At a cybersecurity conference in India today John Suffolk, Huawei’s global cybersecurity chief, told Reuters that a team of engineers was being sent to Germany to talk to German security researcher Felix Lindner. Mr Lindner is a “hacker” who has exposed vulnerabilities in the company’s telecoms equipment; he says the problem is that Huawei’s software is simply badly written rather than intentionally vulnerable.
John Suffolk worked as the British government’s chief information officer before joining Huawei. He has been changing how the Chinese company reacts to criticism and been trying to embrace such information constructively. Mr Suffolk said “We've very much taken on board Felix's views and you'll see over the coming period we've got a whole host of significant operations to deal with these issues”. Explaining further he added “We like these comments, although sometimes you think to yourself that's a bit of a slap in the face. But sometimes you need a bit of a slap in the face to step back, not be emotive in your response, and say what do I systematically need to change so over time any these issues begin to reduce?”
Indeed Mr Suffolk says to fix the vulnerabilities pointed out by Felix Lindner would be a simple routine matter but in the long term he wishes to make systematic change within Huawei - as prevention is better than cure.
Huawei’s investments in the UK have been welcomed since 2005 but in other countries like the US and Australia the company has been viewed with much more suspicion. Huawei was founded by a former officer from the Chinese army and US lawmakers have asserted the company still has ties to the Chinese government. The US House of Representatives Intelligence Committee recently urged US firms to stop doing business with Huawei and ZTE due to potential deliberate security threats.
Lindner told Reuters that “while he could not be sure there were no deliberate backdoors in the software, there was no evidence in the devices that he tested.” Only the poorly written nature of the software caused hackable vulnerability problems he added.