2021 Press Releases

October 12, 2021

ZTE Corporation Partners with YesWeHack to Address 5G Security

YesWeHack is partnering with ZTE Corporation to confront new security challenges brought by the 5G network commercialisation. Through its bug bounty platform, YesWeHack will invite over 30,000 global security researchers to secure ZTE’s products further and discover vulnerabilities typically missed in traditional security audits.

Cybersecurity is always a fundamental factor in the telecoms industry. It has become even more critical because the deployment of 5G sees an increase in the potential attack surfaces and threat landscape with the introduction of new technologies, techniques and capabilities. In addition, the ability of 5G to support massive IoT connectivity introduces many times more devices connected to the network, presenting a wide-reaching and increased attack surface.

Shenzhen headquartered ZTE Corporation is a major international telecommunications provider and builds mobile internet technology solutions for enterprises and consumers. The telecommunications giant has expanded its bug bounty program in partnership with YesWeHack, the first European crowdsourced security platform.

ZTE integrates its capabilities and expertise across handsets, mobile broadband, terminal chipset modules, and peripheral products to create a more intelligent 5G ecosystem. YesWeHack’s vast cybersecurity research community will help identify potential vulnerabilities in ZTE Products. This partnership highlights ZTE’s commitment to building a sound cybersecurity governance structure and creating an end-to-end security assurance mechanism for all product life cycle phases.

“Through openness and transparency, we try to give our customers confidence by letting them see what we do and how we provide end-to-end security,” said Zhong Hong, the Chief Security Officer at ZTE. “Our partnership with YesWeHack will help to enhance the security of ZTE’s products and confront new challenges brought by the 5G network commercialisation,” he added.

This bug bounty program for ZTE products rewards up to $2000 for critical bugs in several product categories such as 5G Common Core, 5G NR, Fixed Network, Multimedia, Cloud Video, Cloud Computing, Database management Systems and Terminal products.

“We share ZTE’s commitment to providing their customers with secure and trustworthy products and services. The richness and diversity of the YesWeHack community offer the spectrum of skills required to cover the full range of perimeters, whether hardware or applications. Furthermore, as a significant player in the industry, ZTE is keenly aware of cybersecurity issues from the very beginning and continues to enhance its internal security governance by implementing security by design and security by default,” said Kevin Gallerin, APAC Managing Director, YesWeHack.

Cybersecurity is one of the highest priorities of ZTE’s product development and delivery business units. As a result, ZTE has established a holistic cybersecurity governance structure underpinning the company’s development strategy.

Xu Ziyang, CEO of ZTE Corporation, highlighted the importance of intrinsic security in his keynote speech “Fuel the Digitalisation, Endow with Intelligence”, delivered at Mobile World Congress 2021. “Intrinsic security acts as a self-sensing, self-adaptive, and self-evolving immune system for networks. Built during network construction, it offers multiple security functions and can evolve automatically during network operation, thus constantly guaranteeing the security, services, and data”, he said.