Huawei continues to find itself on the wrong end of a sustained negative news cycle, with some of the latest revelations in new reports including assertions that new Huawei web application flaws have been found. Also, that troubling (and previously unknown) links exist between Huawei employees, the Chinese government and the country’s intelligence agencies.
Huawei, of course, denies the bad headlines that Western news agencies and research firms keep turning up. This also comes at a time when the beleaguered Chinese consumer electronics giant is trying to recover from the myriad effects of a US ban on its products that’s led the company to take steps including the development of a mobile OS to replace Android. Hongmeng is the name of the smartphone OS the company is prepping for its handsets and which Huawei’s CEO says will be faster than both Android and iOS.
Meanwhile, Italian cybersecurity firm Swascan has announced that its researchers have found vulnerabilities within Huawei’s infrastructure and web applications which the firm describes as “critical.” So critical that, “if exploited by malicious attackers or cybercriminals, (they) could have impacted business continuity, user’s data and information security and the regular operation of their services.”
Examples of web flaws Swascan says it discovered include a vulnerability that could allow an attacker to “read sensitive information from other memory locations or cause a crash.”
The Swascan findings come just days after a report from The Wall Street Journal delved into research detailing how Huawei telecom equipment is supposedly more vulnerable to being hacked than equipment from its rivals — a report that the White House has seen and has been used as confirmation of the overall US stance against Huawei.
Arguably more troubling than any of that, meanwhile, are the potentially ominous findings of a study from researcher Christopher Balding of the Fulbright University Vietnam who analyzed data from a few hundred million leaked Chinese resumes. He turned up a number of links between Huawei employees with ties to China and its state security apparatus which he presented in a paper here. One such employee he mentions is an engineer “engaged in behavior that describes planting information capture technology or software on Huawei products” who also worked on projects like “building lawful interception capability into Huawei equipment.”
Naturally, Huawei’s response has pushed back against this. “We hope that any further research papers will contain less conjecture when drawing their conclusions,” the company told The Financial Times in response to the research.
