Vodafone Reveals Hidden Backdoors in Huawei Equipment

This week Vodafone, Europe’s largest phone company, “acknowledged that it found vulnerabilities going back years with equipment supplied by Huawei for the carrier’s Italian business.” This will cast even more doubt on the decision taken by the U.K. to include Huawei in the country’s 5G network which, on Monday, prompted the U.S. to warn that this might compromise intelligence-sharing arrangements.

This is the first time a Huawei security issue of this severity has been made public. Vodafone identified “hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses.” As reported in Bloomberg the findings were set out in “briefing documents from 2009 and 2011,” and in response, Huawei said in a statement that “it was made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time.”

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.

A backdoor, in cybersecurity terms, is a method of bypassing security controls to access a computer system or encrypted data. While backdoors can be common in some network equipment and software because developers create them to manage the gear, they can be exploited by attackers. In Vodafone’s case, the risks included possible third-party access to a customer’s personal computer and home network, according to the internal documents.

Vodafone said that no data was compromised and that the vulnerabilities were identified and resolved. “In the telecoms industry,” the company said, “it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties. Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly.

Many have argued Huawei’s inclusion in the U.K.’s 5G networks has there has been alot of shouting in Washington wth Uk’s poiticians following suit. Huawei is vying against a stable of Western companies including Nokia Oyj and Ericsson ABto roll out fifth-generation, or 5G, wireless networks.

What primarily is at  stake here is the leadership of the  5G technology which is designed to support the internet of things and new applications in industries spanning automotive, energy to healthcare. Vodafone Chief Executive Officer Nick Read has joined peers in publicly opposing any bans on Huawei from 5G rollouts, warning of higher costs and delays. The defiance shows that countries across Europe are willing to risk rankling the U.S. in the name of 5G preparedness.