
Huawei must raise 'shoddy' standards, says senior UK cybersecurity official - scandox
https://www.theguardian.com/technology/2019/jun/07/huawei-must-raise-shoddy-standards-gchq-senior-uk-cybersecurity-official
======
adrianN
I hear of hardcoded passwords in Cisco products at least once a month. Is
Huawei really below that standard?

~~~
bobx11
The security researcher in the article says: “”” Asked about how Huawei
compares with its competitors, Levy said: “Certainly nothing is perfect,
certainly Huawei is shoddy, the others are less shoddy.” “””

So, apparently from that person’s viewpoint, yes.

~~~
adrianN
I also read the article, but I wanted to know whether I should trust that
security researcher since I can hardly imagine worse practices than those
leading repeatedly to logins with hardcoded passwords (aka backdoors).

------
pbhjpbhj
How about "UK companies should be more picky about buying products with high-
security standards". All the UK ISPs appear to use Huawei stuff, they chose
it, there seems to be quite a range of choices. Clearly if the ISPs are
choosing the worst security products they should get some of the blame,
they're supposedly experts too, it's not like selling to consumers who you
can't expect to know better.

Dr Ian Levy, quoted in the OP, was interviewed recently by BBC Click,
[https://youtu.be/yCzNHi9TBCQ?t=921](https://youtu.be/yCzNHi9TBCQ?t=921).

Presenter {in summary, 16m44s}: "So, according to GCHQ the threat of spying
that we've heard so much about recently is, overblown, but there is another
threat ..."

At 21m06 onwards the presenter, Kelly, talks about the report with Levy.

Levy, GCHQ: "We don't believe the things we are reporting on are Chinese state
malfeasance ... they're just poor engineering"

~~~
dangerface
> Levy, GCHQ: "We don't believe the things we are reporting on are Chinese
> state malfeasance ... they're just poor engineering"

The first time GCHQ tells the public about poor engineering. What an amazing
coincidence.

~~~
pbhjpbhj
I don't get you, they're responding to the USA contention that Huawei is
effectively an agent of Chinese security services - the reason they've not
published on it before is probably because they're not a watchdog for code
quality in telecoms businesses.

I guess if some country tells us not to use Microsoft because they spy for USA
then GCHQ would tell us about their incompetence too. And maybe actual spying?
(Backdoors in 'secure boot' or Exchange server, or whatever).

~~~
dangerface
> I guess if some country tells us not to use Microsoft because they spy for
> USA then GCHQ would tell us about their incompetence too. And maybe actual
> spying?

Right this is their job and this is the first time they have done it, whats
not to get?

------
wicket
This article, like others before it, doesn't give any technical information.
I'm still waiting to see a published report detailing the extent of the
"shoddy standards" or backdoors in Huawei devices.

Some years ago, a technical report was published about backdoors found in
Samsung Galaxy devices [1], yet Samsung devices are still sold all over the
world today.

[1]
[https://redmine.replicant.us/projects/replicant/wiki/Samsung...](https://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor)

~~~
yorwba
> I'm still waiting to see a published report detailing the extent of the
> "shoddy standards"

This one? [https://www.gov.uk/government/publications/huawei-cyber-
secu...](https://www.gov.uk/government/publications/huawei-cyber-security-
evaluation-centre-oversight-board-annual-report-2019)

~~~
wicket
Thanks. This is closer to what I was looking for but it still lacks technical
information like what hardware contains backdoors and how those backdoors are
being accessed.

------
rurban
From my point of view Huawei is in the top-league security wise, with all
British firms and most US firms clearly behind.

~~~
secfirstmd
Reasoning behind that?

~~~
gautamdivgi
Maybe the chinese don't want to be hacked by the 3 and 4 letter agencies of
the 5 eyes world :)

