{"id":234121,"date":"2025-06-12T14:59:09","date_gmt":"2025-06-12T04:59:09","guid":{"rendered":"https:\/\/www.vibewire.com.au\/?p=234121"},"modified":"2025-06-12T14:59:10","modified_gmt":"2025-06-12T04:59:10","slug":"vodafone-found-hidden-backdoors-in-huawei-equipment","status":"publish","type":"post","link":"https:\/\/www.vibewire.com.au\/?p=234121","title":{"rendered":"Vodafone Found\u00a0Hidden Backdoors in Huawei Equipment"},"content":{"rendered":"\n

While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse.<\/p>\n\n\n\n

For months, Huawei Technologies Co.<\/a> has faced U.S. allegations that it flouted sanctions on Iran, attempted to steal trade secrets from a business partner and has threatened to enable Chinese spying through the telecom networks it\u2019s built across the West.<\/p>\n\n\n\n

Now Vodafone Group Plc<\/a> has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier\u2019s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China\u2019s global technology prowess.<\/p>\n\n\n\n

Europe\u2019s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier\u2019s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone\u2019s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.<\/p>\n\n\n\n

\"\"
Huawei\u2019s cyber security lab in Dongguan, China.Photographer: Qilai Shen\/Bloomberg<\/em><\/figcaption><\/figure>\n\n\n\n

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.<\/p>\n\n\n\n

A backdoor, in cybersecurity terms, is a method of bypassing security controls to access a computer system or encrypted data. While backdoors can be common in some network equipment and software because developers create them to manage the gear, they can be exploited by attackers. In Vodafone\u2019s case, the risks included possible third-party access to a customer’s personal computer and home network, according to the internal documents.<\/p>\n\n\n\n

The Trump administration, arguing such end-runs around security in Huawei\u2019s equipment could invite espionage by the Chinese state, is trying to persuade Western allies to block the company<\/a> from the next generation of mobile networks. Huawei has repeatedly denied that it creates backdoors and says it\u2019s not beholden to Beijing. <\/p>\n\n\n\n

Read more: The U.S. Is Losing a Major Front to China in the New Cold War<\/em><\/a><\/p>\n\n\n\n

Huawei\u2019s ability to continue winning contracts from London-based Vodafone, despite the carrier\u2019s security concerns, underscores the challenge facing the U.S. as it tries to hinder the world\u2019s top telecom equipment vendor and No. 2 supplier of smartphones. Huawei is vying against a stable of Western companies including Nokia Oyj<\/a> and Ericsson AB<\/a> to roll out fifth-generation, or 5G, wireless networks.<\/p>\n\n\n\n

Vodafone has defended Huawei against the U.S. onslaught, which has placed Europe\u2014Huawei\u2019s largest market outside China\u2014in the middle of a trade battle between two superpowers. At stake is leadership in key areas, principally 5G technology that\u2019s designed to support the internet of things and new applications in industries spanning automotive, energy to healthcare. Vodafone Chief Executive Officer Nick Read has joined peers in publicly opposing any bans on Huawei from 5G rollouts, warning of higher costs and delays. The defiance shows that countries across Europe are willing to risk rankling the U.S. in the name of 5G preparedness.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

In a statement to Bloomberg, Vodafone said it found vulnerabilities with the routers in Italy in 2011 and worked with Huawei to resolve the issues that year. There was no evidence of any data being compromised, it said. The carrier also identified vulnerabilities with the Huawei-supplied broadband network gateways in Italy in 2012 and said those were resolved the same year.<\/em> Vodafone also said it found records that showed vulnerabilities in several Huawei products related to optical service nodes. It didn\u2019t provide specific dates and said the issues were resolved. It said it couldn’t find evidence of historical vulnerabilities in routers or broadband network gateways beyond Italy.<\/p>\n\n\n\n

\u201cIn the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties,\u201d the company said. \u201cVodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly.\u201d<\/p>\n\n\n\n

In a statement, Huawei said it was made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time. A company spokesman said the flaws in the equipment related to maintenance and diagnostic functions common across the industry, as well as vulnerabilities. \u201cThere is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment.\u201d<\/p>\n\n\n\n

