Explosive report claims Europe's biggest phone company found 'backdoors' in Huawei equipment
The Asahi Shimbun/The Asahi Shimbun via Getty Images
- Bloomberg reports that Vodafone found vulnerabilities, or "backdoors," in Huawei equipment, citing anonymous sources familiar with the matter and internal Vodafone documents.
- An academic who reviewed the Vodafone documents told Business Insider that the "vulnerabilities had many characteristics associated with backdoors."
- It's a potentially explosive revelation because US and other intelligence agencies suspect Huawei is a tool for Chinese spying, but there is no public evidence to support this.
- Vodafone and Huawei dispute the Bloomberg report, however, saying the vulnerabilities were resolved.
- Visit Business Insider's homepage for more stories.
Europe's biggest phone company Vodafone found evidence of a number of security vulnerabilities in Huawei equipment which could amount to "backdoors," according to Bloomberg.The report, which has been disputed by Vodafone and Huawei, is potentially explosive. US and other intelligence agencies suspect Huawei is used as a tool for Chinese spying, but there is no public evidence to support this.Advertisement
Vodafone managers reportedly became concerned about security bugs in the routers in 2009. By 2011, Vodafone Italy launched a probe, which Bloomberg claims found a security vulnerability in telnet - the text-based interface that lets users configure their home routers.Bloomberg reports that the documents show Vodafone requested that telnet be removed, which Huawei agreed to do and said the problem was fixed. However, subsequent testing found telnet was still present, at which point Huawei refused to remove it entirely, reportedly citing manufacturing requirements.
Vodafone disputes Bloomberg's findings
Vodafone disputes Bloomberg's characterisation of events. It said that all the vulnerabilities noted in the story were resolved and there was no evidence of unauthorised access. A Vodafone spokesman told Business Insider:
"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorized access to the carrier's fixed-line network in Italy.' In addition, we have no evidence of any unauthorised access."This was nothing more than a failure to remove a diagnostic function after development. The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."Advertisement
Vodafone's spokesman also specifically refuted Bloomberg's characterisation of telnet. "The 'backdoor' that Bloomberg refers to is telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet," he said.
A Huawei spokeswoman told Business Insider that the issues were "addressed at the time." However, sources involved in the companies' discussions told Bloomberg that the vulnerabilities persisted past 2012 and cropped up in other European markets including the UK, Germany, Spain, and Portugal.
"These vulnerabilities had many characteristics associated with backdoors"Stefano Zanero, an associate professor of computer security at Italy's Politecnico di Milano University, reviewed the Vodafone documents handed to Bloomberg.Advertisement
"These vulnerabilities had many characteristics associated with backdoors: They were not a 'mistake' but an intentional feature; they were not configurable or disclosed/documented to users, but had to be discovered through testing; and most importantly, they were removed at request of Vodafone and subsequently readded in a slightly different way," Zanero said.He also said Vodafone's description of telnet was outmoded. "While it is true that telnet was in the '90s used to perform such tasks, it has been abandoned in favor of more secure protocols, and more importantly this 'management interface' [telnet] was unknown to Vodafone, not documented and - once removed on their request - placed again against their will," he added.Advertisement
The question of intent versus incompetence has been an issue for Huawei in the past. A UK government report found "major defects" in the company's security systems, but concluded they were the product of shoddy engineering, rather than state interference.
- Bank mitra robbed of cash worth Rs 3.5 lakh in Mathura
- Doctor tests positive for coronavirus in Odisha's Cuttack
- Bihar COVID toll reaches 15 as 2 migrants die; tally 2,968 with 231 fresh cases
- Fed up with living in containment zones, mob attacks police
- C'garh govt declares 95 areas as containment zones