Vodafone Italy discovered "hidden backdoors" in Huawei devices that would allow the Chinese company access to Vodafone's home network and Italian landline, Bloomberg . The vulnerabilities were discovered between 2009 and 2011 in Huawei's home Internet routers and Vodafone network infrastructure devices. There was no evidence that data was compromised.
Bloomberg reports that both the router and network vulnerabilities existed beyond 2012 and were also present in the company's networks in the UK, Germany, Spain, and Portugal. Sources say that Vodafone continued to use the device because it was cheaper than the competition and the cost of removing it was prohibitive.
In a statement given to Bloomberg Vodafone recognized the flaws, but denied the timetable. They said they were fixed in 201
The revelations come as Huawei's role in future 5G networks worldwide fears that his Equipment could be exploited, intensively investigating aid in China's educational efforts. Several countries are currently investigating Huawei's security practices as governments decide which parts of their 5G networks will be allocated to the Chinese giant. The US is calling for a ban on the use of Huawei equipment and urges its allies to do likewise. Meanwhile, the UK has made a preliminary decision to allow the use of Huawei devices in non-core parts of its networks, but is being pressured by US authorities to ban them altogether.
Along with issues affecting its network equipment, Vodafone Italy also found problems with Huawei's Internet routers, which Vodafone believed would enable Huawei's backdoor access to local and wide area networks. Huawei was reportedly reluctant to disable the Telnet feature that caused the vulnerability, claiming that the device was remotely configured.
Huawei described the vulnerabilities as a "mistake" rather than a deliberate inclusion in the equipment. "These were technical defects in our equipment that were identified and corrected," the company said ZDNet . "The accepted definition of 'backdoors' is deliberately built-in vulnerabilities that can be exploited – but they were not – errors that have been corrected."
A computer security professor quoted in the report, Stefano Zanero, said it There is no obvious way to tell whether a vulnerability is an accidental error or a deliberate backdoor, but he added that "the vulnerabilities described in the 2009 and 2011 Vodafone reports have all the features of backdoors: reliability, accessibility and the tendency to be rearranged in subsequent versions of the code. "
In January of this year, Vodafone paused the use of Huawei devices in its core infrastructure across Europe and referred to ongoing device security debates Recently, Vodafone warned that a complete ban will impact to the introduction of its 5G networks, arguing that there is no evidence that Huawei's equipment poses a security risk. The revelations about these historical vulnerabilities and Huawei's approach to patching them raise questions about how secure the devices are.
Last month, a British cybersecurity watchdog voiced concerns about the Chinese company's "fundamental engineering competence and cyber security hygiene". The same day . The registry reported that Huawei had fixed a vulnerability in its routers. In 2013, they could later be used as part of a botnet.