving security patches and updates from Wind River in 2020, though some of the products it is embedded in will still be in service, potentially leaving British telecom operators’ networks vulnerable to attack.

“Third party software, including security critical components, on various component boards will come out of existing long-term support in 2020, though the Huawei end of life date for the products containing this component is often longer,” the July report, which did not name VxWorks, said.

US and Australian lawmakers have said Huawei’s products can be used to facilitate Chinese espionage operations. The world’s biggest producer of telecoms equipment has repeatedly denied such allegations.

There is also no suggestion that the software itself represents a security risk, the Reuters report said on Sunday.

A spokeswoman for Wind River Systems said she was unable to comment on Huawei, but said the company often helped customers upgrade to newer software versions. “Wind River offers migration routes and paths for its customers, which should be pretty well known and understood in the industry,” she said.

A Huawei spokesman said the company would address any areas for improvement which were raised by British authorities.

“Cyber security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems,” he said.

US and Australia have already moved to restrict the use of its gear due to security concerns.

US is trying to reduce its exposure to some telecom equipment makers for its USOF-funded mobile projects. Australia may ban Huawei from supplying 5G mobile equipments to Optus, Vodafone, among others.

Huawei is already supplying equipment to BT Group and Vodafone Group, two leading telecom operators in UK.

The Pentagon is working on a “do not buy” list to block equipment vendors who use software code originating from Russia and China. Moscow has problems implementing a data storage law without relying on foreign technology.

By contrast, London says it effectively addresses any security issues presented by the use of Huawei products as part of Britain’s critical national infrastructure by having the equipment reviewed by staff at a special company laboratory.

This is overseen by British government and intelligence officials who report annually on its work. In addition to the issue with VxWorks, the report cited technical issues which limited security researchers’ ability to check internal product code.