Hardware

Old Routers Are Targets For Hackers

Posted on by Andy Miller

Internet security experts are warning that old routers are targets for cyber-criminals who find them an easy hacking option.

How Big Is The Threat?

Trend Micros have reported that back in 2016 there were five families of threats for routers, but this grew to 35 families of threats in 2018. Research by the American Consumer Institute in 2018 revealed that 83 per cent of home and office routers have vulnerabilities that could be exploited by attackers.  These include the more popular brands such as Linksys, NETGEAR and D-Link.

Why Are Old Routers Vulnerable?

Older routers are open to attacks that are designed to exploit simple vulnerabilities for several reasons including:

  • Routers are often forgotten about since their initial setup and consequently, 60 per cent of users have never updated their router’s firmware.
  • Routers are essentially small microcomputers.  This means that anything that can infect those can also infect routers.
  • Many home users leave the default passwords for the Wi-fi network, the admin account associated with it, and the router.
  • Even when vulnerabilities are exposed, it can take ISPs months to be able to update the firmware for their customers’ routers.
  • Today’s routers are designed to be easy and fast to work straight out of the box, and the setup doesn’t force customers to set their own passwords – security is sacrificed for convenience.
  • There are online databases where cyber-criminals can instantly access a list of known vulnerabilities by entering the name of a router manufacturer. This means that many cyber-criminals know or can easily find out what the specific holes are in legacy firmware.

What If Your Router Is Compromised?

One big problem is that because users have little real knowledge about their routers anyway and pay little attention to them apart from when their connection goes down.  It is often the case, therefore, that users tend not to know that their router has been compromised as there are no clear outward signals.

Hacking a router is commonly used to carry out other criminal and malicious activity such as Distributed Denial of Service attacks (DDoS) as part of a botnet, credential stuffing, mining bitcoin and accessing other IoT devices that link to that router.

Examples

Examples of high-profile router-based attacks include:

  • The Mirai attack that used unsecured routers to spread the Mirai malware that turned networked devices into remotely controlled “bots” that could be used as part of a botnet in large-scale network attacks.
  • The VPNFilter malware (thought to have been sponsored by the Russian state and carried out by the Fancy Bear hacking group) that infected an estimated half a million routers worldwide.
  • The exploit in Brazil spread across D-Link routers and affecting 100,000 devices, aimed at customers of Banco de Brazil.

Also, back in 2017, Virgin Media advised its 800,000 customers to change their passwords to reduce the risk of hacking after finding that many customers were still using risky default network and router passwords.

Concerns were also expressed by some security commentators about TalkTalk’s Super Router regarding the WPS feature in the router always being switched on, even if the WPS pairing button was not used, thereby meaning that attackers within range could have potentially hacked into the router and stolen the router’s Wi-Fi password.

What Does This Mean For Your Business?

If you have an old router with old firmware, you could have a weak link in your cyber-security.  If that old router links to IoT devices, these could also be at risk because of the router.

Manufacturers could help reduce the risk to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one.

Also, vendors and ISPs could help by having an active upgrade policy for out of date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.

ISPs could do more to educate and to provide guidance on firmware updates e.g. with email bulletins.  Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.

First Organ Delivery By Drone

Posted on by Andy Miller

A human kidney for transplant has been delivered by drone to a Medical Centre in Baltimore in the first flight of its kind.

Cutting Edge Technology

The drone transportation of the living organ over a one-mile journey used cutting-edge technology in the form of an AI-powered drone that had been specifically designed to maintain and monitor the organ during the journey.  As well as having a specially designed compartment to keep the organ in the right condition for transplant, the drone had onboard communications and safety systems to enable a safe flight over densely-populated/urban areas, and a parachute recovery system in case the drone failed.

Collaboration

The drone’s creation was the product of a collaboration between the aviation and engineering experts at the University of Maryland (UMD), transplant specialists and researchers at the University of Maryland School of Medicine (UMSOM), and others at the Living Legacy Foundation of Maryland.  Joseph Scalea, assistant professor of surgery at University of Maryland School of Medicine (UMSOM) who was one of the surgeons who carried out the transplant has also acknowledged the collaborative efforts of the surgeons, engineers, the Federal Aviation Administration (FAA), the organ procurement specialists, the drone pilots, nurses at the hospital, and the patient.

