Huawei has denied that security vulnerabilities discovered by Vodafone in its telecoms equipment in 2011 and 2012 amounted to hidden backdoors.
In a report published on Tuesday, Bloomberg claimed the flaws could have provided Huawei with unauthorised access to a system supplying internet to millions of Italians.
But Vodafone denies these claims and says the reported “backdoor” was simply diagnostic software which Huawei had failed to remove. The firm fixed the issue quickly and it did not lead to a data breach, said Vodafone.
Nevertheless, American officials who want to see Huawei banned from the roll out of 5G networks are likely to seize on Bloomberg’s report. Washington has accused Huawei of violating sanctions, stealing intellectual property and being at the beck and call of the Chinese government, allegations the telecoms equipment provider firmly denies.
The United States is particularly concerned about Chinese cyber security legislation which compels companies to assist with intelligence investigations even if that means spying on their own customers.
Huawei’s founder Ren Zhengfei has claimed he would defy requests to force him to violate customer privacy, but it is not clear if there is a legal mechanism in place for him to do so.
A spokesperson for the company denied that the security vulnerabilities Vodafone identified could be classified as backdoors. “We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time,” the spokesperson added.
“Software vulnerabilities are an industry-wide challenge. Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”
A spokesperson for Vodafone told NS Tech: “The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet. Bloomberg is incorrect in saying that this “could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy”.
“In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development. The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.”
Sign up to Emerging Threats, our weekly cyber security newsletter
On Monday, a senior US official threatened to withhold intelligence from the UK following reports last week that Theresa May had decided to allow Huawei to supply equipment in non-core parts of the UK’s 5G network. However, some observers have questioned whether such a position would be tenable given the extent to which the US depends on GCHQ for intelligence gathering.