Vodafone found security flaws in Huawei equipment

Vodafone had found security flaws in equipment supplied by China’s Huawei to its Italian business in 2011 and 2012, Bloomberg reported.
Huawei at Mobile World Congress 2019Vodafone, Europe’s biggest telecoms group, said it had found security vulnerabilities in two products and resolved both incidents quickly. Vodafone said the equipment was supplied by Shenzhen-based Huawei for the carrier’s Italian business.

Vodafone identified backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, according to Vodafone’s security briefing documents from 2009 and 2011.

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show.

Vodafone identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet.

Vodafone said it found vulnerabilities with the routers in Italy in 2011 and worked with Huawei to resolve the issues that year. There was no evidence of any data being compromised. The carrier also identified vulnerabilities with the Huawei-supplied broadband network gateways in Italy in 2012 and said those were resolved the same year.

Vodafone also said it found records that showed vulnerabilities in several Huawei products related to optical service nodes. It said it couldn’t find evidence of historical vulnerabilities in routers or broadband network gateways beyond Italy.

“In the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties,” the company said. “Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist.”

Huawei in a statement said it was made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time.

Vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal, the report said.

Vodafone CEO Read in January said that the company had paused purchases of Huawei equipment for the core of its mobile networks in Europe.

Huawei, the world’s biggest producer of telecoms equipment, is under intense scrutiny after the United States told allies not to use its technology because of fears it could be a vehicle for Chinese spying. Huawei has categorically denied this.

Britain may decide to block Huawei from all core parts of its 5G network and restrict access to non-core parts.