Solves Problems

The ability to deliver transplant organs by drone solves the problems caused primarily by traffic problems identified by the United Network for Organ Sharing, which reported that in 2018 there were nearly 114,000 people on waiting lists, with 1.5% of organs not making it to the destination and nearly 4% being delayed by two hours or more.

Medical Sample Delivery Too

There has also been a recent report in North Carolina of a hospital, in partnership with UPS, using a drone delivery program to speed up the delivery of critical medical samples across a hospital campus, thereby cutting 41 minutes off the usual on-foot journey.

Potential

The fact that the organ drone flight and the transplant operation were safe and successful has led to the recognition of the potential of this method e.g. unmanned transportation of organs over greater distances, minimising the need for multiple pilots and flight time and addressing safety issues.

What Does This Mean For Your Business?

This world-first in organ transportation is an important first step in what could be (if proven to be safe and reliable over multiple flights) an important new technological improvement to the provision of life-saving medicine.

Business owners may also be thinking that if this can be done successfully with something as important and delicate as a human organ for transplant, this system could potentially be scaled up and used to ensure the fast, safe delivery of other items. Amazon, for example, has been testing delivery drones for parcels since 2013 with a view to making its ‘Prime Air’ service a regular reality in the future.

As shown by UPS’s involvement with medical sample delivery, other major delivery companies are also investing in drones and their potential to combat the challenges posed by traffic congestion and labour-intensive and time-consuming on-foot journeys.

Also, the US Federal Aviation Administration has just authorised Alphabet’s (Google’s) Wing Aviation to start delivering goods via drones later this year.  This is the first time that the FAA has granted an “air-carrier” the certification for drone delivery of items such as food, medicine, and other small consumer products.

Drone transportation is clearly moving forward and starting to prove that it offers great potential in many different sectors in the not-too-distant future.

Apple’s Adapter Recall Over Shock Risk

Posted on by Andy Miller

Tech giant Apple has recalled two different types of plug adapter because of a possible risk of electric shock.

Which Adapters?

The affected plugs are the two-prong AC wall plug adapter that came with Macs and some iOS devices between 2003 and 2010, and the three prong plug that was included with Apple’s World Travel Adapter Kit.  Apple USB power adapters are not affected.

The two prong AC wall plug adapter recall concerns those shipped from 2003 to 2015 with Mac and certain iOS devices, included in the Apple World Travel Adapter Kit, and made for use in Continental Europe, Australia, New Zealand, Korea, Argentina and Brazil.

Apple’s website says that its three-prong AC wall plug adapters were designed primarily for use in the United Kingdom, Singapore, and Hong Kong, and that the affected plugs are white, with no letters on the inside slot, whereas the newer versions are white with grey on the inside, and with a dimple on the side to make them easier to unplug.

How Can You Tell?

If you’re not sure whether your adapter is one of those affected by the electric shock risk, Apple has provided pictures to help you. Pictures of the two prong adapter can be found here https://www.apple.com/support/ac-wallplug-adapter/ and pictures of the three prong adapter can be found here https://www.apple.com/support/three-prong-ac-wall-plug-adapter/.

What Risk?

Apple says that the two prong Apple AC wall plug adapters in question may break and create a risk of electrical shock if touched.

In the case of the three-prong AC wall plug adapters in question, Apple says that they may break and create a risk of electrical shock if exposed metal parts are touched.

What Next?

If you have one of the affected adapters, Apple is offering an exchange program so you can get a safe replacement adapter from an authorized Apple service provider, or from an Apple retail store (by making an appointment), or by contacting Apple support online.  You will need to know your current adapter’s serial number and Apple provides information about this on the same page where the pictures of the adapter are shown (see the links above in this article).

What Does This Mean For Your Business?

