Vodafone Group Plc has confirmed to Bloomberg that it discovered hidden backdoors in the software of Huawei’s equipment, supplied to their Italian branch, almost years ago. The vulnerabilities in the system allowed unauthorised access to Vodafone’s fixed-line network that provided Italians with the internet, the American outlet reports, citing the London-based company’s security briefing and insiders.
According to Bloomberg, in 2011 and 2012, vulnerabilities were discovered in home internet routers, optical service nodes, transporting traffic over optical fibers, and broadband network gateways, responsible for subscriber authentication and access to the web. Like is often the case with such backdoors, there was reportedly a risk that third-party actors could access Vodafone’s customers’ personal computers.
Vodafone stated to Bloomberg that when these vulnerabilities in routers and broadband network gateways were discovered, they resolved the issue with Huawei. The company also indicated that no evidence of any data breach or historical vulnerabilities in equipment installed beyond Italy had been found.
“In the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties”, the company said.
For its part, Huawei has claimed in a statement that the historical vulnerabilities were addressed after the company was informed about it at the time.
However, the US news agency reported, citing people close to the situation that these backdoors were not eliminated after 2012. According to these insiders, the London-based telecommunication giant stuck with the Chinese firm for its competitive prices. The flawed equipment was allegedly used in the UK, Germany, Spain, and Portugal.
Additionally, the cited documents suggested that even after Vodafone informed Huawei about the discovered failures and received assurances they were removed, further testing showed it had not been fixed. In the end, Huawei refused to fully remove the source of the problem, saying it needed the telnet service for “quality” purposes. It offered to disable the code after configuring device information and conducting tests on Wi-Fi.
After sticking for years with Huawei despite the reported concerns over cybersecurity, the UK telecommunications conglomerate announced in January that it had suspended the use of equipment manufactured by Huawei in its core networks in Europe. The company’s CEO Nick Read cited an "unhealthy level of noise" around Huawei as the reason for the move but added that Vodafone would still continue to purchase Huawei equipment to build its 4G and 5G networks.
Huawei has recently faced allegations that it is linked to the Chinese government and even involved in espionage on its behalf, something that the company has vehemently denied. The US has been pushing for the European Union to ban the Chinese company from its broadband network.
Some US allies have complied, as apart from the US, New Zealand and Australia have already banned Huawei from developing their 5G networks, citing security threats. But some, including the UK, India, and the United Arab Emirates have been reluctant to follow suit, the latest reports suggest. Germany, Italy, France, Austria, Switzerland, and Spain have resisted the pressure so far.
Source: Sputniknews