By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg. The report, based on interviews with seven former officials, some identified and some not, says that Optus, a division of Singapore Telecommunications Ltd., had its systems compromised through a malicious update in 2012 – a claim the company disputes. "The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, [the sources] said," Bloomberg's report explains. After several days, the snooping code reportedly deleted itself, but Australia's intelligence services decided China's intelligence services were responsible, "having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems." Australian intelligence is said to have shared details about the incident with American intelligence agencies, which subsequently identified a similar attack from China using Huawei hardware in the US. The report seeks to provide an evidentiary basis for efforts by the US and other governments to shun Huawei hardware amid global 5G network upgrades and to give that business to non-Chinese firms. Notably absent is any claim that Huawei leadership knew of this supposed effort to subvert Optus' network. "Bloomberg didn’t find evidence that Huawei’s senior leadership was involved with or aware of the attack," the report says. In short, the claim is that China's intelligence agencies compromised an Australian network by placing agents within Huawei, ongoing risk for any number of prominent global technology firms. China has denied "Australia's slander." It's perhaps worth noting that The Register is unaware of any nation owning up to recent intelligence activities. Even Russian President Vladimir Putin, faced with compelling evidence unearthed by investigative news service Bellingcat of the FSB's attempt to poison political opposition leader Alexey Navalny, denied that Russian agents had anything to do with Navalny's near-fatal poisoning. But the statement from China's Ministry of Foreign Affairs is unusual in that it suggests mutual guilt more than wounded innocence: "Australia’s slander on China carrying out cyberattacks and espionage penetration is purely a move like a thief crying to catch a thief." Even so, Huawei's guilt or innocence as it applies to helping China spy is largely irrelevant. As far as the US is concerned, Huawei can't be trusted because the Chinese government could, in theory, make demands the company could not refuse. The feds are worried about precrime, to use the terminology of Philip K. Dick's Minority Report, a story about a police unit that apprehends people predicted to commit crimes. The US Federal Communications Commission recently used future concerns, alongside past behavior and secret accusations, to ban another Chinese firm from operating in the US. In October, the FCC announced that China Telecom Americas could no longer do business in America. The agency said it based its decision [PDF] partly on classified evidence provided by national security agencies. But it also said "the totality of the extensive unclassified record alone" was sufficient to justify its decision. The agency concluded that China Telecom Americas could potentially be forced to comply with Chinese government requests and company officials have demonstrated a lack of candor and trustworthiness to US officials. And trust is key. The changeable nature of software and the possibility of concealed hardware functions make it inherently risky to accept IT systems from untrusted sources. The risk can be mitigated through source code inspection, auditing, and other precautions, but not completely. Go in-depth by visiting OUR FORUM.

Despite feeling impacts in 2021 from a U.S. government clampdown, Huawei still led the global telecom equipment market by far during the first three quarters. In Q1-Q3 market takeaways from Dell’Oro group, the firm said ongoing efforts by the U.S. to curb the Chinese vendor started to appear in Huawei’s results, particularly outside of China. “At the same time, Huawei continued to dominate the global market, still nearly as large as Ericsson and Nokia combined,” wrote Dell’Oro analyst Stefan Pongratz. Cumulative revenues for the telecom market were around $100 billion.  Together seven vendors captured around 80% of the global market share, which Dell’Oro said remained relatively stable. Nokia and Ericsson each had around 15% share of total revenues, compared to about 29% for Huawei alone. Another 20% or so was taken by ZTE (11%), Cisco (6%), Samsung (3%), and Ciena (3%).  Still, compared to 2020 Huawei is losing some ground, according to Dell’Oro. Amid a U.S. push to keep Huawei out of 5G networks over security risks, other governments made moves to exclude or limit the Chinese vendor including the U.K. last year. Meanwhile, Dell’Oro sees ZTE and Samsung on an upswing year-to-date with Samsung gaining a percentage point driven by share gains in the RAN business, according to Pongratz. Overall the telecom equipment market neared double-digit year-over-year growth for the first nine months. Dell’Oro estimates 9% growth in total equipment revenues year to date versus 2020, with 6% growth in Q3. The report covers equipment segments of broadband access, microwave and optical, transport, mobile core network and RAN, SP router, and switch. Huawei’s lead in the equipment market contrasts its consumer smartphone business, which was hurt by U.S. sanctions and earlier placement on the Commerce Department’s Entity List in 2019. Huawei held a 17% share of global smartphone shipments in the first quarter of 2020 but contracted rapidly after Q2 2020, declining to just a 4% share in Q1 2021, according to Counterpoint Research. It spun off its budget smartphone brand Honor so it could survive and gain access to key components that were cut off as part of U.S. actions – after which Honor in August became the third-largest smartphone brand in China in the low-mid segment with a 15% share. Apple in October moved to the No. 1 position in China with a 22% share of smartphone sales in the country, ahead of Vivo and Oppo, as well as Huawei who trailed the premium smartphone market with just an 8% share.  Huawei’s Q3 results showed trouble in the consumer business as overall sales plunged 38%. Huawei didn’t break out its quarterly results by business segment but attributed revenue declines to consumers. "Overall performance was in line with forecast," said Guo Ping, Huawei's Rotating Chairman in a statement. "While our B2C business has been significantly impacted, our B2B businesses remain stable.” In the first three-quarters, Huawei still generated revenue of CNY455.8 billion ($71.5 billion) with a net profit margin of 10.2%. That compares to network equipment rivals Ericsson and Nokia which in the first nine months of 2021 reported respective net sales of SEK 161 billion ($17.78 billion) and EUR 15.788 billion ($17.85 billion). On the telecom gear market front, Dell’Oro said positive Q3 momentum was driven by strong growth in RAN and broadband access including surging demand for 5G and fixed wireless access CPEs. For more visit OUR FORUM.

Hundreds of millions of devices around the world could be exposed to a newly revealed software vulnerability, as a senior Biden administration cyber official warned executives from major US industries Monday that they need to take action to address "one of the most serious" flaws she has seen in her career. As major tech firms struggle to contain the fallout from the incident, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability. "This vulnerability is one of the most serious that I've seen in my entire career, if not the most serious," Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing. "We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents," Easterly said. CNN has reached out to CISA for comment on the call. CyberScoop, a technology news site, first reported on the contents of the call. It's the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations' computer networks. It's also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year. Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit them. The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services and IBM have moved to address the bug in their products. It offers a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network. The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply. But attackers had more than a week's head start on exploiting the software flaw before it was publicly disclosed, according to cybersecurity firm Cloudflare. Organizations are now in a race against time to figure out if they have computers running the vulnerable software that were exposed to the internet. Cybersecurity executives across government and industry are working around the clock on the issue. "We're going to have to make sure we have a sustained effort to understand the risk of this code throughout US critical infrastructure," Jay Gazlay, another CISA official, said on the phone call. Chinese-government-linked hackers have already begun using the vulnerability, according to Charles Carmakal, senior vice president and chief technology officer for cybersecurity firm Mandiant. Mandiant declined to elaborate on what organizations the hackers were targeting. "Over time, everybody can arm the damn thing," Mandiant CEO Kevin Mandia told CNN, referring to the vulnerability. "That's the problem. And there'll probably be great hackers hiding in the noise of the not-so-great." The "noise" is a real problem. For cybersecurity professionals, Twitter has been a constant churn of both useful information and, in some cases, misinformation that has nothing to do with the vulnerability. Learn more by visiting OUR FORUM.