Vodafone Italia discovered "hidden back doors" on Huawei equipment that would have allowed the Chinese company to access users' home networks, as well as Vodafone's Italian fixed line network, reports Bloomberg . The vulnerabilities were discovered between 2009 and 2011 in Huawei's Internet routers, as well as in the equipment used in parts of Vodafone's network infrastructure. There was no evidence that the data was compromised.
Bloomberg reports that the router and network vulnerabilities continued to exist after 2012, and also existed in the company's networks in the United Kingdom, Germany, Spain, and Portugal. Sources say that Vodafone continued to use the equipment because it was cheaper than the competition and the cost of removing it was prohibitive.
In a statement given to Bloomberg Vodafone acknowledged the vulnerabilities but challenged the timeline. saying that they were resolved in 2011 and 2012. Huawei says that she was informed of the vulnerabilities in 2011 and 2012, and that they were resolved at that time.
The revelations occur when Huawei's role in future 5G networks is under intense scrutiny around the world over the fear that his team may be exploited for help in China's intelligence efforts. Several countries are currently examining Huawei's security practices, as governments decide which parts of their 5G networks will be allocated to the Chinese giant. The United States is moving to ban the use of Huawei's equipment and is pressing its allies to do the same. Meanwhile, the United Kingdom has made a preliminary decision to allow the use of Huawei equipment in non-core parts of its networks, but US officials do. UU They are under the pressure to ban it completely.
Along with the problems affecting its network equipment, Vodafone Italia also identified problems with Huawei's Internet routers, which Vodafone believed would give it backdoor access to local machines and wide area networks. It was reported that Huawei was reluctant to disable the Telnet function that was creating the vulnerability, claiming that it relied on it to configure the devices remotely.
Huawei characterized the vulnerabilities as "errors" instead of deliberate inclusions on the computer. "These were technical errors in our equipment, which were identified and corrected," the company told ZDNet "The accepted definition of 'backdoors' is deliberately incorporated vulnerabilities that can be exploited. These were not such, they were mistakes that were corrected. "
A computer security professor quoted in the report, Stefano Zanero, said there is no obvious way to know if a vulnerability is an accidental error or an intentional backdoor However, he added that "the vulnerabilities described in the Vodafone reports for 2009 and 2011 have all the characteristics of back doors: denial, access and a tendency to reposition themselves in later versions of the code."
In January This year, Vodafone halted the use of Huawei's equipment in its central infrastructure in Europe, citing ongoing discussions on the team's security, most recently V Odafone warned that a total ban could affect the deployment of its 5G networks and argued that there was no evidence that the Huawei team represented a security risk. The revelations about these historical vulnerabilities and Huawei's approach to patching them continue to raise questions about how safe it is to use your computer.
Last month, a cybersecurity watchdog in the United Kingdom expressed concern about the "basic engineering competence and cybersecurity hygiene" of the Chinese company. The same day The Register reported lapses on how Huawei had fixed a vulnerability in its routers in 2013, which later allowed them to be used as part of a bot network.