Senior Huawei Official Acknowledges Ability to Clandestinely Access Mobile Networks

Herb Lin
Thursday, February 13, 2020, 10:54 AM

In a Wall Street Journal article, a senior Huawei official acknowledged the company has a significant capability.

Huawei at the Mobile World Congress in Barcelona, 2015 (Kārlis Dambrāns/ BY 2.0/

Published by The Lawfare Institute
in Cooperation With

While everyone was distracted with Justice Department controversies and the New Hampshire primary, a senior Huawei official has conceded that the company can clandestinely access users’ mobile networks.

On Feb. 11, the Wall Street Journal ran a story citing U.S. officials who claimed that Huawei can “covertly access mobile-phone networks around the world through ‘back doors’ designed for use by law enforcement.” In other words, these officials claimed that Huawei can exploit backdoors intended for law enforcement in order to access user data without the permission of either users or the network operator. The Journal also quoted National Security Adviser Robert O’Brien as saying, “We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world.”

As always, Huawei denied these allegations. Huawei asserts that it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” The company adds, “We emphatically reject these latest allegations. Again, groundless accusations are being repeated without providing any kind of concrete evidence.”

But in the Journal story, Huawei itself has provided evidence that it builds backdoors into its products. In particular, the Journal quoted a senior Huawei official as saying that network access without operator permission “is extremely implausible and would be discovered immediately.” This statement is extremely significant in understanding what Huawei equipment can and cannot do.

Assuming that these words accurately represent the Huawei position, Huawei has not said that network access without operator permission is technically impossible—only that it is implausible and would be discovered immediately. These are very different claims. The first claim is that network access without operator permission categorically cannot happen. The second claim is that network access without operator permission can happen (though it is implausible) but that any such access would be discovered. Indeed, if an event does not and cannot happen, what would be there to discover?

Perhaps it would be discovered. But only with constant vigilance by the network operator could discovery of such network access occur. Anyone with security experience can tell you that requiring constant vigilance is a guaranteed path to eventual security failure.

So there you have it. A senior Huawei official has acknowledged that network access without operator permission is technically possible, as Huawei has gone from saying “it cannot happen” to “it can happen but someone would notice it.” For me, the comments from the unfortunately unnamed Huawei official are far more damaging to Huawei’s claims of “no backdoors” than the assertions from U.S. officials, who have not yet made public any of the evidence they say they possess regarding Huawei’s capabilities.

Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

Subscribe to Lawfare