Vodafone identified Huawei security flaw decade ago

LONDON — British telecoms group Vodafone tackled a security flaw with Huawei technology a decade ago, it was revealed Tuesday amid widespread concerns over the Chinese giant developing 5G networks abroad.

Bloomberg reported that Vodafone, Europe’s biggest mobile phone company, identified hidden so-called backdoors in software that could have handed Huawei unauthorized access to the carrier’s fixed-line network in Italy used to connect to the internet.

The financial news wire cited Vodafone’s security briefing documents from 2009 and 2011.

“Unsafe #IoT applications & devices are not tolerable in the EU environment. GDPR should be a world standard.“@PODcloudEU stressed during the @Vodafonegroup's event 'Internet of things: a new policy approach to the EU' 🇪🇺🌐#IoTEUPolicy | #EUNGIoT pic.twitter.com/g00na4Bij2

— Digital EU 🇪🇺 (@DigitalEU) April 29, 2019

Vodafone confirmed to AFP that the issues were resolved but stressed it was incorrect to suggest that the flaw could have allowed unauthorized access to Italy’s fixed-line network.

“The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet,” Vodafone said in an emailed statement.

“5G will exist for the purposes of myriad of IoT applications and practices”

Pearse O’Donohue, @EU_Commission, DG CONNECT emphasises importance of #5G for #IoT at the @Vodafonegroup’s 'Internet of things: a new policy approach to the EU' 🇪🇺🌐#IoTEUPolicy #EUNGIoT @PODcloudEU pic.twitter.com/ao18hPMQCW

— Net Technologies 🇪🇺 (@NetTechEU) April 29, 2019

“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” it added.

Responding to the Bloomberg report, Huawei said:

“We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time. Software vulnerabilities are an industry-wide challenge.”

Huawei added in its statement that the Chinese group has “a well established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action”.

Joakim Reiter: Europe needs an ambitious “designed for IoT” regulatory framework – IoT special rules, harmonisation and evolution towards 5G. #IoTEUPolicy @joakim_reiter. pic.twitter.com/scx1Z2OF93

— Vodafone Group (@VodafoneGroup) April 29, 2019

Huawei is facing pushback in some Western markets over fears Beijing could spy on communications and gain access to critical infrastructure if allowed to develop foreign 5G networks offering instantaneous mobile data transfer.

The United States is adamantly opposed to Huawei’s involvement because of the firm’s obligation under Chinese law to help its home government gather intelligence or provide other security services when required.

British Foreign Secretary Jeremy Hunt has meanwhile urged caution over the role of Huawei in the UK, saying the government should think carefully before opening its doors to the technology giant to develop next-generation mobile networks.

His comments Monday came after media reports said Prime Minister Theresa May had conditionally allowed Huawei to build the UK 5G network.

Bloomberg added in its report that Vodafone chief executive Nick Read “has joined peers in publicly opposing any bans on Huawei from 5G rollouts, warning of higher costs and delays”.