U.K. Still Wary of China Hacking Threat After Limiting Huawei Access

(Bloomberg) -- The U.K.’s cyber security watchdog has made clear the threat of being hacked by China remains, but probably not via Huawei Technologies Co.

The Chinese telecom company is set to play a limited role in building the U.K.’s next-generation wireless broadband networks, in part due to a lack of alternative suppliers, but also the belief from the National Cyber Security Centre that it could manage any risks posed by Huawei.

The key fear over embedding Huawei into telecom networks has been well flagged by the U.S., which has warned allies that the Chinese government could gain a back door to communications networks. Vodafone Group Plc is said to have found and fixed vulnerabilities in Huawei equipment used in the carrier’s Italian business in 2011 and 2012.

There are several of reasons to hack a telecom network, including disrupting national operations, and obtaining call records, personal information or even physical movement records of individuals.

But while the NCSC believes Huawei remains a high-risk supplier, it made clear there are more likely ways of getting hacked.

“Placing ‘back doors’ in any Huawei equipment supplied into the U.K. is not the lowest risk, easiest to perform or most effective means for the Chinese state to perform a major cyber attack on U.K. telecoms networks today,” the NCSC said in a report published Tuesday.

The agency didn’t spell out exactly what the alternative ways of breaking in might be, but the recent alleged hack of Amazon.com Inc. founder Jeff Bezos highlighted that there my be easier ways to access someone’s phone. Sometimes a casual WhatsApp message works just as well as large-scale state-sponsored hacking.

Read more: U.S. Disappointed as Boris Johnson Gives Huawei Partial 5G Role

The U.S. has repeatedly argued that the Chinese government could use Huawei to spy on the West. U.S. Secretary of State Michael Pompeo, who had warned U.K. Prime Minister Boris Johnson’s predecessor not to “wobble” on the issue, is due to visit on Wednesday.

The concern is not entirely unfounded. In late 2018, the U.K. attributed a massive cyber attack on managed service providers, which look after information technology for businesses including telecom companies, to the China-linked group APT10, which had been siphoning off data undetected since 2016.

But while it’s helped craft a role for Huawei in the U.K, the NCSC has not wobbled on whether China remains a threat to national security.

“We assess that the Chinese State (and associated actors) have carried out and will continue to carry out cyber attacks against the U.K. and our interests,” it said in its report.

To contact the reporter on this story: Giles Turner in London at gturner35@bloomberg.net

To contact the editors responsible for this story: Tom Giles at tgiles5@bloomberg.net, Nate Lanxon, Rebecca Penty

For more articles like this, please visit us at bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2020 Bloomberg L.P.