For Apple, publicly explaining the danger, having a recall, and offering customers an exchange is making the best of a bad situation and gives a good PR message to customers.  It is a little alarming though that the adapters (of which there are likely to be many because of the 7-year period for the three prong and 12-year period for the two prong) have been in use could have been dangerous for so many customers in all that time.

For customers who have one of the affected adapters, it may be a surprise and a little worrying that there is an electric shock risk, but its reassuring that Apple is offering a replacement.

It’s not the first time that Apple has had to offer customers help with products. Back in June 2018, following a couple of years of complaints from customers (and a petition), Apple decided to offer free repairs or replacements for the butterfly keyboard on its MacBook and MacBook Pro laptops. At that time, Apple offered to repair/replacement a list of nine eligible models of keyboard.

No Windows 10 Updates For PCs With USB Devices or SD Cards Attached

Posted on by Andy Miller

Microsoft has announced that if your PC has a USB device or SD card attached it will not be possible to upgrade the computer to the Windows 10 May 2019 Update because of an “Inappropriate drive reassignment” issue.

The Scenario

On its support site, Microsoft has announced that an attempt to upgrade a computer with the Windows 10 May 2019 Update will result in an error message being displayed if the following three factors are in place:

  1. You’re running a Windows-10 based computer that has either the April 2018 Update (Windows 10, version 1803) or the October 2018 Update (Windows 10, version 1809) installed.
  2. An external USB device or SD memory card is attached to the computer.
  3. You try to upgrade the computer to the May 2019 Update, or you have automatic updates turned on in the Windows Update settings.

Inappropriate Drive Reassignment

Microsoft says that the upgrade will not be able to occur in these situations because of the risk of inappropriate drive reassignment.  For example, a user may have booted Windows from external storage and may have left an external storage device (USB device or SD memory card) attached during the installation of the May 2019 upgrade.  Prior to the upgrade, the external device would have been mounted in the system as drive G based on the existing drive configuration, but after the upgrade, the device is reassigned a different drive letter e.g. H.  This is a situation that Microsoft is trying to avoid – hence the error message and the blocking of computers with external devices attached from receiving the upgrade.

The Workaround

According to Microsoft, the simple workaround is to remove the external media and restart the May 2019 Update installation.

Microsoft also says that the issue will be resolved in a future servicing update for Windows 10, and for Windows Insiders, the issue is resolved in build 18877 and later builds.

What Does This Mean For Your Business?

There is more than just a small element of Microsoft being cautious in issuing this error message and putting out information about the nature of the issue and workaround, after the many problems and bugs that led to Build 1809 having to be withdrawn after a few weeks before a re-issue. This time, Microsoft wants good publicity and good customer experience for its ongoing WaaS strategy.

If you’re planning to upgrade Windows 10 with the May 2019 Update and you want things to go smoothly, the advice is to make sure that you don’t have external storage devices connected to the computer at the same time.

UK Government Services Information Accessible Via Voice-Activated Smart Speakers

Posted on by Andy Miller

After a six-month trial by the Government Digital Service (GDS) with a view to future-proofing the delivery of online services for citizens, 12,000 items of government information can now be accessed via voice-activated smart speakers and virtual assistants, such as Amazon Alexa and Google Home.

Wider Plan

The GDS trial that has made the information available via voice-activated smart -speakers is part of a wider plan to employ the use of third-party (voice) apps, machine learning, and other new technologies in order to simplify interactions between citizens services going forward. The millions of smart speakers now in use in UK homes means that voice-activated technology has provided an important first step for the government’s plans.

What Kind of Information?

Examples of the kind of government services information that’s now available via Alexa and Google home includes the dates of UK bank holidays, the minimum wage level, information about how to apply for a passport or pension, as well as the answers to childcare and tax-related questions.

Started A Year Ago

The plans to future-proof government services in this way were first made public a year ago when Neil Williams, head of Gov.uk at the time, said that around 400 services had already been identified as potential use cases for voice technology.

Machine Learning Added To Gov.uk website

The idea of integrating machine learning with the Gov.uk website is reported to have led to the creation of an algorithm that helps to tag all the content and develop a taxonomy, thereby making it much easier for users of the website to quickly access relevant information.

