Huawei denies claims of 'back doors' in Vodafone communications hardware

Huawei responds to report alleging that back doors and other insecurities had been found in hardware supplied to Vodafone

Huawei has hit back at allegations that it supplied communications hardware to Vodafone that contained ‘back doors'. It admits that a number of insecurities were uncovered by the mobile telecoms operator in 2011 and 2012, but claimed that they were nothing out of the ordinary.

In a statement to Computing, the company claimed that they were fixed at the time. It added that the flaws were no different to security flaws regularly found in software and hardware across the technology industry.

"We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time," said Huawei in its statement.

It continued: "Software vulnerabilities are an industry-wide challenge. Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action."

The claims were made this week in a report from the Bloomberg newswire, based on a combination of internal Vodafone security reports and interviews with unnamed insiders.

The flaws could have given Huawei or anyone connected to the company unauthorised access to Vodafone's fixed-line communications network in Italy, Bloomberg claimed.

While Huawei hasn't provided details of the insecurities and, in particular, what Bloomberg had claimed were backdoors, The Register has suggested that a Telnet-based remote debug interface was one of the supposed back doors uncovered by Vodafone engineers.

Bloomberg said its report is based on Vodafone's security briefing documents from 2009 and 2011 combined with discussions with "people familiar with the matter".

According to Bloomberg, Vodafone informed Huawei about the security flaws present in home internet routers in 2011, and asked it to remove those flaws.

The company later reassured Vodafone that the flaws had been fixed. However, additional tests carried out by Vodafone showed that the vulnerabilities were still present in Huawei's equipment.

Later, Vodafone discovered more flaws in optical service nodes on its fixed-access network, as well as in parts of its broadband network gateways.

In a statement to Bloomberg, Vodafone acknowledged that some backdoors were found in 2011 in Huawei-supplied routers in Italy, but claimed that no data had been compromised as a result of the security flaws.

The company also admitted that it had found flaws in network gateways in Italy in 2012, adding that those flaws were fixed the same year.

"Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly," the company told Bloomberg.

However, people familiar with the matter told Bloomberg that security flaws in both routers and fixed access network hardware persisted beyond 2012, and added that those flaws were also identified in hardware embedded in Vodafone's businesses in the UK, Spain, Germany, and Portugal.

Nevertheless, Vodafone decided to stick with the Chinese firm as its products and services were competitively priced.

The latest revelation about vulnerabilities in Huawei's equipment will cast doubt on the wisdom of the decision by Prime Minister Theresa May to allow Huawei to provide non-core elements of infrastructure to the UK's 5G mobile networks.

Many senior ministers in the UK have criticised this decision - with one believed to have leaked the information to the Daily Telegraph.

This week, US officials warned that May's decision could affect US-UK intelligence-sharing arrangements.

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too. The event is FREE for qualifying IT pros, but places will go fast