A UK government report into Huawei’s broadband and mobile infrastructure equipment has concluded that it has “only limited assurance” that the kit poses no threat to national security.
The investigation revealed shortcomings in the Chinese firm’s engineering processes, which it said “have exposed new risks in UK telecoms networks”.
It added that “significant work” was required to tackle the issues.
In response, Huawei acknowledged there were “some areas for improvement”.
A spokesman for the firm added: “We are grateful for this feedback and are committed to addressing these issues.
“Cyber-security remains Huawei’s top priority, and we will continue to actively improve our engineering processes and risk management systems.”
Huawei is the world’s biggest producer of telecoms equipment and is a major supplier of broadband and mobile network gear in Britain.
The report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and others’ use of the firm’s equipment could pose a threat.
The body is overseen by UK security officials, including ones from spy agency GCHQ.
It said that it was disappointed that there had been a “lack of progress” in tackling previously identified shortcomings.
Furthermore, it highlighted that a visit to Shenzhen in 2017 had revealed the company was failing to keep proper watch over the use of third-party components.
“[It was] identified that not all components are managed through this process and, in particular, security critical third-party software used in a variety of products was not subject to sufficient control,” it said.
The news comes as the US steps up efforts to ban Huawei’s equipment from its country’s networks.
Australia is also considering banning the firm from being involved in its planned 5G network, over concerns that Beijing could force the firm to hand over sensitive data.
This is the UK’s fourth annual report into Huawei. The previous three concluded that any risks posed by the firm to the UK’s national security “had been mitigated”.
Security expert and former consultant to GCHQ Alan Woodward said: “It’s difficult not to conclude that Huawei appears to be falling short in doing what is required to enable the UK government to confidently give the green light to use its equipment in critical areas.”
He added that an earlier warning given by GCHQ’s National Cyber Security Centre (NCSC) about using equipment from another Chinese firm ZTE had highlighted that Beijing had passed new laws giving it the right to interfere with its products.
“In that context it is doubly important that this unit can be totally confident in any equipment being sourced from Chinese companies,” Mr Woodward said.
“If the UK cannot be totally confident in the assuring the security of any equipment it should not be placed in our critical infrastructure.”
The NCSC has responded saying that the Oversight Board behind the report “provided a valuable role” in evaluating risks related to Huawei.