Huawei Supply Chain Assessment

5G promises to be the next generation of networking technology, enabling everything from autonomous vehicles and smart cities to medical devices and building systems.

A single Chinese company, Huawei, has emerged as the first and most dominant provider of 5G networking devices. There is an ongoing global political debate over the implementation of 5G, partially because the equipment that makes 5G possible comes from a complex supply chain involving hundreds of vendors globally.

Many of these policy conversations have been missing a key set of ground-truth facts. Finite State conducted a large-scale study of the cybersecurity-related risks embedded within Huawei network devices by analyzing their firmware at an unprecedented scale.

In total, we analyzed more than 9,000 firmware images, and this report details what we’ve found.

  • Finite State’s automated system analyzed more than 1.5 million files embedded within nearly 10,000 firmware images.
  • Out of all the firmware images analyzed, 55% had at least one potential backdoor.
  • 102 known vulnerabilities on average associated with each firmware, a significant percentage of which were rated as high or critical in their severity.

At Finite State, we believe that cybersecurity should ultimately be viewed through the lens of risk management, and that increased transparency into these devices is critical to achieving better security for everyone.

Download the Report