Huawei says vulnerabilities discovered by Vodafone were 'weaknesses,' not 'hidden backdoors'

"Bloomberg is incorrect in saying that this "could have given Huawei unauthorized access to the carrier's fixed-line network in Italy"."We have no evidence of any unauthorized access", Vodafone continued."This was nothing more than a failure to remove a diagnostic function after development".

Prior to removing the LAN-facing Telnet server, Huawei was said to have insisted in 2011 on carrying out various configuration-related tasks remotely via the service. The people asked not to be identified because the matter was confidential.

Huawei routers apparently had some historical vulnerabilities.

Now, it has emerged that Huawei actually shipped flawed products and services to Europe's largest mobile operator, Vodafone Group. It argued that the backdoor vulnerabilities were related to Telnet, a commonly-used protocol for performing diagnostic functions.

The issues, which date back to 2009, were resolved in 2012. "Software vulnerabilities are an industry-wide challenge".

In a statement, Vodafone acknowledged that some backdoors were found in 2011 in Huawei-supplied routers in Italy, but claimed that no data had been compromised as a result of the flaws.

British opposition leader Jeremy Corbyn to boycott Donald Trump dinner
A spokeswoman for the Speaker's office said, "Speaker has been invited to the banquet, but he will not be attending". Vince Cable, leader of the centrist Liberal Democrats, also turned down a seat at the dinner with Trump.

Huawei still has good relationships with the likes of China, South Korea, Italy, and others, but with 32.6% of the world's GDP already banning the company and another 2.3% likely to issue a ban, stories like this need to stop popping up if it wants a shot at redemption. In other words, massively over-egging the pudding. When deployed with appropriate security and authentication controls in place, it can be very useful. Huawei then assured Vodafone that the telnet service was disabled, but the operator later found that the service could still be launched.

Look, it's not great that this was hardcoded into the equipment and undocumented - it was, after all, declared a security risk - and had to be removed after some pressure. That is the reason why Apple refused to build a backdoor into iOS for the Federal Bureau of Investigation (FBI) when it wanted help in cracking the security of an iPhone model that belonged one of the San Bernardino shooters.

The news of the historical flaws was first reported by Bloomberg.

Speaking during an online press briefing, Robert Strayer, Deputy Assistant Secretary for Cyber and International Communications and Information Policy at the Department of State, said the threat posed by the use of such equipment represents a "loaded gun".

Vodafone and Huawei both confirmed that the vulnerabilities were discovered in the Chinese routers, but both companies denied allegations in a report by Bloomberg that the security lapses amounted to "hidden backdoors" that could be used to spy on millions of people's internet browsing.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.