A man walks past a Huawei office

Huawei working with hacker critics

Chinese telecoms equipment manufacturer Huawei is working with one of its toughest critics to reduce its hacking vulnerabilities

John Suffolk, the company's global cybersecurity chief, said at a cybersecurity conference in New Delhi that he was sending a team of engineers to talk to German security researcher Felix Lindner, who has exposed vulnerabilities in the company's routers, from its $100 home internet devices to multi-million dollar equipment run by telecommunications companies.

"We've very much taken on board Felix's views and you'll see over the coming period we've got a whole host of significant operations to deal with these issues," he said.

The move is a departure for Huawei, which has been battling critics on several fronts.

It was last year blocked from bidding for a multi-billion dollar national broadband network contract in Australia over cybersecurity fears.

A U.S. congressional committee recommended Washington to similarly bar Huawei and its Chinese rival ZTE from being allowed to sell equipment to U.S. carriers.

Huawei has denied inserting deliberate backdoors in its products to allow for spying, and has invited governments to inspect its code.

In the UK, it set up a centre to test out whether its products can withstand security threats, and has offered to set up something similar in both the United States and Australia.

But it has so far been reluctant to engage security researchers and hackers who challenge the company, something that Suffolk said was now changing, in part because of Lindner's allegations.

Suffolk, who was the UK government's chief information officer before joining the Chinese company, said the team's trip to Germany had been slowed by visa issues, but would go ahead soon.

Lindner said at a hacker conference in Kuala Lumpur earlier this month that, while he could not be sure there were no deliberate backdoors in the software, there was no evidence in the devices that he tested.

The problem, he said, was that the software was poorly written and left the equipment vulnerable to hackers.

Lindner's views fitted with a White House investigation that found no clear proof that Huawei was spying for the Chinese government, sources told Reuters earlier this month.

Suffolk said that Huawei had not sent anyone to attend an earlier presentation by Lindner in July but had done so for the Kuala Lumpur conference.

Their presence, he said, was not to dissuade Lindner from speaking but to see if he was revealing new information.

"We like these comments, although sometimes you think to yourself that's a bit of a slap in the face," Suffolk said.

"But sometimes you need a bit of a slap in the face to step back, not be emotive in your response, and say what do I systematically need to change so over time any these issues begin to reduce?"

The move to engage Lindner, Suffolk said, was part of a broader shift in Huawei's approach that he had led since joining the company in 2011.

He numbered among the changes making it easier for other security researchers to contact Huawei with vulnerabilities they have found. But his long-term goal, he said, was to change procedures to make all products more robust.

"I can fix the Felix issue in a few lines of code," he said. "But I'm interested in systemic change within Huawei."

Huawei's efforts to crack the lucrative U.S. market have been hurt by years of suspicion from U.S. lawmakers, who say the Shenzhen-based company, started by CEO Ren Zhengfei, a former Chinese military officer, has links with the Chinese government.

After an 11-month investigation, the U.S. House of Representatives' Intelligence Committee released a 52-page report urging U.S. firm to stop doing business with Huawei and its smaller rival ZTE due to potential influences from the Chinese government, which could pose security threats.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close