The Gov.uk website, which came online back in 2012 is reported to have resulted in huge efficiency savings, as well as making it much easier for citizens to access government content.

Innovation Strategy

In a recent blog post, The Minister for Implementation, Oliver Dowden, highlighted the importance of the GovTech Catalyst initiative in matching innovative private sector solutions with public sector challenges. Mr Dowden also announced the publication of an Innovation Strategy later this year that will share the government’s vision of how GDS and wider Cabinet Office will lay the foundations for the government to use emerging technologies.

What Does This Mean For Your Business?

There are many services that businesses need to access information about and having the information available quickly via smart speakers and virtual assistants could save time and money and help businesses to comply with government rules and regulations.  It could also help businesses to discover opportunities and help that may be available via government services for both the business itself and employees and other stakeholders.

The Gov.uk website has also been a money-saving tool for the government, and making more information available via smart speaker and apps, while improving the website and its operation using machine learning could provide greater savings in the future, while demonstrating how the government is making efforts to embrace and utilise the strengths of new technologies, and simplify access for to information for citizens.

Samsung’s Folding Phone Faults Delay Release Date

Posted on by Andy Miller

The release date of Samsung’s new dual-screen Galaxy Fold mobile handset has been delayed after reviewers reported having removed the top layer of the display causing damage to the screen, problems with hinge areas, and debris getting trapped under the screen.

The Galaxy Fold

Announced as the Galaxy X last summer, the Galaxy Fold handset has two inside panels and one outside panel with the two inside panels folding out to form the 7.3-inch OLED screen, thereby giving the user a much larger screen area.  The fact that the flexible screen folds in on itself when closed also adds protection for the touchscreen when the phone is not in use.

Reviewers

A number of reviewers, including many journalists, were given Galaxy Fold handsets for trial use.  It appears that faults were discovered and were perhaps even caused by many of the reviewers who peeled off what they believed was just a protective layer (despite being warned against doing in the handset’s documentation) that was, apparently, an important part of the screen display’s protection.

Several Faults

Several faults were identified by reviewers and confirmed in a statement from Samsung, including:

  • Issues on the display associated with impact on the top and bottom exposed areas of the hinge.
  • Substances being found inside the device affecting the display performance.

It has also been reported that some reviewers saw creases on the fold and other display glitches which the folding robot really should have found.

Production Problems – Is The Technology Ready Yet?

Part of the delay in the production of a commercial version of Galaxy’s folding phone from the first sighting of its prototype 7 years ago is thought to be down to production problems in the complexity of developing durable but flexible plastic screens.

Also, the fact that competitors LG and Sony have many patents on foldable mobile displays but have not produced a foldable phone yet has led some commentators to suggest that the technology may simply not be fully ready for use in the current generation of phone handsets.

In Samsung’s own statement about the reported faults the company said that “how the device needs further improvements”.

Huawei

Another major phone market player (Huawei) also has a foldable phone in the development pipeline.  Huawei’s ‘Mate X’ version folds outwards, which some have speculated may leave the most vulnerable part of the device exposed all the time. The fact that Huawei has not yet gone to market with its foldable offering may also be a sign that it too is wrestling with similar screen problems i.e. screen creasing.

What Does This Mean For Your Business?

In the phone market, there has been a degree of stagnation as customers delay upgrades while waiting for more innovative models and new features.  A folding phone offers value in terms of its versatility as a kind of “2-in-1” tablet and phone, as well as the novelty value and kudos of having a device with the very latest folding screen.  As expected, however, the Samsung Folding (when is eventually launched), and competitor folding phone models will have a premium price tag (thought to be around £1,500), and although this would decrease as volumes increase, many businesses may decide to wait a bit longer before they buy one.

The fact that Samsung has called-off the launch and not given a future launch date for the Samsung Folding may indeed indicate that the technology is not quite ready, and that simply introducing a model with design faults just to be first to get a folding phone out there is not something they’re prepared to risk.

