Huawei faces UK security backlash over legacy US software
Huawei is facing scrutiny in Britain over software components which may one day be weaponized for surveillance.
Featured
On Monday, Reuters reported that the software, developed by US company Wind River Systems, will soon become defunct and unsuitable for security updates.
The software at the heart of the discussion is the VxWorks operating system, a version of which is used by Huawei in product development.
VxWorks is billed as the "industry-leading real-time operating systems (RTOS) for building embedded devices and systems for more than 30 years," which lowers development costs and cuts production cycles.
Unnamed sources speaking to the publication suggest that the version utilized by the smartphone giant is coming to the end of its product life, and by 2020, will no longer receive security updates and patches from Wind River.
It is possible that once the flow of security updates run out, should relevant vulnerabilities or security flaws be uncovered, British telecom networks and consumers could become exposed and vulnerable to compromise, whether through direct cyberattacks or covert surveillance.
A report released earlier this month addressed what UK regulators believe are "shortcomings" with Huawei and the firm's supply chain and network which may become a target for cyberthreats.
CNET: Huawei forecasts 200 million shipments, hopes to take No. 1 spot
While Wind River products were not named, the report said:
"Third-party software, including security critical components, on various component boards will come out of existing long-term support in 2020, even though the Huawei end of life date for the products containing this component is often longer."
However, there is no evidence to suggest that the VxWorks situation is in any way deliberate, or that the security patch problem will not be resolved before the expiry date of the software version utilized by the Chinese smartphone maker.
A Huawei spokesperson told Reuters that any areas of concern raised by UK officials would be addressed, and "cybersecurity remains Huawei's top priority, and we will continue to actively improve our engineering processes and risk management systems."
A Wind River representative added that while unable to comment directly on the case, the company does help customers to migrate to new software versions, which would continue to receive security updates into the future.
The US, alongside Australia, have scrutinized Huawei in the past over the apparent risk to national security associated with implementing the firm's products, including mobile devices and 5G network equipment, on the government level.
TechRepublic: Huawei developing own mobile OS in case it gets banned from using Android
The US Federal Communications Commission (FCC) suggested earlier this year that funding should not be awarded to "suppliers that pose a national security threat to the integrity of communications networks or the communications supply chain."
Huawei, alongside and Chinese rival ZTE, were both directly mentioned.
See also: Huawei half-year revenue climbs to $48 billion
Huawei has constantly refuted such allegations, and claimed that in the US market, the company's position has been "artificially restricted by unfounded allegations and suspicions based solely on misperceptions about Huawei's relationship with the government of China."
This is not the first time that a Chinese company has come under fire over surveillance and national security.
In April, ZTE was issued a seven-year ban from purchasing US components following a criminal investigation into illegal exports.
The move effectively destroyed ZTE's business and the company said it was ceasing "major operating activities." However, in a surprising move considering trade tensions between the US and China, President Trump stepped in to roll back the ban.