China syndrome“A High Risk to Their Users”: An Analysis of Huawei Devices’ Security Vulnerabilities

Published 23 July 2019

Western intelligence services have long suspected that the Chinese communication giant Huawei was a tool of China’s powerful intelligence services. An analysis of the state of security of Huawei’s gear and equipment has found serious security flaws and vulnerabilities. This is important, because even if we take Huawei’s implausible denials of any relationship to Chinese government at face value, the low quality of security of Huawei’s equipment would allow the Chinese government, and other state actors, to compromise the vulnerabilities of networks built with Huawei’s components. Our “analysis shows that Huawei devices quantitatively pose a high risk to their users,” the report says.

Western intelligence services have long suspected that the Chinese communication giant Huawei was a tool of China’s powerful intelligence services. The Obama and Trump administrations, and Congress, have issued a series of ever more severe restrictions on Huawei’s freedom to do business in the United States, and on the freedom of American companies to provide Huawei with U.S.-made parts.

The Trump administration has been aggressively advising the governments of U.S. allies in Europe and Asia not to contract Huawei to build 5G infrastructure in their countries. The United States has publicly threatened to limit and reduce intelligence cooperation and information exchanges with countries which decide to let Huawei build their 5G infrastructure.

Western intelligence services have two worries: the first is that Huawei will be able to spy on communication carried on the networks it builds, and deliver to the Chinese government valuable military, business, political, and diplomatic information, which will allow China to continue and steal Western intellectual property and also give China political and diplomatic advantages.

The second worry is that if there are tensions, or a conflict, between China and a country which used Huawei to build its 5G infrastructure, China will be in a position to take down large sectors of that country’s infrastructure and economy – for example: paralyze the financial sector; open dam gates to flood agricultural lands; shut down the country’s communication systems; take down the electrical grid, and much more.

Columbus, Ohio-based Finite State cybersecurity firm has issued a detailed report on the state of security of Huawei’s gear and equipment. This is important, because even if we take Huawei’s implausible denials of any relationship to Chinese government at face value, the low quality of security of Huawei’s equipment, as detailed in Finite State’s report, would allow the Chinese government, and other state actors, to compromise Huawei-built networks.

Here are the report’s executive summary and key findings:

Executive Summary
5G promises to usher in the next generation of consumer, enterprise, and industrial technology. Among the other profound benefits it offers the global economy, 5G will realize the vision and potential of the Internet of Things (IoT). Advancements in 5G technology are expected to enable exponential growth in accessible autonomy and smarter infrastructure that will likely become foundational to our way of life over the next decade and beyond.