Fake Finger Fools Fool-Proof Phone

Posted on by Andy Miller

A Reddit user claims to have used a 3D printer to clone a fingerprint and then use the fake fingerprint to beat the in-display fingerprint reader on a Samsung Galaxy S10.

Fingerprint Scanner

The Galaxy S10 and S10+ phone models have an Ultrasonic Fingerprint Scanner embedded into the screen that uses soundwaves to create a 3D map of the owner’s fingerprint, and the recognition sensor at the bottom centre of the screen can then be used by the owner to gain entry to the phone by placing their fingerprint on it.

Made Fake Finger

The Reddit user, known only as ‘darkshark9’ claimed in a proof-of-concept uploaded to Imgur that they had been able to unlock their own Galaxy S10 phone using a fake finger that had been made using a photograph (taken using the Galaxy S10’s camera) of their own fingerprint on a wine glass.  The mystery ‘darkshark9’ claimed that they had used Adobe Photoshop and Autodesk 3ds Max to work on the photograph and had then used an AnyCubic Photon LCD resin 3D home printer (costing less than £400) to make a physical replica of the fingerprint.

It has been reported that it took ‘darkshark9’ less than 15 minutes to make the fake fingerprint that opened the phone.

Fingerprint Fear

This means that a person with same equipment who could obtain a photo of a fingerprint from an object such as a glass or phone at close distance, or using a higher-quality DSLR camera (from perhaps even across the room) could have the potential to quickly break into anyone’s biometric security protected phone and steal personal data, access apps etc.

What Does This Mean For Your Business?

Many security experts agree that using biometric security as a primary unlock method is less secure than a password or PIN, although it offers convenience and is liked by many users.  In the case of the Galaxy S10, although it was supposedly fooled with the fake finger model, its fingerprint scanner uses ultrasonic sound waves to map the user’s fingerprint in the first place which is more secure than the optical sensors used by some other phones that can be fooled by a paper printout of a fingerprint.

Having a fingerprint scanner / sensor on the phone is better than having nothing at all, as is the case with many people who leave their phones unlocked all the time rather than having to type in a PIN or password.

This is not the first time that phone biometric security measures have been defeated.  For example, it is also claimed that the S10’s facial recognition (because it uses cameras rather than infrared sensors) can be fooled by another phone playing a video of the S10’s owner face.

Also, in a Twitter thread, Manchun Wong claimed that she was able to fool her brother’s S10 facial recognition scanner using her own face, presumably because of the similarity of family and sibling resemblance. This is reminiscent of a case back in 2017 when BBC ‘Click’ reporter Dan Simmons reported that he had been able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

Biometric security on phones clearly has some way to go before the effectiveness lives up to the promise, and for the time being, although less convenient, password and PIN may be safer as the primary unlock method.

Windows 10 Breaks Traditional PC Hardware and OS Upgrade Links

Posted on by Andy Miller

With figures (Gartner) showing Windows 10 predicted to represent 75% of the professional PC market by 2021, continued PC sales and improved Windows 10  back-end management, Windows 10 is making (historically) time and resource consuming Windows OS and hardware upgrade projects a thing of the past, and is breaking the link between the two.

Mobile PCs A Popular Business Choice For Content Creation

Even though the whole global PC market is in decline, traditional PCs are set to decline by 3% in 2019 to total 189 million units, and smartphones are users’ primary mobile devices, mobile PCs look set to remain popular purchases for businesses because they are needed for content creation.

With laptop PCs running Windows 10, this is a key reason why Windows 10 represents such a large share of the professional PC market.

The SaaS model with its automatic bi-annual automatic upgrades is, therefore, the step to making teams responsible for OS upgrades in businesses a thing of the past.

Left Behind and At Risk

The growth, popularity, and general effectiveness of Windows10, coupled with the ending of support for older versions is making businesses still running older platforms (e.g. Windows 7) and thinking of putting off the upgrade to Windows 10 until 2020 look likely to be left behind in IT effectiveness terms, and at risk in security terms (support for Windows 7 support is scheduled to end in January 2020).

