Vodafone Found 26 Vulnerabilities In Huawei Routers In 2009 Reveals Report
The world's second largest smartphone manufacturer Huawei isn't in the US' governments Christmas list. President Trump and his administration have made their mistrust of the Chinese company publicly known, and the United States government cannot purchase products manufactured by Huawei owing to security concerns. Amidst all this, the company is launching fantastic gadgets that have caused both Apple and Samsung to break a sweat. Now, we've got a report from Europe that claims that backdoors were present in equipment sold by Huawei to carrier Vodafone. Take a look below for more details.
Vodafone Identified Telnet Backdoors In Huawei's Equipment Back In 2011 - Carrier Found No Evidence Of Any Data Being Compromised As A Result
Today's report is from Bloomberg, and it covers the time period between 2009 - 2012 during which European carrier Vodafone identified backdoors present in several of Huawei's products. The first product in which Vodafone discovered vulnerabilities and backdoors were routers from Huawei that were intended to be used by Vodafone's customers personally. These routers had what's known as a 'Telnet' backdoor, which allowed Huawei to access sensitive data and control the devices remotely. Telnet allows vendors to perform diagnostic functions on their gadgets, and according to Vodafone, "Bloomberg is incorrect in saying that this 'could have given Huawei unauthorized access to the carrier's fixed-line network in Italy."
Additionally, the Telnet* service was not the only backdoor in Huawei's equipment. In an internal presentation that was given in 2009, Vodafone's managers highlighted as many as 26 vulnerabilities that were present. Of these, nine were termed ''major'' and six were termed "critical". The Telnet backdoor was nevertheless identified as the greatest threat to the integrity of Vodafone's Wireless Area Network by an independent security researcher. After Vodafone notified Huawei of the vulnerabilities, the company promised to patch them.
However, a subsequent investigation revealed that Huawei had failed to follow through on its promise, and when confronted, offered to remove the Telnet service after it had conducted tests. According to Bloomberg's anonymous sources, the vulnerabilities present in the routers and fixed access networks remained beyond 2012 - a fact that's denied by both Huawei and Vodafone.
Vodafone's Chief Information Security Officer Bryan Littlefair was concerned about the backdoors and Huawei's response after the company was notified. In a document dated April 2011, he stated that "What is of most concern here is that actions of Huawei in agreeing to remove the code, then trying to hide it, and now refusing to remove it as they need it to remain for ‘quality’ purposes."
However, despite these concerns being identified nearly ten years back, Vodafone and other European carriers have come to rely heavily on Huawei's equipment. As a result, they're hesitant to have the company's products come under greater regulatory scrutiny. Huawei is simply too well entrenched inside Europe's telecommunications networks for carriers to part ways with the company easily.
Huawei calls the vulnerabilities an industry-wide challenge, and it claims that as soon as one is identified, the company takes corrective action. For a company that's thought to be the world's largest 5G supplier at the moment, such reports are unsettling. Thoughts? Let us know what you think in the comments section below and stay tuned. We'll keep you updated on the latest.
*Fixed. Thanks for the feedback!