Vodafone reports security flaws in Huawei equipment
Vodafone has confirmed it found vulnerabilities in network equipment supplied by Huawei as the debate continues over the presence of the Chinese firm in communications networks.
First reported by Bloomberg, the UK telecoms firm is said to have discovered the flaws between 2009 and 2012 in internet routers and other equipment used by its Italian business.
The “hidden back doors” could have allowed Huawei to access users’ home internet networks, the report claimed.
Vodafone confirmed the issues but disputed aspects of the report, claiming the flaws were diagnostic tools used to monitor the state of a network that had failed to be removed and could not be used to access a user’s network.
“The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012,” a Vodafone spokesman said.
“The ‘back door’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.
“Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorised access to the carrier’s fixed-line network in Italy’.
“In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development.
“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.”
The Chinese firm is at the centre of a debate about the company’s trustworthiness and whether it should be used at the centre of communications network infrastructure, having reportedly been given the green light by Prime Minister Theresa May to be used in non-essential parts of the UK’s upcoming 5G network.
Huawei has been the subject of concern for some years because of allegations of close ties to the country’s government.
Under Chinese law, firms are compelled to “support, co-operate with and collaborate in national intelligence work”.
Some critics have expressed concerns that Beijing could require the firm to install technological “backdoors” to enable it to spy on or disable Britain’s communications network.
Huawei has always denied having ties to the state and says it abides by the laws of the countries in which it operates.
Founder Ren Zhengfei said earlier this year that Huawei had never been asked to share “improper information” about its partners by the government.
“I personally would never harm the interest of my customers and me and my company would not answer to such requests,” he said.
“No law in China requires any company to install mandatory back doors.”
The US has already banned the use of some Huawei equipment on security grounds and is pressuring its allies – including the UK – to take a similar approach, warning the firm poses an “unacceptable risk”.
In a statement on the Vodafone report, Huawei said: “We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time.
“Software vulnerabilities are an industry-wide challenge. Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”