The founder and CEO of Chinese networking equipment manufacturer Huawei, in his first-ever media interview, Thursday dismissed allegations that backdoors may have been built into the company's products to facilitate Chinese espionage.
"Huawei has no connection to the cybersecurity issues the U.S. has encountered in the past, current and future," Huawei CEO Ren Zhengfei, 68, told local reporters -- through an interpreter -- while on a visit to New Zealand this week, according to news reports.
Since founding the company 26 years ago, Ren had previously refused to conduct media interviews. But during his visit this week to New Zealand, he agreed to meet with reporters from four of the country's news outlets.
In response to reporters' questions, Ren dismissed allegations that his employees might be colluding with state security services, instead likening the relationship between his company and the Chinese government to that between New Zealand companies and their government, reported Fairfax Media in New Zealand. Furthermore, he said he was confident that his employees would be free to refuse any request from a Chinese intelligence service to spy on a foreign entity.
[ U.S. officials are trying to ratchet up pressure on China. See Senate Bill Calls For Cyberespionage 'Watch List'. ]
Ren's comments can be read as a criticism of the U.S. singling out Chinese firms Huawei (the world's second-largest telecommunications manufacturer) and ZTE last year in a Congressional report warning that the two companies "cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems." Accordingly, the U.S. House of Representatives Permanent Select Committee on Intelligence's Oct. 2012 report "strongly encouraged" all U.S. businesses "to seek other vendors for their projects."
American businesses appear to be listening. A recent survey of 454 IT professionals conducted by InformationWeek found that the U.S. government's recommendation to avoid Huawei equipment would influence their buying decision-making. Indeed, 37% of surveyed businesses cited the warning as a major concern, and 34% said it would be a deal-breaker.
But Ren Thursday downplayed his company's presence in the American market. "Huawei equipment is almost non-existent in networks currently running in the U.S. We have never sold any key equipment to major U.S. carriers, nor have we sold any equipment to any U.S. government agency," he said.
His comments echoed those of Huawei executive VP Eric Hu, who last month said, "We are not interested in the U.S. market any more," according to the Financial Times.
Despite that apparent vow to quit the U.S. market, the company subsequently changed its story, saying it would continue to actively sell its products in the United States. "We continue to sell in the U.S. in all three business areas: Device, Carrier Network and Enterprise," Huawei spokesperson Jannie Luong told Network Computing in April.
In the wake of the Oct. 2012 Congressional report, Australia, India and the United Kingdom were already evaluating whether they would continue to work with Huawei and ZTE. Notably, India's Research and Analysis Wing -- the government's main intelligence service -- issued a report warning that "Huawei Technologies is known to have links with the People's Liberation Army (PLA) and the ministry of state security of China."
In response, Huawei proposed that Australia create an information security test center to vet the company's products.
But fears of Chinese espionage were further compounded this week, after an annual report from the Pentagon to Congress directly accused China of running a military cyber-espionage operation that directly accessed U.S. government systems. "China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic and defense industrial base sectors that support U.S. national defense programs," according to the report.
In the wake of that warning, Huawei and ZTE appear to be facing fresh scrutiny by Indian government officials, who said this week that they're creating a testing lab to assess all foreign-built telecommunications and networking equipment. "We know about the concerns of intelligence agencies and are expediting developing [a] system for testing the telecom equipments of foreign manufacturers in networks," an India government telecommunications official told India's Hindustan Times.
Information security experts, however, say that backdoors purposefully built into networking hardware can be notoriously difficult to detect, and warned that devices could also be clean when purchased but later updated with firmware that enables spying.
Furthermore, in a 2012 teardown of the Huawei AR8 and ARE 29 series routers, Felix "FX" Lindner, who heads Berlin-based Recurity Labs, found that the firmware contained sufficient numbers of coding errors that anyone studying the code base might find ways of remotely compromising the devices without needing to resort to purpose-made backdoors.
People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)