For the past ten years, connected devices from Chinese manufacturer Huawei have been decried as potentially dangerous for their users due to allegations of espionage. In this article, cybersecurity expert Ben Finn assesses for Reporters Without Borders (RSF) the state of play and gives recommendations for journalists to protect themselves when using this brand’s devices.
In recent years, concerns have been raised about the dangers posed by connected devices from Chinese brand Huawei — the world’s largest smartphone manufacturer — which are said to include backdoors allowing the firm, and potentially the Chinese government, to access users’ information. To this day, there has not been hard evidence proving that it is the case. Nevertheless, strong circumstantial evidence points out that Huawei phones and operating systems do pose a threat to privacy and security.
In 2016, US mobile security firm Kryptowire (now Quokka) revealed that 700 million devices — including Huawei phones — were deliberately infected with a spyware written by Chinese startup Shanghai Adups Technology Company. The software sent copies of messages, contact lists, and location information back to a server based in China every 72 hours.
520 vulnerabilities in 2021 and 2022 alone
In a report released in 2020, the Huawei Cyber Security Evaluation Centre (HCSEC), established by the UK government to assess the security threats of the deployment of Huawei products in the country, identified at least one flaw of “national significance” and raised concerns over Huawei’s adherence to its own ethical standards of coding. The report also noted that Huawei maintains different versions of the same product, making it difficult to accurately assess their security vulnerabilities.
CVE Details, an online repository of security risks, has documented 520 vulnerabilities in Huawei devices in 2021 and 2022 alone. These vulnerabilities can readily be exploited by hackers and Huawei users have indeed already been the victims of large-scale malware attacks.
Huawei products banned by several governments
In 2018, the heads of US national security and intelligence agencies testified before a Senate intelligence committee on the dangers posed by Huawei products, even in the hands of ordinary citizens. In 2019, then-US President Donald Trump put Huawei on the Entity List, which banned the company from doing business within the United States and with any entity registered in the country.
Other countries, such as Australia, New Zealand, Japan, and Taiwan have decided to ban and phase out Huawei’s products within their mobile networks, while some others like Germany are currently considering to follow in their footsteps.
Recommendations for journalists
Consequently, journalists are advised to consider alternatives to Huawei phones and connected devices, especially when working in China where the government applies heavy surveillance on the public with the active assistance from national tech firms. If journalists absolutely have to use a Huawei device, here are a few recommendations to keep in mind:
- Refrain from uploading any sensitive information.
- Always use end-to-end encryption services. Keep sensitive files in an encrypted vault, and always use a VPN (Virtual Private Network) when using the Internet on unsecured networks.
- Carefully vet any app before downloading it. Ensure that the app also exists on the Google Play Store and that it was published by the same publisher on both the Play Store and Huawei AppGallery.
- Beware of certain Chinese apps that may be preloaded on the device, such as government-sponsored “Study the Great Nation” (in Chinese: Xuéxíqiángguó), that have shown evidence of monitoring users.
- Regularly update your phone. Always ensure that your phone is up-to-date with security patches.
Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.