Huawei Criticised for Potentially Compromising UK Infrastructure with Old Third-Party Software
Huawei is using software that will be unsupported from 2020, in hardware that will be used for years to come
Huawei is drawing ire in the UK over its use of third-party software in its products, which will come to end-of-life long before the hardware itself does.
As reported last month, the Oversight Board of the Huawei Cyber Security Evaluation Centre (HCSEC) - a company-funded body that examines and test Huawei products to be used by UK telcos - said that ‘security critical third-party software used in a variety of products' are not ‘subject to sufficient control'.
It added that Huawei hardware contains third-party software, including security-critical components, that will cease long-term support in 2020, even though the Huawei products in question will be in service for much longer.
The Oversight Board is a government organisation that publishes an annual report about HCSEC's work.
A Reuters report says that Huawei buys the software in question from Wind River Systems, based in the USA - where, ironically, the Chinese vendor has also been facing increased scrutinyover security concerns.
Three sources told Reuters that Wind River Systems is responsible for developing the VxWorks operating system, and that it will not receive security updates and patches past 2020. As British telecom operators will still be using the Huawei hardware with VxWorks at that point, their networks could become vulnerable to attack.
The sources did not suggest that the software itself is a security risk - only the upcoming lack of support.
A Wind River spokesperson told Reuters that the company often helps customers to upgrade to newer versions. A Huawei spokesperson said the vendor would address ‘any areas for improvement' that are raised by the British authorities (although the Oversight Board's report does not specifically mention VxWorks).
Huawei supplies equipment to UK telcos including BT and Vodafone.
Source: computing
Latest Jobs
-
- REMOTE Cyber Security Operations Engineer. UK
- United Kingdom
- £65,000
-
CH8196 REMOTE Cyber Security Operations Engineer. UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and SOC 2 controls. You role will touch on the following o Security Monitoring- Threat Analysis, Maturing monitoring capability. Utilising SIEM tools o Vulnerability Management- Identifying threats to internal assets- working with internal teams to patch. § Cloud based vulnerability tool experience preferred. o Access Control Management- Mature policy and process of RBAC. Ideally AWS KMS experience. o Vulnerability Testing- Aiding with Pen test scoping in line with identified vulnerabilities. Working internally to plan and track remediation actions. o Security Incident Management- Triaging alerts, evidence capture, escalation, diagnose and fix. o Working within a Cloud based environment. Ideally AWS. o Security Patch Management Support & Assistance – Approach methods, solutions, and policy alignment. o Disaster Recovery planning o Change Management Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com / 07884666351
-
- Senior Product Developer, Microsoft.NET, Remote working
- Netherlands
- Upto €80,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript
-
- Senior Product Developer, Microsoft.NET, Remote working
- London
- Upto 65,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript
-
- Senior Product Developer, Microsoft.NET, Remote working
- Birmingham
- Upto 65,000 plus benefits
-
Senior Product Developer is required by a rapidly expanding Cybersecurity Consultancy/Software House to help them develop their new SaaS platform The aim is for this person to join and grow within the business to either lead the team or to move into an Architect role Location is Flexible, and can Work from home if you want, Key responsibliliies will be to Design and implement the customer-facing web UI (Angular, Javascript, etc.) Design and implement back-end components, including Database components and APIs, application We are looking for someone with, Microsoft .Net developer experience working with C#, VB.Net and Powershell Experience with SQL Services and T-SQL Experience working with Interfacing Technologies such as REST, XML, Active Directory and LDAP UI Technologies experience based around Javascript