Huawei to meet with security researcher who disclosed vulnerabilities in its products

The company plans to engage with security researchers to improve product security

Chinese networking and telecommunications equipment manufacturer Huawei plans to send a team of engineers to Germany in order to meet with Felix Lindner, a security researcher who earlier this year disclosed vulnerabilities in the company's products, he confirmed.

The meeting was first revealed by John Suffolk, Huawei's global head of cybersecurity, during an interview, Reuters reported Thursday.

The company is not just interested in fixing the particular flaws reported by Lindner, but in making systemic changes that would make its products more secure in the long term, Suffolk said in the interview.

Felix "FX" Lindner is the technical and research lead at Recurity Labs, an IT security consultancy company based in Germany. This year, he disclosed critical vulnerabilities in Huawei home and small enterprise routers during the Defcon and Hack in The Box security conferences.

He also criticized the company for the lack of transparency when it comes to security issues and the poor quality of code in its products.

"I was surprised to learn that they told the press about this meeting before it actually took place, but it is correct that such a meeting is planned," Lindner said via email. "What Huawei's goals are for the meeting is not known to me yet."

"Unfortunately we are unable to disclose more information apart from what John Suffolk said in the interview," Yingying Li, marketing and communications manager at Huawei in the UK said Thursday via email. "We have set up a comprehensive security assurance system and have it stress tested on regular basis. The company will keep seeking ways to enhance the product security together with our customers and industry peers."

In the interview, Suffolk noted that Huawei has made changes in its approach to security since he joined the company in 2011, which included making it easier for security researchers to report vulnerabilities.

"It is correct that they appointed a Product Security Incident Response Team (PSIRT) and more prominently published how to reach it," Lindner said. "However, other areas still need some work. Security advisories, for example, are not yet widely circulated."

"Currently, all one can see is the apparent willingness to engage, which is a good first step," the researcher said. "Whether this will lead to a serious product security program or not is something time will tell."

Before joining Huawei as its global head of cybersecurity, Suffolk served as the chief information officer of the British government for six years. Back in September, he published a paper in which he outlined Huawei's commitment to cybersecurity.

"The company remains open for a constructive dialogue with all stakeholders, especially in the field of cyber security which is one of our top priorities," Roland Sladek, Huawei's vice president of international media affairs for the EMEA region, said via email.

For the past few years, the company has strongly disputed accusations of having ties to the Chinese military or the country's intelligence services.

A report released earlier this month by the U.S. House of Representatives' Permanent Select Committee on Intelligence said that using equipment from Huawei and fellow Chinese telecom vendor ZTE for U.S. critical infrastructure would pose a national security threat because of the possible ties between the two companies and the Chinese government. The committee advised the U.S. government, its contractors, as well as private-sector companies to avoid buying networking equipment from the two Chinese vendors.

Huawei dismissed the report as being politically motivated.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags networking hardwareHuaweitelecommunicationonline safetyNetworkingsecurityExploits / vulnerabilitiesRecurity Labs

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?