Huawei reaches out to hackers

 

Gallery

By Reuters

Posted on 31 Oct 2012 at 09:14

Under-fire Chinese telecoms equipment vendor Huawei is reaching out to one of its sternest critics: a hacker who accused it of making shoddy products.

John Suffolk, the company's global cybersecurity chief, told Reuters at a cybersecurity conference in New Delhi that he was sending a team of engineers to talk to German security researcher Felix Lindner, who has exposed vulnerabilities in the company's routers, ranging from cheap home devices to the multi-million dollar equipment run by telecommunications companies.

We like these comments, although sometimes you think to yourself that's a bit of a slap in the face

"We've very much taken on board Felix's views and you'll see over the coming period we've got a whole host of significant operations to deal with these issues," he said.

The move is a departure of sorts for Huawei, which has been battling critics on several fronts. It was last year blocked from bidding for a multi-billion dollar national broadband network contract in Australia over cybersecurity fears.

A U.S. congressional committee recommended Washington to similarly bar Huawei and its Chinese rival ZTE from being allowed to sell equipment to US carriers.

Huawei has denied inserting deliberate backdoors in its products to allow for spying, and has invited governments to inspect its code.

In this country, it set up a centre to test out whether its products can withstand security threats, and has offered to set up something similar in both the US and Australia.

But it has so far been reluctant to engage security researchers and hackers who challenge the company, something that Suffolk said was now changing, in part because of Lindner's allegations.

Suffolk, who was the British government's chief information officer before joining the Chinese company, said the team's trip to Germany had been slowed by visa issues, but would go ahead soon.

No evidence of backdoor

Lindner told Reuters after a presentation at a hacker conference in Kuala Lumpur earlier this month that, while he could not be sure there were no deliberate backdoors in the software, there was no evidence in the devices that he tested.

The problem, he said, was that the software was poorly written and left the equipment vulnerable to hackers.

Lindner's views fitted with a White House investigation that found no clear proof that Huawei was spying for the Chinese government.

Suffolk said that Huawei had not sent anyone to attend an earlier presentation by Lindner in July but had done so for the Kuala Lumpur conference. Their presence, he said, was not to dissuade Lindner from speaking but to see if he was revealing new information. "We like these comments, although sometimes you think to yourself that's a bit of a slap in the face," Suffolk said.

"But sometimes you need a bit of a slap in the face to step back, not be emotive in your response, and say what do I systematically need to change so over time any these issues begin to reduce?"

The move to engage Lindner, Suffolk said, was part of a broader shift in Huawei's approach that he had led since joining the company in 2011.
He numbered among the changes making it easier for other security researchers to contact Huawei with vulnerabilities they have found. But his long-term goal, he said, was to change procedures to make all products more robust.

"I can fix the Felix issue in a few lines of code," he said. "But I'm interested in systemic change within Huawei."

Huawei's efforts to crack the lucrative US market have been hurt by years of suspicion from US lawmakers, who say the Shenzhen-based company, started by CEO Ren Zhengfei, a former Chinese military officer, has links with the Chinese government.

After an 11-month investigation, the US House of Representatives' Intelligence Committee released a 52-page report urging US firm to stop doing business with Huawei and its smaller rival ZTE due to potential influences from the Chinese government, which could pose security threats.