Employees of Huawei Electronics Co. Ltd. have assisted governments in at least two African countries of spying on political opponents, the Wall Street Journal said today in an exclusive investigation.

The report, which did not find collusion between Huawei and the Chinese government in the alleged spying activity nor found that Huawei itself was aware of the activities, involved employees working with the governments of Uganda and Zambia assisting in hacking and monitoring targets in both countries.

In Uganda, Huawei employees are alleged to have helped the country’s cybersurveillance unit break into a WhatsApp group belonging to Bobi Wine, a political opponent of President Yoweri Museveni using spyware made by an Israeli company. Wine, along with dozens of his supporters, were subsequently arrested based on the data obtained from the WhatsApp group.

In Zambia, Huawei employees are alleged to have helped the government access phones and social media pages belonging to opponents of Zambian President Edgar Lungu. As with the case of Uganda, it’s alleged that the data accessed led to the arrest of those people.

Some questions have already been raised about key facts in the Journal report, notably when the report originally claimed that they involved the use of “Pegasus” software from Israel’s NSO Group Technologies. NSO strongly denied the claim, saying that it has never worked with Huawei, forcing the Journal to amend the report to state that the software used in the hacking was “Pegasus-like spyware” created by unknown parties.

Huawei also denied any involvement, telling CNBC that the company has “never been engaged in ‘hacking’ activities.”

John Aisien, chief executive officer and co-founder of mobile app integration platform Blue Cedar Networks Inc., told SiliconANGLE that mobile devices have been largely overlooked as a potential source of corporate espionage and weaponization.

“News like today’s raises profound concern about the security of the devices we carry around on an everyday basis, and which we increasingly use to access and process corporate data,” Aisien said. “By hacking into popular mobile apps like WhatsApp and Skype, cybercriminals and state actors can gain access to sensitive information such as high-security locations, industrial plans, sovereign policies, personal health information, etc, even if the information is encrypted.”

That raises state and corporate security concerns, including in the military and defense sectors, he noted. “Ineffective mobile device and data security is something that will continue to generate concerns in the coming years, especially as use of these devices to store & process sensitive data increases,” he said. “Companies should be responsible for immunizing their applications to prevent potential devastation.”

Photo: Duncan Riley