The UK government’s security concerns about Huawei telecoms equipment result from the ongoing use of aging software, insiders have claimed.
A report published last month by the Banbury-based Huawei Cyber Security Evaluation Centre (HCSEC), a specialist unit formed in 2010 to monitor the use of the equipment in the UK’s network infrastructure, could only offer “limited assurance” that Huawei kit was safe to use.
Several countries, most notably the US, have effectively frozen Huawei out of the market due to fears about links between the company and the Chinese government. However, several British telcos are Huawei customers and the firm has pledged to spend billions in the UK.
For its part, Huawei has continually denied such allegations.
The HCSEC report said there had been a lack of progress in resolving previous concerns, while a visit to Huawei facilities in Shenzhen had identified a lack of scrutiny with third party components.
Reuters now says the continued use of an older version of Wind River’s VxWorks operating system is one of the causes of these concerns. The version used by Huawei will stop receiving security updates in 2020 even though some of it is powering equipment in UK telecoms networks.
There is no suggestion that this is deliberate, nor is there any evidence that Wind River’s software is insecure. The company offers several ways to migrate to newer versions of VxWorks.
Huawei did not comment on the specific claims but told TechRadar Pro it was committed to addressing the concerns raised by the HCSEC last month.
“The HCSEC model is unique; it is considered to deliver world class network integrity assurance through ongoing risk management, and underlines the strong partnership between Huawei, the UK Government and operators, based on openness and transparency,” said a spokesperson.
“Cyber security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”