Huawei’s 5G future now relies on its ability to clean house

by Peter Griffin / 03 April, 2019

Prime Minister Jacinda Ardern’s whistle-stop visit to Beijing this week did little on the face of it to improve Huawei’s prospects of playing a role in building the country’s 5G mobile networks.

New Zealand and China must 'trust each other', she was told by China’s President, Xi Jinping.

But technically anyway, it is not as simple as that. While geopolitics and the trade priorities of New Zealand and its Five Eyes security partners, may have triggered the intense scrutiny of the Chinese telecoms equipment maker in recent years, the only way out now for Huawei is to fix the software bugs and security holes in its currently installed mobile systems.

It will need to move fast in doing that to avoid missing out on billions of dollars’ worth of mobile network contracts.

Read more: Huawei and 5G: What the controversy is all about | What is 5G?

Chinese President Xi Jinping, right and New Zealand Prime Minister Jacinda Ardern, left shake hands before the meeting at the Great Hall of the People on April 1, 2019 in Beijing, China. (Kenzaburo Fukuhara - Pool/Getty Images)

Chinese President Xi Jinping, right and New Zealand Prime Minister Jacinda Ardern, left shake hands before the meeting at the Great Hall of the People on April 1, 2019 in Beijing, China. Image: Kenzaburo Fukuhara/Pool/Getty Images.

Damning report

The vulnerabilities were identified yet again last week in a report from the Huawei Cyber Security Evaluation Centre (HCSEC) oversight board, a body set up by the UK’s National Cyber Security Centre specifically to scrutinise Huawei’s technology.

The fifth annual report from board overseeing the HCSEC, which is a centre in Banbury, Oxfordshire funded by Huawei but with independent governance and auditing, slammed Huawei for numerous deficiencies. The technical details have been deliberately kept vague but the message is clear:

“HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported to UK operators to inform their risk management and remediation in 2018,” the oversight board reported.

“Some vulnerabilities identified in previous versions of products continue to exist,” it pointedly noted.

The report appears to take a hard line following positive signals from UK government officials in February that the troubling vulnerabilities in Huawei’s systems could be addressed.

Huawei has pledged to spend US$2 billion over the next five years fixing its security problems which it estimates could take that long to address. But with no coherent plan to do so presented to the oversight board, the window is closing on its involvement in 5G network deployments in the UK over the next two years.

UK mobile operators EE has already ruled out using Huawei equipment in its core network, while Vodafone has pressed “pause” on its efforts across Europe to work with Huawei on core networks until security agencies clarify whether Huawei can be involved.

The UK scenario is being keenly watched here in New Zealand, because versions of the Huawei equipment and software analysed by HCSEC is likely to also be deployed in the existing 3G and 4G networks operated by Spark and 2Degrees.

Huawei has said it will likely pitch for the 5G radio access network business locally, rather than the core mobile network infrastructure, to allay concerns. The first commercial 5G networks are likely to go live in the middle of 2020.

Dr Faraz Hasan, Massey University.

Fixable but will take time

Massey University telecommunications networking expert, Dr Faraz Hasan, says the issues flagged in the UK report appear to be fixable, but with large numbers of Huawei devices and base stations powering Britain’s mobile networks, it could be a major job.

“They appear to be mainly software bugs, with one security issue to do with a cryptographic weakness,” says Hasan, who is currently researching how fifth generation or “5G” networks are designed and the radio emissions they generate.

“The sole security issue is related to a cryptographic weakness of the Huawei devices. It means the devices are not able to hide the message that is being wirelessly sent. If somebody steals that message, which is relatively easy to do on a wireless link, there's more chances for it to be decoded.”

That security issue relates to Huawei’s use of the widely-trusted “Open SSL” security protocol. The oversight board found vulnerabilities in Huawei’s code relating to Open SSL that dated as far back as 2006.

“This shows the lack of maintainability and security resulting from the poor configuration management, product architecture and component lifecycle management,” the report noted.

Apples and oranges

An even bigger issue, says Hasan, is the oversight board’s concern that the source code HCSEC examined in test equipment supplied by Huawei, does not appear to be exactly the same as the code used across the UK mobile networks.

“It means that different instances of the same code appear to be building differently,” he says.

