Nokia has remained relatively quiet about Huawei in light of the current political scene, considering its desire to sell devices in China. But the company’s CTO criticized Huawei harshly after a troubling security report regarding Huawei devices was released.
The security report, released by Finite State, found potential backdoors in at least 55% of Huawei’s devices. In response to the security issues with Huawei devices, Nokia CTO Marcus Weldon said in an interview with the BBC, “It’s fairness returning to the market. We were disadvantaged in the past relative to the practices that the Chinese were allowed to have in terms of funding mechanisms.”
With regard to Huawei’s device security vulnerabilities, Weldon said that “We read those reports and we think okay, we’re doing a much better job than they are. Some of it seems to be just sloppiness, honestly, that they haven’t patched things, they haven’t upgraded. But some of it is real obfuscation, where they make it look like they have the secure version when they don’t.”
First, Weldon points out that in China where Nokia competes with Huawei directly in telecom equipment, Huawei had the upper hand due to “funding mechanism,” apparently a reference to Huawei’s ability to get more money for more marketing in the form of subsidies and soft financing.
This “soft financing” refers to below-market rates of interest on government loans. Some soft financing also includes longer repayment periods than usual. Since Huawei is Chinese, it was given greater priority and opportunity in China than Nokia, a name now owned by HMD though the company itself is Finnish.
Nokia didn’t have access to those same funding mechanisms, putting the legendary company in a financial rut as compared to Huawei. Even Xiaomi has had it hard compared to Huawei, with Huawei now sitting at the second global top spot in the smartphone market and the top phone seller in China, its home country.
The reason Huawei is at the top of the market in China is because of its ties to the Chinese Government. Nokia’s Marcus Weldon has clearly pointed out Huawei’s access to below-market loan interest rates and government funding for the company.
It has also been revealed this week that Huawei has close ties to the Chinese military, from Huawei CEO Ren Zhengfei, who worked in communications while a soldier, all the way down to Huawei employees who have written research papers alongside military officials with the Huawei logo proudly displayed.
Huawei has denied it has any ties to the military, and it has also said that it would not comply with the Chinese Government if it was asked to install backdoors into its devices. And yet, Huawei has to make some compromises for all the government subsidies, below-market interest rates, and support that it gets, no?
Next, Weldon points out that there seems to be sloppiness and an intent to deceive with regard to software. The reason pertains to some things that haven’t been patched up or upgraded. Other things refer to “they make it look like they have the secure version when they don’t.”
After Nokia’s Marcus Weldon made his statements, the company issued a public statement shying away from its CTO’s comments. “Nokia notes the comments made by a Nokia executive to the BBC on 27 June 2019 regarding the possible impact of the use of a competitor’s products on the security of U.K. telecom networks. These comments do not reflect the official position of Nokia. Nokia is focused on the integrity of its own products and services and does not have its own assessment of any potential vulnerabilities associated with its competitors.”
Sure, it can be said that perhaps Weldon could have held his comments to himself, but on the other hand, some are thankful he didn’t. To be honest, few know about just how life in China works, government subsidies, the favors beloved companies such as Huawei Technologies Co. have access to because they’re in the government’s back pocket, so it’s nice every now and then to get some information.
With all the smartphone vendors in China such as Xiaomi, OnePlus, Vivo, OPPO, Lenovo, ZTE, Alcatel, Coolpad, Micromax, and others, how is it that Huawei sits atop the Chinese market in such strong, decisive fashion? It’s the elephant in the room that few confront. Do Huawei devices really stand out that much?
Finite State’s report addresses some key backdoors and vulnerabilities that were discovered in Huawei devices within the last decade. Among them is the report from the UK Oversight Board, Huawei-backed Huawei Cyber Security Evaluation Centre (HCSEC) earlier this year about the software vulnerabilities that Huawei still hasn’t fixed.
“HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported to UK operators to inform their risk management and remediation in 2018. Some vulnerabilities identified in previous versions of products continue to exist,” the Oversight Board wrote in its March 2019 report.
Another software vulnerability pertains to Huawei’s PC Manager, pre-installed software on its MateBook laptops. PC Manager came with an insecure driver that would let an attacker get superuser privileges on the device. Microsoft reported the insecure driver and its place of origin (PC Manager) to Huawei.
As of last month, a Dutch newspaper reported that national intelligence agency AIVD discovered backdoors on Huawei telecom equipment belonging to a Dutch carrier, with Huawei accessing customer data from a major telecom provider in the Netherlands such as Vodafone and T-Mobile, among others.
Just last year, African Union officials reported to The Financial Times that Huawei’s computer systems transferred data from those same computers back to Chinese servers for five years, from 2012 to 2017. AU technicians discovered the data transfers because of the unusually high activity on computer systems at night from midnight (12am) to 2am.