Skip links

Huawei stole our tech and created a ‘backdoor’ to spy on Pakistan, claims IT biz

A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities.

The complaint [PDF], filed on Wednesday in the US District Court in Santa Ana, California, describes how Business Efficiency Solutions, LLC, (BES) began working with Huawei Technologies in 2016 to overhaul the IT systems available to the Punjab Police Integrated Command, Control and Communication Center (PPIC3) of Lahore, capital of the Punjab province of Pakistan.

The legal filing claims, among other things, that Huawei has used BES’s Data Exchange System “to create a backdoor and obtain data important to Pakistan’s national security and to spy on Pakistani citizens.”

The PPIC3 project, as described in the legal filing, was part of an initiative formulated by the Punjab Safe Cities Authority (PSCA), a provincial government body. Its goal was to modernize the technology available to local police.

The request for proposal (RFP) called for proposals describing the design of eight software systems:

  • Data Exchange System (DES), for storing data from national identity cards, excise and customs, cellular providers, land and tax records, immigration and passport records, and the like.
  • Building Management System (BMS), for managing building security, environmental systems, and access.
  • Resource Management System (RMS), for managing police resources, like vehicles and equipment.
  • Digital Media Forensics Center (DFC), for managing captured video and still imagery from the police network.
  • Learning Management System (LMS), for workforce training and support.
  • Media Monitoring Center (MMC), for monitoring the internet (social media), print, and broadcast.
  • Field Assets, including Mobile Emergency Command and Control Vehicles (ECV), for keeping track of command vehicles, handheld and laptops for field use, body cameras, and covert miniature cameras.
  • Unmanned Aerial Vehicles (UAV), for managing industrial-level drones for real-time surveillance.

According to the complaint, authorities in Pakistan invited various companies to submit proposals, including Motorola, Nokia, and Huawei.

Huawei, it’s alleged, lacked the technical capability to provide the systems called for by the RFP and so, in March 2016, it partnered with BES to develop the eight software systems. BES’s work on the project is said to have been instrumental in PSCA’s decision to award the project to Huawei for $150m.

Huawei also began to use one of BES’s software systems to establish a ‘backdoor’ from China into Pakistan that allowed Huawei to collect and view data important to Pakistan’s national security and other private, personal data on Pakistani citizens

Huawei is said to have obtained BES’s low-level designs for these systems and then resisted paying BES while seeking similar police modernization contracts – without involving or paying BES – in several other cities in Pakistan, and in Qatar, Dubai, the United Arab Emirates, and Saudi Arabia.

“After Huawei had BES’s valuable trade secrets and other intellectual property in its possession, Huawei used its knowledge of BES’s technology to begin secretly procuring certain portions of BES’s software systems from other sources – including from vendors BES identified to Huawei,” the complaint says.

“Huawei also began to use one of BES’s software systems to establish a ‘backdoor’ from China into Pakistan that allowed Huawei to collect and view data important to Pakistan’s national security and other private, personal data on Pakistani citizens.”

“Backdoor” may not be the right term, though it’s difficult to be certain without knowing the details of the system’s technical architecture. In the complaint, the term is used to describe a duplicate of the PSCA’s DES running on servers based in a Huawei facility in Suzhou, China. Whether that copy arises from a covert remote access capability or an overt replication option under indifferent or permissive security policy isn’t clear.

Pattern of behavior claimed

Among the exhibits entered into evidence with the complaint is a March 28, 2017 email from BES CEO and founder Javed Nawaz asking a contact at Huawei to obtain written approval from the Punjab police (PPIC3) that they’re willing to store their sensitive data in China.

“In regards to setting up the environment in Suzhou in China, we want to insure [sic] that PPIC3 has no objection in transfer of this technology outside of PPIC3 for security reasons,” the message from Nawaz says. “Please get an approval from PPIC3, in writing, prior to us performing this function. Our staff is on way [sic] to PPIC3 and will await instructions before updating DES on to servers in China.”

The reply received the following day said that no approval is necessary. The complaint indicates that Huawei subsequently said it had received approval from the Pakistani government, but provides no documentation to that effect.

“Huawei threatened to terminate the agreements between the parties and withhold all payments owed to BES unless BES installed the duplicate DES system in China,” the complaint says. “In light of Huawei’s affirmative representations that they had the approval of the Pakistani government, the duplicate DES system was installed in China.

“On information and belief, Huawei-China uses the proprietary DES system as a backdoor from China into Lahore to gain access, manipulate, and extract sensitive data important to Pakistan’s national security.”

The Register asked multiple communications personnel from Huawei to comment on these claims, and we received no response.

However, we cannot recall any company ever admitting to operating a deliberately backdoored system – we assume Huawei would describe the alleged DES duplicate, if still operational, as a test environment and would insist it keeps its client’s data safe.

When such allegations have surfaced in the past, Huawei has denied them. Last year, during the Trump administration, US authorities claimed that Huawei can covertly access its telecom equipment. But evidence to that effect, if it exists, has not been made public.

The BES lawsuit cites a past instance, described in an April 8, 2019 BBC report, in which the PSCA told Huawei to remove Wi-Fi cards from a CCTV system in Pakistan because the cards had been set up to provide remote diagnostic information – which a Huawei representative at the time characterized as “a misunderstanding” and the BES complaint describes as a “covert backdoor to monitor Pakistan citizens using Wi-Fi chips.”

The BES legal filing also points to trade secret theft indictments against Huawei in 2019 and in 2020 by the US Justice Department to bolster its claims.

It’s also possible that Huawei did receive approval from Pakistan to maintain a clone of a sensitive police database in China and has chosen not to provide that to BES. In that case, the redundant DES in China might be better described as an unusual display of trust for the storage of sensitive information than as a “backdoor.”

In any event, in 2018, Huawei filed an arbitration petition in Islamabad, Pakistan, and obtained an injunction preventing BES from terminating its contract with the telecom firm. BES last September filed its own arbitration petition to recover damages and is now pursuing its trade secret and unfair competition claim in California. ®