Businesses are also realising that:

  • They can’t skip a version i.e. waiting and skipping to Windows 11 is not an option – migration to Windows 10 may as well happen sooner rather than later.
  • Windows 10 is a modern operating system that allows organisations to run cloud applications and provide security much more effectively.
  • Microsoft has aligned upgrades of its cloud productivity suite, Office 365, to Windows 10, so not switching to Windows 10 could mean a competitive disadvantage.
  • Windows 10 enables businesses to automatically receive new, potentially value-adding features every six months.

Changing The Nature of Upgrades

With most businesses using Windows 10 and receiving automatic software upgrades every month, and more enterprise applications being consumed as software as a service (SaaS), hardware upgrades are more likely to be driven by wear and tear in future rather than by the availability of a new PC operating system from Microsoft.  This is the reason why Windows 10 has effectively disconnected the link between PC hardware and Windows operating system upgrades.

What Does This Mean For Your Business?

Figures show that laptop PCs with Windows 10 loaded on them are (and will continue to be for the near future) an important tool for many businesses, and that the automatic bi-annual upgrade and SaaS model of Windows 10 has disconnected the traditional link between PC hardware and Windows operating system upgrades.  The migration to Windows 10 can also not only free up resources once needed just to ensure OS upgrades, but can also improve security, competitiveness and operational effectiveness.

Windows 10’s successes and the weaknesses and threats of holding out until 2020 before upgrading are presenting strong arguments for businesses to take the plunge sooner and move to Windows 10.

School Enlists Chinese Help To Upgrade To Enhanced Wi-Fi

Posted on by Andy Miller

The Lytchett Minster School in Dorset recently made the news among IT commentators after demonstrating how it could overcome the connectivity challenges of its rural location, cut costs and increase efficiency by upgrading its on-site network with Chinese company TP-Link’s enhanced Wi-Fi.

Challenges

As recently featured by Computer Weekly, the school had to contend with a rural campus location and the resulting poor connectivity, next to a grade II listed 18th century manor house, and a rudimentary system of ageing individual home-user access points (APs) mounted in school corridors which required users to disconnect and reconnect when roaming around.   Also, the old wireless network was not voucher-based and was insecure (the pre-shared key could be compromised), which meant that staff had to reset each AP’s password individually (with remote authentication dial-in user service help) and users had to keep reconnecting each of their devices to the network.

As is the case with so many schools, Lytchett Minster School had to make its limited budget go as far as possible in the upgrade.  This meant the need to minimise price per AP and annual licensing fees while getting the best value, efficient and effective wireless infrastructure solution.

Requirements

It was decided that the most important requirements on the school’s list were power over Ethernet (PoE), Radius authentication, centralised management, provision of multiple service set identifiers (SSIDs) and voucher authentication.

TP-Link Chosen

The school chose Chinese company TP-Link to upgrade their on-site network based on features offered, value for money, and the fact that TP-Link builds its hardware itself instead of outsourcing and, therefore, doesn’t charge licensing fees.

Founded in 1996 by two brothers and based in Shenzhen, China, TP-Link is a manufacturer of computer networking products and is now the world’s number 1 provider of consumer Wi-Fi networking devices, shipping products to over 170 countries.

Change

Changing to the upgraded, enhanced Wi-Fi meant that the old APs could be moved from corridors into classrooms for optimum performance and coverage. The changes to a better enhanced Wi-Fi network also meant that access control lists could issue users with vouchers that restricted network access at the subnet according to core user group, out of hours separate public access SSID could be offered to users of the school’s sports facilities, larger numbers of staff iPads and phones could be used for teaching, and special provisions could be made for the BYOD policy for  sixth form students.

The new system also enabled easier, centralised management of the network with data from each AP being displayed to the IT department on large screens, with no more need to perform network reboots (as these can happen automatically at 6 am every day to avoid disrupting lessons), and the ability to carry out all key tasks from a central interface.

What Does This Mean For Your Business?