However, Vodafone\u2019s account of the issue was contested by people involved in the security discussions between the companies. Vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone\u2019s businesses in the U.K., Germany, Spain and Portugal, said the people. Vodafone stuck with Huawei because the services were competitively priced, they said.<\/p>\n\n\n\n

\"\"
An engineer from British wireless network provider EE checks 5G masts and Huawei 5G equipment during trials in London on March 15, 2019.Photographer: Simon Dawson\/Bloomberg<\/em><\/figcaption><\/figure>\n\n\n\n

While backdoors are common in home routers, they are usually fixed by manufacturers once disclosed, said Eric Evenchick, Principal Research Consultant at Atredis Partners, a U.S. based cybersecurity firm. Evenchick called the situation with Huawei\u2019s equipment \u201cvery concerning.\u201d<\/p>\n\n\n\n

Founded in 1987, Huawei entered the European market in 2000. Landmark contracts with Britain\u2019s BT Group Plc <\/a>and Norway\u2019s TeliaSonera helped Huawei win market share from\u2014and eventually surpass\u2014Nokia and Ericsson. <\/p>\n\n\n\n

Vodafone started buying wifi routers from Huawei in 2008 for its Italian business and, later, for the U.K., Germany, Spain and Portugal. Routers are specialized machines that assist in directing voice and other kinds of data coursing over the internet.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Vodafone managers had concerns with the security of the routers almost right away. They were the topic of an internal presentation from October 2009 that pointed to 26 open bugs in the routers, six identified as \u201ccritical\u201d and nine as \u201cmajor.\u201d Vodafone said in the report that Huawei would need to remove or inhibit a so-called telnet service\u2014a protocol used to control devices remotely\u2014that the carrier said was a backdoor giving Huawei access to sensitive data.<\/p>\n\n\n\n

In January 2011, Vodafone Italy started a deeper probe of the routers, according to two reports from April of that year. Security testing by an independent contractor identified the telnet backdoor as the greatest concern, posing risks including giving unauthorized access to Vodafone\u2019s broader Wide Area Network (WAN is a network that spans a large footprint). The telnet had \u201cundocumented functionality inserted by Huawei without notifying Vodafone,\u201d including a \u201chidden Telnet daemon\u201d program giving anyone aware of the backdoor’s existence the ability to take administrative control of a router. Vodafone noted that it\u2019s an industry practice by some router manufacturers to use a telnet service to manage their equipment, but the company said it didn\u2019t allow this.<\/p>\n\n\n\n

The documents chronicle a two-month period during which Vodafone\u2019s Italian unit discovered the telnet service, demanded its removal by Huawei and received assurances from the supplier that the problem was fixed. After further testing, Vodafone found that the telnet service could still be launched.<\/p>\n\n\n\n

Vodafone said Huawei then refused to fully remove the backdoor, citing a manufacturing requirement. Huawei said it needed the telnet service to configure device information and conduct tests including on wifi, and offered to disable the service after taking those steps, according to the document.<\/p>\n\n\n\n

\u201cUnfortunately for Huawei the political background means that this event will make life even more difficult for them in trying to prove themselves an honest vendor,\u201d Vodafone said in one of the April 2011 documents authored by its chief information security officer at the time, Bryan Littlefair.<\/p>\n\n\n\n

\u201cWhat is of most concern here is that actions of Huawei in agreeing to remove the code, then trying to hide it, and now refusing to remove it as they need it to remain for \u2018quality\u2019 purposes,\u201d Littlefair wrote.<\/p>\n\n\n\n

Huawei declined to comment on the concerns raised by Littlefair. Littlefair didn\u2019t respond to requests for comment.<\/p>\n\n\n\n

Bloomberg<\/p>\n","protected":false},"excerpt":{"rendered":"

Europe\u2019s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier\u2019s fixed-line network in Italy.<\/p>\n","protected":false},"author":22,"featured_media":234125,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[35,9281,5046],"tags":[2809,266,195,959],"class_list":["post-234121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-telecommunications","category-vodafone","tag-australia","tag-china","tag-indonesia","tag-new-zealand"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/234121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=234121"}],"version-history":[{"count":2,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/234121\/revisions"}],"predecessor-version":[{"id":234127,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/234121\/revisions\/234127"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/media\/234125"}],"wp:attachment":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=234121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=234121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=234121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}