Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Huawei CEO Dismisses Security, Spying Concerns

Company founder denies that Huawei employees would ever be forced to spy for China.

The founder and CEO of Chinese networking equipment manufacturer Huawei, in his first-ever media interview, Thursday dismissed allegations that backdoors may have been built into the company's products to facilitate Chinese espionage.

"Huawei has no connection to the cybersecurity issues the U.S. has encountered in the past, current and future," Huawei CEO Ren Zhengfei, 68, told local reporters -- through an interpreter -- while on a visit to New Zealand this week, according to news reports.

Since founding the company 26 years ago, Ren had previously refused to conduct media interviews. But during his visit this week to New Zealand, he agreed to meet with reporters from four of the country's news outlets.

In response to reporters' questions, Ren dismissed allegations that his employees might be colluding with state security services, instead likening the relationship between his company and the Chinese government to that between New Zealand companies and their government, reported Fairfax Media in New Zealand. Furthermore, he said he was confident that his employees would be free to refuse any request from a Chinese intelligence service to spy on a foreign entity.

[ U.S. officials are trying to ratchet up pressure on China. See Senate Bill Calls For Cyberespionage 'Watch List'. ]

Ren's comments can be read as a criticism of the U.S. singling out Chinese firms Huawei (the world's second-largest telecommunications manufacturer) and ZTE last year in a Congressional report warning that the two companies "cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems." Accordingly, the U.S. House of Representatives Permanent Select Committee on Intelligence's Oct. 2012 report "strongly encouraged" all U.S. businesses "to seek other vendors for their projects."

American businesses appear to be listening. A recent survey of 454 IT professionals conducted by InformationWeek found that the U.S. government's recommendation to avoid Huawei equipment would influence their buying decision-making. Indeed, 37% of surveyed businesses cited the warning as a major concern, and 34% said it would be a deal-breaker.

But Ren Thursday downplayed his company's presence in the American market. "Huawei equipment is almost non-existent in networks currently running in the U.S. We have never sold any key equipment to major U.S. carriers, nor have we sold any equipment to any U.S. government agency," he said.

His comments echoed those of Huawei executive VP Eric Hu, who last month said, "We are not interested in the U.S. market any more," according to the Financial Times.

Despite that apparent vow to quit the U.S. market, the company subsequently changed its story, saying it would continue to actively sell its products in the United States. "We continue to sell in the U.S. in all three business areas: Device, Carrier Network and Enterprise," Huawei spokesperson Jannie Luong told Network Computing in April.

In the wake of the Oct. 2012 Congressional report, Australia, India and the United Kingdom were already evaluating whether they would continue to work with Huawei and ZTE. Notably, India's Research and Analysis Wing -- the government's main intelligence service -- issued a report warning that "Huawei Technologies is known to have links with the People's Liberation Army (PLA) and the ministry of state security of China."

In response, Huawei proposed that Australia create an information security test center to vet the company's products.

But fears of Chinese espionage were further compounded this week, after an annual report from the Pentagon to Congress directly accused China of running a military cyber-espionage operation that directly accessed U.S. government systems. "China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic and defense industrial base sectors that support U.S. national defense programs," according to the report.

In the wake of that warning, Huawei and ZTE appear to be facing fresh scrutiny by Indian government officials, who said this week that they're creating a testing lab to assess all foreign-built telecommunications and networking equipment. "We know about the concerns of intelligence agencies and are expediting developing [a] system for testing the telecom equipments of foreign manufacturers in networks," an India government telecommunications official told India's Hindustan Times.

Information security experts, however, say that backdoors purposefully built into networking hardware can be notoriously difficult to detect, and warned that devices could also be clean when purchased but later updated with firmware that enables spying.

Furthermore, in a 2012 teardown of the Huawei AR8 and ARE 29 series routers, Felix "FX" Lindner, who heads Berlin-based Recurity Labs, found that the firmware contained sufficient numbers of coding errors that anyone studying the code base might find ways of remotely compromising the devices without needing to resort to purpose-made backdoors.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
5/18/2013 | 6:06:38 PM
re: Huawei CEO Dismisses Security, Spying Concerns
I don't believe a word of it. If he were to refuse a request for cooperation from State Security, he'd would go directly to prison and may never be seen again. But if he were to have said anything but what he said, he'd never be able to go home again.
Ronjon13
50%
50%
Ronjon13,
User Rank: Apprentice
5/13/2013 | 2:01:31 PM
re: Huawei CEO Dismisses Security, Spying Concerns
Ren suddenly appears, dismisses all allegations and expects we should just take his word for it?

No mention of Huawei sales to Iran and the efforts to conceal ongoing operations that were uncovered, and no mention of the employees he has at Huawei that aren't really telecom employees but actually are working for the PLA intelligence agency, and no mention of the employees who are monitored and threatened if they do not go along or keep quiet.

Mr Ren, you can buy some people, some favourable articles and some desperate customers but we still do not believe you.
JSmithy67
50%
50%
JSmithy67,
User Rank: Apprentice
5/10/2013 | 6:00:27 PM
re: Huawei CEO Dismisses Security, Spying Concerns
Huawei CEO Ren Zhengfei: " Furthermore, he said he was confident that his employees would be free to
refuse any request from a Chinese intelligence service to spy on a foreign
entity."
While the employees may be "free to refuse" what if they personally choose to obey the request?
It would have been more reassuring for Mr. Zhengfei to say, "Huawei company policy forbids our employees to act on a request from anyone not in their chain of supervision. We will immediately fire or prosecute anyone breaking this policy."
elleno
50%
50%
elleno,
User Rank: Apprentice
5/10/2013 | 5:59:17 PM
re: Huawei CEO Dismisses Security, Spying Concerns
To quote a famous prostitute, Christine Keeler, when she heard one of her high profile politician clients denied all charges.

Ren denies all cybersecurity issues with Huawei: "He would say that wouldn't he".
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.