“This is problematic because different deployments of the same Huawei equipment, may lead to different performance and security levels.”

Until UK security agencies can be sure what is being tested in the lab mirrors what is deployed in the real world, Huawei faces an uphill struggle to regain their trust.

“HCSEC aren't convinced because Huawei don't have a concrete plan to address the issues,” says Hasan.

While all the recent attention on Huawei has focussed on whether the company will be given the greenlight to build 5G networks in many countries, it is current networks featuring Huawei equipment that are causing UK officials the real concern.

That, says Hasan, has implications for new networks because the first phase of 5G will be built on the existing 4G network.

“Nothing will change except that the number of base stations will increase. The network will remain largely centralised. The security provisions we have for 4G may be extended to 5G. Those Huawei devices may already exist on the network on which the 5G network will be built.”

Later down the track, substantially more devices would be connected to the 5G network, an ‘internet of things’ network offering vastly increased connectivity and convenience, but also opportunities for hackers to infiltrate the network.

“With 4G my mobile phone or laptop is communicating with the network,” says Hasan.

“With 5G my toaster will be connected on the network. [Hackers] can potentially mess with my electronic appliances at home and in the office. It is the scale of involvement of 5G in our lives which raises these concerns that it must be extra secure.”

Unprecedented scrutiny

How secure are other networking equipment makers such as Nokia, Ericsson and Samsung? Hasan says it is hard to know because, to his knowledge, none of them have been subjected to as much independent technical scrutiny as Huawei, which he says has a good reputation for quality, particularly in New Zealand.

The answer to Huawei’s woes then seems to be convincing UK security officials it can turn around the test results coming out of that Oxfordshire lab, which Huawei New Zealand has offered to replicate here to give the GCSB confidence in its technology.

That move would certainly help, says Hasan.

 “On a technical level, it is a good way forward. It is funded by Huawei, but is independent enough to come out and say there are technical issues that must be solved.”

Follow NOTED on Twitter, Facebook, Instagram and sign up to our email newsletter for more tech news. 


Medical specialist and writer Eileen Merriman's prescription for success
104920 2019-04-25 00:00:00Z Profiles

Medical specialist and writer Eileen Merriman's pr…

by Clare de Lore

Eileen Merriman doesn’t have to dig too deep to find the angst, humour and drama for her award-winning novels.

Read more
We still remember them: The best in new Anzac Day reading
105020 2019-04-25 00:00:00Z Books

We still remember them: The best in new Anzac Day…

by Russell Baillie

The tide of great New Zealand books on the world wars shows no sign of going out. Russell Baillie reviews four new Anzac books.

Read more
Fine lines: New Anzac books and graphic novels for kids
105028 2019-04-25 00:00:00Z Books

Fine lines: New Anzac books and graphic novels for…

by Ann Packer

A telegraph “boy”, heroic animals and even shell-shock make for engaging reads for children.

Read more
Keeping up appearances: The challenging job of restoring NZ's lighthouses
104978 2019-04-25 00:00:00Z Life in NZ

Keeping up appearances: The challenging job of res…

by Fiona Terry

Ensuring lighthouses stay “shipshape” isn’t a job for the faint-hearted.

Read more
The former major reuniting service medals with their rightful owners
105015 2019-04-25 00:00:00Z Life in NZ

The former major reuniting service medals with the…

by Fiona Terry

Service medals are being reunited with their rightful owners thanks to former major Ian Martyn and his determined research.

Read more
PM announces 'Christchurch Call' to end use of social media for terrorism
104952 2019-04-24 00:00:00Z Politics

PM announces 'Christchurch Call' to end use of soc…

by Noted

A meeting aims to see world leaders and CEOs of tech companies agree to a pledge called the ‘Christchurch Call’.

Read more
Red Joan: Judi Dench almost saves Soviet spy story from tedium
104942 2019-04-24 00:00:00Z Movies

Red Joan: Judi Dench almost saves Soviet spy story…

by James Robins

The fictionalised account of a British woman who spied for the Soviet Union is stiflingly quaint.

Read more
What to watch on TV this Anzac Day
104749 2019-04-24 00:00:00Z Television

What to watch on TV this Anzac Day

by Fiona Rae

Māori TV once again devotes the day to Anzac programming, including a live broadcast from Gallipoli.

Read more