Telecommunications company Vodafone has confirmed to Bloomberg that in 2011 and 2012 the company found several backdoor and many vulnerabilities in the Huawei telecommunications equipment used by Vodafone in Italy. The rear doors may potentially have given Huawei and other unauthorized access.
Both Vodafone and Huawei claim that the vulnerabilities and backdoors were removed after Huawei was notified of them. But according to documents Bloomberg gained access to, this is not the whole truth.
Read too: Vodafone aims to become the largest telecommunications company in the EU
Found a number of vulnerabilities
Vodafone, and in part Huawei confirmed, is that in 2011, vulnerabilities were found in Huawei's broadband routers that Vodafone delivered to broadband customers in the private market in Italy. It is stated that there is no evidence that the data has been compromised by this.
In 2012, the vulnerabilities were identified in network gateways for broadband services. At times unknown, vulnerabilities have also been found in several Huawei products related to optical access codes. Everything should be located in Italy.
Vodafone says it is not uncommon for operators and third parties to discover vulnerabilities in vendor equipment.
– Vodafone takes security extremely seriously, which is why we have independently tested the equipment we use to find out if there is any vulnerability. If there is a vulnerability, Vodafone collaborates with the vendor to resolve it quickly, Vodafone's statement to Bloomberg said.
Huawei said in a statement similar to Bloomberg that the company was aware of the vulnerabilities in 2011 and 2012 and that they were addressed at the time.
In a statement to ZDNet, Huawei denies it is about back doors.
– There were technical errors in our equipment, which were identified and corrected. The accepted definition of backdoors are intentional and exploitable vulnerabilities. These are not so. These are bugs that have been fixed, says Huawei.
Internal documents tell a different story
The information provided by Vodafone is inconsistent with internal reports that Bloomberg should have access to. Among other things, a January 2011 document states that when Vodafone in Italy discovered that telnet services were running on broadband routes, the company demanded that they be removed. Huawei will then have insured Vodafone if services have been removed, but new tests have shown that the telnet service can still be started.
So Huawei should have refused to completely remove that back door, indicating that it was a production requirement and that the company needed the service to set up the device and conduct tests, among other things, on the wifi.
That relationship should also have been addressed in a paper authored by Bryan Littlefair, the company's then Director of Information Security.
"What worries the most here is Huawei's actions, where they first agree to remove the code, then try to hide it and now refuse to remove it because they need it for" quality reasons ", writes Littlefair according to Bloomberg.
In the same document, Vodafone says that it is common for some router manufacturers to use a telnet service to manage their equipment, but Vodafone does not allow this.
According to Bloomberg, Huawei declined to comment on these concerns, and Littlefair did not respond to the news agency's questions.
According to Bloomberg, Vodafone chief Nick Read is among those who have banned the use of Huawei equipment in 5G networks, including notices of delays and increased costs.
In January, however, Read informed us that Vodafone has paused purchases of Huawei equipment for use in the central part of the company's mobile network. The rationale should have been very noisy around the situation.
British intelligence manager: From which country 5G technology comes, it is not the most important