3rd Party Risk Management , Cyberwarfare / Nation-State Attacks , Endpoint Security
Google Restricts Huawei's Access to AndroidAs US/China Trade Tensions Escalate, Experts Warn of 'Unintended Consequences'
After the Trump administration last week blacklisted Huawei amid rising trade tensions, technology firms have begun pausing their work with the Chinese manufacturing giant.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Organizations say the move comes as they review how to comply with the U.S. Commerce Department last week saying that with immediate effect, American firms need an export license if they wish to do business with Huawei.
On Sunday, Google's parent company Alphabet stopped sharing hardware, software and technical services with Beijing-based Huawei, except for what is available via open source licenses, Reuters reported.
"We are complying with the order and reviewing the implications," a Google spokesman tells Information Security Media Group. "For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices."
For Huawei users' questions regarding our steps to comply w/ the recent US government actions: We assure you while we are complying with all US gov't requirements, services like Google Play & security from Google Play Protect will keep functioning on your existing Huawei device.— Android (@Android) May 20, 2019
Some Chipmakers Follow Suit
On Monday, Nikkei Asian Review reported that German chipmaker Infineon has suspended all shipments to Huawei.
But a spokesman for Infineon says the company could not confirm that report. "In any market where Infineon operates, we fully comply with all applicable legal requirements, laws and regulations," he tells ISMG. "At the same time, Infineon undertakes every measure that is required to ensure reliability in meeting our customers' demands. As of today, the great majority of products Infineon delivers to Huawei is not subject to U.S. export control law restrictions, therefore those shipments will continue."
Infineon says it regularly reviews applicable export and import laws to try and avoid any disruption to its supply chain. "We have a set of measures in place to thoroughly monitor any possible changes in the legal frameworks of our respective markets, enabling us to make adaptions in our international supply chain," the spokesman says. "This enables us to make efficient and proactive adjustments supporting our ability to deliver wherever possible."
Nikkei reports that U.S. chipmakers Micron Technology and Western Digital have ceased shipments to Huawei as well. Other chipmakers, including Broadcom Qualcomm, STMicroelectronics and Xilinx, have also said they will either stop shipments or that they're in the process of reviewing their next steps. That news made the value of chipmakers' stocks drop in Monday trading.
The moves follow the U.S. Commerce Department on Wednesday adding Huawei Technologies and 68 non-U.S. affiliates to its so-called "entity list," which prohibits them from procuring U.S. goods or services without an export license. While the U.S. government can approve such export licenses, the Commerce Department says its default is "a policy of denial" for anyone on the entity list, meaning it may function as a blacklist.
Separately on Wednesday, President Donald Trump signed an executive order "on securing the information and communications technology and services supply chain." It gives the U.S. government the power to ban any equipment that "poses an undue risk of sabotage to or subversion of the design" (see: Trump Signs Executive Order That Could Ban Huawei).
The U.S. has been warning allies to not use Huawei for any sensitive applications, including as part of their 5G rollouts, over general fears that the manufacturer's products could be backdoored or otherwise subverted by Chinese intelligence agencies. Huawei executives have said they would shutter their company rather than let it be used for such purposes (see Huawei's Role in 5G Networks: A Matter of Trust).
The U.S. restrictions could make it more difficult for U.S. firms to procure Chinese-built hardware made by Huawei and ZTE, as well as for American manufacturers to supply components to the Chinese technology giants.
Huawei is the world's largest manufacturer of telecommunications equipment and second largest smartphone manufacturer.
"Where this will go, no one knows," Alan Woodward, a professor of computer science at England's University of Surrey, tells ISMG. " I suspect it will have many unintended consequences."
I've got a very bad feeling about all of this. https://t.co/JV1Kb5BcZ9— Alan Woodward (@ProfWoodward) May 20, 2019
Woodward says that cutting out suppliers is dangerous territory, not least for end users. "Hardware and software have a symbiotic relationship - one needs the other."
Huawei Has Prepared
Huawei's founder and CEO, Ren Zhengfei, told Nikkei that his company has a six to 12-month stockpile of key components that it needs and that the company would be "fine" even if U.S. suppliers stop their shipments. "We have already been preparing for this," Ren said.
It's unclear whether the Trump administration's moves are meant to function as a blacklist, or if they might instead serve as a short-lived bargaining chip in ongoing trade negotiations.
Huawei, which buys $67 billion worth of components every year, might need to shift to non-U.S. suppliers or do more production in-house, thus taking a bite out of the American processor manufacturing sector.
U.S. Treasury Secretary Steven Mnuchin says he plans to visit Beijing soon for more trade talks.
Supply Chain Surprise
Google's announcement that it would cease sharing of hardware, software and services with the world's second largest smartphone manufacturer, which relies on Android, has sent ripples through the technology and security communities.
For starters, Google canceling Huawei's Android license means that while existing users will still continue to get updates, no new devices will qualify.
Security experts say that removing Huawei from the full Google Android ecosystem would also lead to users not seeing security updates, as well as many third-party integrations breaking for users of Huawei devices.
From someone who does it for a living https://t.co/nzjPW5Lg9O— Alan Woodward (@ProfWoodward) May 20, 2019
Chinese-Built Android Looms
Two things are clear: Lawsuits will likely result from the White House moves, and Huawei will likely build its own version of Android, says Bill Buchanan, a computer science professor at the University of Napier in Edinburgh, Scotland.
Huawei's Android license "will basically revert to an open source one, and with no additional support for many important features and applications, including YouTube, Google Play and Google Maps," he says in a blog post.
"The focus for Huawei might thus be to develop its own Android operation system, and which mimicked Google Android," he says.
Richard Yu, head of its consumer products division, told German newspaper Die Welt in March that Huawei has just such a plan in place in case it no longer had access to Google Android or Windows Mobile.
"We have prepared our own operating system," he said. "Should it ever happen that we can no longer use these systems, we would be prepared. That's our plan B. But of course we prefer to work with the ecosystems of Google and Microsoft."