“Nationally significant” vulnerability last year found by cyber security analysts who were tasked with investigating Huawei equipment used in the UK’s telecommunications networks.
According to a report, UK Huawei Cyber Security Evaluation Centre (HCSEC) investigators found an issue that was so severe they withheld it from the company. Vulnerabilities are normally software design failures which may allow hostile actors to conduct a cyber attack. They may not be intentional and cannot be seen as an indication of any hostile intent by the developers.
The report states that the UK’s National Cyber Security Centre (NCSC) “does not believe that the defects identified are as a result of Chinese state interference”, adding that there is no evidence the vulnerabilities were exploited.
Instead, the agency outlined that “poor software engineering and cyber security processes lead to security and quality issues, including vulnerabilities”, highlighting a concern about “the increasing number and severity of vulnerabilities discovered”.
The report states that “If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of a UK network, in some cases causing it to cease operating correctly”. “Other impacts could include being able to access user traffic or reconfiguration of the network elements.”
More from News
- Do Oil Price Shocks Make EV Investments More Attractive?
- Visa Launches Its Own Agentic Commerce Platform – What Does It Do?
- Global Markets Show Early Signs Of Recovery After Trump’s Iran Ceasefire – But Can The World Breathe Easy, Or Is Volatility Just On Pause?
- Greece Is The Next Country To Ban Social Media For Under 15s
- World IoT Day 2026: Is The UK Ready For The Next Phase Of IoT?
- Why Are Digital Nomads Leaving The UK, And Where Are They Going?
- Are Hiring Tasks Turning Into Unpaid Labour For Companies?
- Artemis II Is NASA’s Mission, But Is Control Of The Moon Quietly Shifting To Private Companies?
After these concerns were seen they were reported to Huawei, in line with the HCSEC’s vulnerability disclosure process.
The report further notes that HCSEC “continues to reveal serious and systematic defects in Huawei’s software engineering and cyber security competence” – and warns that despite fixing specific issues when directed to do so, the agency has “no confidence that Huawei will effectively maintain components within its products”.
After hearing these concerns, a Huawei spokesperson states that the company is committed “to a process that guarantees openness and transparency, and demonstrates HCSEC has been an effective way to mitigate cyber security risks in the UK”.
The spokesperson stressed that the NCSC’s conclusion demonstrates that the defects were not a malicious interference from the Chinese state, and that the UK’s networks are not more vulnerable than they were last year, stating:
“As innovators, we continue significant investment to improve our products. The report acknowledges that while our software transformation process is in its infancy, we have made some progress in improving our software engineering capabilities”
“Huawei has faced the highest level of scrutiny for almost 10 years. This rigorous review sets a precedent for cyber security collaboration between the public and private sectors, and has provided valuable insights for the telecoms sector.”
“We believe this mechanism can benefit the entire industry and Huawei calls for all vendors to be evaluated against an equally robust benchmark, to improve security standards for everyone.”
American restricts on Huawei will prohibit US technology companies from providing components to the company, for example computer chips. The British government have ordered that all Huawei equipment must be stripped out of the UK’s telecommunication networks by 2027, as a result of these restrictions. This comes after the recommendation of the NCSC stating that the security of Huawei’s equipment can no long be guaranteed if it was to use chips from less trusted manufactures.
