One of Huawei’s biggest supporters admits it found security flaws in its telecom equipment a decade ago
Vodafone and Huawei have admitted that the UK operator had found security flaws with equipment from the Chinese vendor, back in 2011 and 2012.
The admission comes amid an intense debate surrounding the use of Huawei equipment for 5G networks.
Vodafone of course is one of Huawei’s biggest supporters in the UK. It, alongside Three UK, have campaigned vigorously on Huawei’s behalf. Indeed, last month Vodafone warned that banning Huawei equipment would cost the UK its 5G lead.
But both companies have apparently admitted security flaws were discovered in technology supplied to Vodafone’s Italian network.
The flaws were so serious it could have given Huawei unauthorised access to Italian homes and businesses.
That said however, the flaws are said to have been quickly resolved, according to Reuters.
Vodafone said it had found no evidence of any unauthorized access and that Huawei could not have accessed the fixed-line network in Italy without permission.
“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” a Vodafone spokesman told Reuters.
“Software vulnerabilities are an industry-wide challenge,” Huawei said. “Like every information and communications technology vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”
The vulnerability centred about the use of the Telnet protocol. It allows equipment manufacturers to communicate with their products after they have been deployed.
The admission comes amid growing pressure from the United States on the using of Huawei kit.
US secretary of state Mike Pompeo has previously warned allies that “America may not be able to operate in certain environments if there is Huawei technology adjacent to that”.
And earlier this week a US cyber security official warned that America would reassess sharing information with any allies which use equipment made by China’s Huawei.
Last week the UK’s National Security Council (NSC) reportedly agreed to allow Huawei limited access to help build parts of the network such as antennas and other “non-core” infrastructure.
Vodafone meanwhile is said to have paused the deployment of Huawei equipment in its core networks in January, as it waits for Western governments to give the Chinese company full security clearance.
Earlier this month the technical director of the National Cyber Security Centre (NCSC) had criticised Huawei’s “very, very shoddy” security engineering and said this “poor engineering” could lead to the gear being banned from Westminster and other sensitive areas.
In March British security officials slammed the security defects in Huawei equipment, but they maintained that risks posed by the company could be managed and that they have found no evidence of malicious action on Huawei’s part.
In its fifth annual report, the Huawei Cyber Security Evaluation Centre (HCSEC), which works with the NCSC to oversee Huawei products destined for use in the UK, called attention to “major defects” in the quality of Huawei’s security and software engineering and “concerning issues in Huawei’s approach to software development”.
Do you know all about security? Try our quiz!