Vodafone claims backdoors found in Huawei gear in 2009-2012: Bloomberg

Huawei MWC19
Huawei issued a statement acknowledging software vulnerabilities as an “industry-wide challenge.” (Monica Alleven/FierceWireless)

Vodafone has revealed to Bloomberg that if found “vulnerabilities” in networking equipment Huawei supplied for Vodafone’s Italy-based business between 2009 and 2012.

 

Vodafone reportedly discovered hidden backdoors in the software used in Huawei’s home routers that could have given Huawei unauthorized access to Vodafone’s fixed wireless network in Italy, according to the Bloomberg report citing internal security documents and unnamed sources. The carrier also found backdoors in the optical service nodes and broadband network gateways, it said.

Sponsored by ZTE

Interview with Chen Zhiwei

Gain insight from Chen Zhiwei, the Deputy General Manager of ZTE Transport Network Product Line, on 5G telecom cloud networks and the ZTE NFVI solution.

 

RELATED: AT&T may phase out Huawei equipment in network upgrades in Mexico

 

Vodafone’s issues were isolated to Italy. The carrier said the router issues were fixed in 2011 and the gateway issues were fixed in 2012. The optical node vulnerabilities were also resolved, but Vodafone did not provide a specific date. Vodafone, which has continued to use Huawei products in its networks across Europe, said there was no evidence of any data being compromised.

 

But, Bloomberg said its unnamed sources disagreed with Vodafone’s account. “Vulnerabilities in both the routers and the fixed access network remained beyond 2012, and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal,” Bloomberg reported.

 

Huawei issued a statement acknowledging software vulnerabilities as an “industry-wide challenge.”

 

“Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action,” Huawei said, according to Bloomberg.

 

In a subsequent statement, Vodafone criticized the Bloomberg story. It argued that the backdoor vulnerabilities were related to Telnet, a commonly-used protocol for performing diagnostic functions. “It would not have been accessible from the Internet,” Vodafone said, according to BBC. “Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy’.”

 

“We have no evidence of any unauthorized access,” Vodafone continued. This was nothing more than a failure to remove a diagnostic function after development.”

 

The news comes as Huawei is battling a U.S.-led charge against the company. The U.S. government has been lobbying its allies to ban the equipment maker in light of concerns that Huawei could possibly allow the Chinese government backdoor access to critical infrastructure.

 

The U.S.’s concerns stem from a 2012 Congressional report that raised security concerns about the company’s networking equipment. The report details that Huawei and ZTE both failed to cooperate with investigators compiling the report, concluding that “Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”

 

U.K. officials have similarly argued that Huawei has not addressed security concerns in its products and has failed to implement a company-wide cybersecurity overhaul it promised in 2012.

 

RELATED: U.K. says Huawei equipment has major security flaws

 

The U.S. has asked its allies across the globe to ban Huawei gear from 5G network rollouts, but a number of European countries have opted to tighten their security requirements for telecommunications equipment suppliers rather than ban Huawei outright.

 

Suggested Articles

As Crown Castle reported third-quarter earnings, the tower company also disclosed a probe by the SEC related to its services business.

The company said its IoT business is growing almost twice as fast as the estimated market growth of 20-25% per year.

Wyebot has raised $2.5 million through Series-Seed funding, and announced general availability of its sensor-based Wi-Fi assurance platform.