This story is an example of how the potential of an organisation (a school in this case) was limited by poor Wi-Fi provision, partly due to its rural location and old, inadequate hardware. The school showed that today, it is possible for a school based in Dorset to choose a Chinese tech firm as a partner to deliver a business-class wireless network solution that meets all operational requirements within budget, and without the extra cost of ongoing licence fees. An enhanced Wi-Fi system of this kind also offers the convenience, transparency and ease of centralised control.

Is Huawei Really Dragging Its Feet Over Security?

Posted on by Andy Miller

After espionage chiefs from the ‘Five Eyes’ agreed last July that they would try to contain the global growth of Chinese telecom Huawei (over fears that it was spying for China), a new report from the Huawei Cybersecurity Evaluation Centre (HCSEC) says that the company is still not fixing previously identified security problems.

Summary – Bans, Detention, and Trump’s Trade War Efforts

Last summer saw US President Trump put China in his sights for a trade war, and with a climate of fear about possible Russian interference in US political affairs, you could be forgiven for thinking that it would have been relatively easy for Mr Trump to point the finger at China too, while implicating US tech giant Apple’s biggest competitor at the same time.  In fact, after the ‘Five-Eyes’ (Australia, Canada, New Zealand, the U.K. and the U.S.) announced that Huawei could be spying for the Chinese state, the US, Australia and New Zealand banned Huawei Technologies Ltd from being a supplier for fifth-generation networks, and Japan banned Huawei from official contracts from December 2018.

Also, pressure was put on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, and Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities for allegedly violating US sanctions on Iran.  China’s state-run media and some other commentators suggested (perhaps unsurprisingly) that Meng’s detention appeared to be politically or economically motivated.

Huawei Sues

Huawei has been left with no option but to sue the US government in a Texas court, and to claim the ban on the use of Huawei equipment by any US federal violates parts of the US Constitution.

Promised Transformation

Last November, in the face of mounting concerns and criticism, Huawei’s board of directors resolved to carry out a companywide transformation programme to the with a starting investment of US $2Bn, to enhance software engineering capabilities.  The company also said it would work with UK operators and the NCSC to make sure that the implementation met required standards along the way.

New Report Says Old Problems Not Fixed

The new report by HCSEC claims that Huawei isn’t making any real, material progress on the problems identified in the 2018 report.  HCSECs Oversight Board is still concerned about Huawei’s approach to software development, and the risk that it may pose to UK operators.  The Board is also concerned about the security aspects of the Huawei equipment currently deployed in the UK.

Huawei is world’s top producer of telecoms equipment and No.3 maker of smartphones. However, BT for example, has been using Huawei systems as part of its network, but after security concerns were expressed last year, it has been removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.

Loser Attitude?

Huawei has met recent criticism from the US by saying that it is simply the result of the US displaying a “loser attitude” because it can’t compete with Huawei’s success.

Spying Would Be Suicide

The chief legal officer of Huawei, Song Liuping, has pointed out that spying would be commercial “suicide” anyway for Huawei because more than 48% of its business comes from overseas markets.

Popular Products

It would be true to say that Huawei’s consumer products (i.e. phones) have proven to be very popular despite the accusations made against the company.  Huawei has predicted that it could become the world’s biggest-selling smartphone vendor this year and that all three business groups – consumer, carrier and enterprise, are expected to post double-digit growth in 2019.

What Does This Mean For Your Business?

Many commentators acknowledge that there may be political and economic motivations behind some of the measures being taken against Huawei.  The point that the ‘Five-Eyes’ have been trying to highlight is that possibly, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet).  The fear is that those acting for the Chinese state could gain access to the data stored/routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones. No evidence of this has been made public to date.

One thing that is hard to deny, however, is the popularity of Huawei’s consumer products.  The company has now become the world’s biggest producer of telecoms equipment and has overtaken US giant Apple in terms of the number of handsets that it ships worldwide.  UK stores are still stocking and selling its handsets, and the warnings of various governments look unlikely, for the time being, to make any major dent in that side of its business, although more outright bans from more countries (for a company that ships nearly half of its products overseas) could soon begin to hurt.