The debate surrounding Huawei data security is a complicated one, which arises due to several different factors. It is a political debate as much as it is a technological one; but, the equipment produced by Huawei is so critical to global internet access that a simple disconnect is not possible.
Huawei has emerged into the news once again after Boris Johnson announced that all Huawei technology was to be removed from the UK’s 5G network by 2027, a move that sparks as many concerns as it squashes. So, who are Huawei? And why are there such strict sanctions?
Who are Huawei?
Huawei is now the world’s largest telecommunications equipment vendor, and is based in China. You might first have heard of them when they began releasing their own smartphones, but in reality, their technology had been used in that hardware of countless other smartphone brands for years before this. However, Huawei isn’t just responsible for many of our mobile phones, but for every step of our internet connection – right through from our laptops to faraway web servers.
Everything from network switches, routers, bridges, and gateways in our networks is often Huawei-made. They even produce equipment such as radio antennas, which, although not immediately related to the internet, come into play with 5G.
Without Huawei, the functioning of 5G would not be at the stage it is. The breadth of equipment they manufacture has meant that they can increase interconnectivity by using alternative devices and boost the reach of mobile data, a feat that is almost unique to their capabilities.
What OS does Huawei use?
Until recently, Huawei continued to use Google Android as the operating system for its smartphones. But with rising concerns about Huawei data privacy risks, and US sanctions that inhibit Huawei’s use of Google apps, Huawei decided to launch their own alternative OS across all their devices in 2021: HarmonyOS. Now, it is anticipated that the next range of Huawei smartphones will run on HarmonyOS.
HarmonyOS comes with its own versions of standard Google apps, including Petal Maps, its own search engine, and an App Gallery. One of the key things that Huawei wants to draw attention to is the new strong security ethos that aims to protect user data. To start with, all of its new features, as well as Huawei devices more generally, have received the four globally authoritative certifications on information security and privacy protection from the British Standards Instituion (BSI).
- Secure boot to make sure hardware and apps have not been tampered with
- Trusted Execution Environment (TEE) to prevent leakage of sensitive data from low security devices
- Device certificate authentication, so that other devices can verify Huawei device security
- Partitions for data, keeping different security-level data separate
- Data destruction through the use of keys
Though HarmonyOS and BSI certification go some way to answer global privacy concerns, the company’s history cannot be ignored.
Huawei Data Security: Why are there sanctions against Huawei?
For the UK in particular, the concerns about Huawei’s treatment of data privacy come primarily from the equipment that is used close to the data centres in the network. Questions have arisen about how their equipment might have fuelled espionage in Beijing, what links the CFO might have to fraud allegations after sanctions on Huawei tech in Iran, and whether the connections of Huawei’s founder, Ren Zhengfei, to the Chinese military and Communist Party should be considered.
Though evidence proving Huawei’s links to the Chinese government espionage is lacking, a few incidents of foul-play have been uncovered. For example, employees of Huawei have been caught conducting corporate espionage in the US, against T-Mobile.
Though no government-initiated espionage has been proved, the recurring concern is that there is huge potential for Huawei to facilitate espionage on a global scale, or to simultaneously take down countless networks at a time of crisis. Any action, however, would be almost instantly detected and would initiate a global unified response from companies using Huawei tech.
The National Cyber Security Center judged that, although Huawei is a designated ‘high-risk vendor,’ it would be possible to work with them as long as strict risk-management rules were in place. However, soon after this announcement, the US restricted Huawei from using chips based on American designs in any of its devices and equipment. This decision threatened to cut off Huawei’s access to semiconductors, which would starve its production, and force it to use less trustworthy models. Given Huawei’s prevalence in the tech market, this could be a blow to the security of consumers as much as to the company itself.
The UK sanctions placed on Huawei mean a couple of things for the company. Huawei was granted restricted access to build non-core infrastructure within the 5G network in Britain. But, Huawei could not hold more than 35% of the market share and was blocked from accessing the most sensitive parts of the network. The government was warned by phone companies, such as BT and Vodafone, that suddenly completely stripping Huawei tech out of the network would be a costly venture and significantly disrupt network connection for the population. Instead, a compromise was reached: to phase out all Huawei infrastructure in the UK’s 5G network by 2027.
Huawei smartphone privacy
The biggest threat from Huawei to standard smartphone users comes from the relationship between Chinese-owned companies and the Chinese Communist Party. It is written into company law in China that any company must serve state intelligence when requested. So, with Huawei devices so prevalent across the western world, user data is extremely vulnerable should such a request be made.
A blanket ban of Huawei devices for the average consumer is highly unlikely, regardless of where you are in the world. However, to protect civilians and businesses alike, countries such as Sweden and the UK have banned telecommunication companies from using Huawei devices on the 5G network.
So what does this mean for the individual?
The personal data of each and every user should be exactly that: personal. But data is a vast and profitable currency in the tech world, so threats emerge everywhere. Social media, phishing scams, and NSA spying mean that the average user cannot take their privacy for granted. What makes Huawei in particular concerning, is that the malware is already established within the device before the user even begins using it. Seemingly innocent phone conversations or text messages concerning work projects or personal matters could be being tracked without their knowledge.
In 2021, it was revealed that a software update with malicious code was installed on all Huawei devices across Australia back in 2012, demonstrating that, while the focus of data breaches is likely to be corporate or governmental, there are still implications for individuals.
Recommendation: Don’t use Huawei as a company phone
In line with government sanctions and recommendations, we would advise you to choose a different model of phone for your employees.
Instead of Huawei devices, we would recommend choosing Apple, Android, Nokia, or a mix of all these. For more information about the company devices and mobile device management software that we can offer you at everphone, contact one of our experts.