With the news about the arrest of Huawei’s CFO, we’re once again thrust into the real issue — is Huawei really spying on us through their hardware?
Meng Wenzhou, the chief financial officer and daughter of the founder of Huawei, was arrested in Vancouver, Canada, evidently not related to Huawei’s alleged spying, but because of breaking U.S. sanctions against Iran. While Huawei is the world’s second largest seller of phones after Samsung, their products have not been sold by the U.S. major cellphone carriers for more than a decade.
We’ve been looking at Huawei’s phone hardware in our labs, and have been speaking with other cybersecurity experts whether anything has actually been found in the Huawai phone hardware that could allow unfettered data being sent, and to date we have yet to find anything nefarious. While Huawei’s integration of software, particularly related to the data controllers in Huawei’s apps for its phones, such as in HiCare, are intrusive and can access many of the resources in your phone (default settings allow this access), such software and intrusion isn’t much different from other phone manufacturers.
Not finding obvious security concerns in the Huawei phone hardware doesn’t necessarily translate that other Huawei products, such as networking devices, aren’t doing nefarious things and there’s always a possibility that some of the chips within their phones may only “phone home” after some specific actions have been taken to activate them. Of course “out-of-band” exploits in the actual chips within the phone or the firmware could be discovered in the future. To date there have been no “intentional” malware or exploits found within any hardware devices from any manufacturers though the Spectre and Meltdown bugs in Intel, ARM, and AMD chips were potentially exploitable.
So, why is all of this happening with Huawei now? There is currently a great deal of political pressure being put on the major cellphone carriers regarding Chinese cellphone products. It hasn’t been any secret that Apple is having problems selling as many iPhones as they were hoping. Since Huawei is currently locked out of the U.S. major cellphone carrier market what’s happening with Huawei may not seem surprising. While you can still purchase a Huawei phone from a non-cell carrier, such as an unlocked version on Amazon, this still represents a small slice of the U.S. telecom market.
Is it possible that this is much ado about nothing and that Huawei isn’t truly spying on the U.S. via their cellphones? This may actually be nothing more than economic strong-arming against the Chinese tech giant. For now, if you have any concerns, we recommend staying away from Huawei phones until there’s conclusive evidence one way or the other.