Vodafone has revealed to Bloomberg that if found “vulnerabilities” in networking equipment Huawei supplied for Vodafone’s Italy-based business between 2009 and 2012.
Vodafone reportedly discovered hidden backdoors in the software used in Huawei’s home routers that could have given Huawei unauthorized access to Vodafone’s fixed wireless network in Italy, according to the Bloomberg report citing internal security documents and unnamed sources. The carrier also found backdoors in the optical service nodes and broadband network gateways, it said.
Vodafone’s issues were isolated to Italy. The carrier said the router issues were fixed in 2011 and the gateway issues were fixed in 2012. The optical node vulnerabilities were also resolved, but Vodafone did not provide a specific date. Vodafone, which has continued to use Huawei products in its networks across Europe, said there was no evidence of any data being compromised.
But, Bloomberg said its unnamed sources disagreed with Vodafone’s account. “Vulnerabilities in both the routers and the fixed access network remained beyond 2012, and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal,” Bloomberg reported.
Huawei issued a statement acknowledging software vulnerabilities as an “industry-wide challenge.”
“Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action,” Huawei said, according to Bloomberg.
In a subsequent statement, Vodafone criticized the Bloomberg story. It argued that the backdoor vulnerabilities were related to Telnet, a commonly-used protocol for performing diagnostic functions. “It would not have been accessible from the Internet,” Vodafone said, according to BBC. “Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy’.”
“We have no evidence of any unauthorized access,” Vodafone continued. “This was nothing more than a failure to remove a diagnostic function after development.”
The news comes as Huawei is battling a U.S.-led charge against the company. The U.S. government has been lobbying its allies to ban the equipment maker in light of concerns that Huawei could possibly allow the Chinese government backdoor access to critical infrastructure.
The U.S.’s concerns stem from a 2012 Congressional report that raised security concerns about the company’s networking equipment. The report details that Huawei and ZTE both failed to cooperate with investigators compiling the report, concluding that “Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”
U.K. officials have similarly argued that Huawei has not addressed security concerns in its products and has failed to implement a company-wide cybersecurity overhaul it promised in 2012.
The U.S. has asked its allies across the globe to ban Huawei gear from 5G network rollouts, but a number of European countries have opted to tighten their security requirements for telecommunications equipment suppliers rather than ban Huawei outright.