Vodafone Finds Hidden Security Flaws in Huawei Tech
Security flaws identified in the Chinese-made software could have enabled Huawei to gain unauthorised access to Vodafone’s fixed-line network.
Vodafone has revealed that it found a number of hidden security vulnerabilities in Huawei equipment dating back nearly 10 years.
The telecommunications company acknowledged that the vulnerabilities found in Huawei-supplied technology were supplied to its Italian business, Bloomberg reports.
Security flaws identified in the Chinese-made software could have enabled Huawei to gain unauthorised access to Vodafone’s fixed-line network, which provides internet services to millions of users across Italy.
The issues are reported to date back to 2009, but they were resolved in 2011 and 2012, Vodafone said, insisting that no user data was compromised. Vodafone requested that Huawei remove backdoors to home internet routers in 2011 and also received assurances from the firm that issues were fixed.
However, documents show that upon further testing, the security vulnerabilities were still present. The telecommunications firm halted the installation of Huawei hardware in its core systems at the beginning of 2019 following repeated concerns over the company’s ties to the Chinese Government.
A spokesperson for Vodafone told Bloomberg: “In the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties.
“Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly.”
This marks the first occasion in which evidence of vulnerabilities in Huawei networks have been revealed to the public, and follows comments from top-ranking US State Department officials on the risks of deploying Huawei tech.
Earlier this week, Robert Strayer, the deputy assistant secretary for cyber at the US State Department, warned that the US could withhold intelligence from the UK over its plans to use Huawei hardware in parts of the 5G network.
Strayer insisted that the US would “consider the risk” of information-sharing arrangements with nations choosing to deploy Huawei tech, adding that the company was an “unsecure and untrusted vendor”.
Speaking to the BBC, Strayer said: “We think the stakes couldn’t be higher with regard to 5G technology because of all of the things we build out over the coming years on top of that tech.
“This is truly a monumental decision being made now. We think there’s unacceptable risk in letting untrusted vendors provide that base infrastructure because they could disrupt any of those critical services.
“In addition, we’re concerned about the ability for a government that has the track record that China has, to potentially have access to that massive increase in data, personal data in many cases, that could be used in nefarious ways.”