Vodafone Found Security Flaws In Huawei Kit

Vodafone and Huawei have admitted that the UK operator had found security flaws with equipment from the Chinese vendor, back in 2011 and 2012.

The admission comes amid an intense debate surrounding the use of Huawei equipment for 5G networks.

Vodafone of course is one of Huawei’s biggest supporters in the UK. It, alongside Three UK, have campaigned vigorously on Huawei’s behalf. Indeed, last month Vodafone warned that banning Huawei equipment would cost the UK its 5G lead.

Security flaws

But both companies have apparently admitted security flaws were discovered in technology supplied to Vodafone’s Italian network.

The flaws were so serious it could have given Huawei unauthorised access to Italian homes and businesses.

That said however, the flaws are said to have been quickly resolved, according to Reuters.

Vodafone said it had found no evidence of any unauthorized access and that Huawei could not have accessed the fixed-line network in Italy without permission.

“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” a Vodafone spokesman told Reuters.

“Software vulnerabilities are an industry-wide challenge,” Huawei said. “Like every information and communications technology vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”

The vulnerability centred about the use of the Telnet protocol. It allows equipment manufacturers to communicate with their products after they have been deployed.

The admission comes amid growing pressure from the United States on the using of Huawei kit.

US secretary of state Mike Pompeo has previously warned allies that “America may not be able to operate in certain environments if there is Huawei technology adjacent to that”.

And earlier this week a US cyber security official warned that America would reassess sharing information with any allies which use equipment made by China’s Huawei.

British restrictions

Last week the UK’s National Security Council (NSC) reportedly agreed to allow Huawei limited access to help build parts of the network such as antennas and other “non-core” infrastructure.

Vodafone meanwhile is said to have paused the deployment of Huawei equipment in its core networks in January, as it waits for Western governments to give the Chinese company full security clearance.

Earlier this month the technical director of the National Cyber Security Centre (NCSC) had criticised Huawei’s “very, very shoddy” security engineering and said this “poor engineering” could lead to the gear being banned from Westminster and other sensitive areas.

In March British security officials slammed the security defects in Huawei equipment, but they maintained that risks posed by the company could be managed and that they have found no evidence of malicious action on Huawei’s part.

In its fifth annual report, the Huawei Cyber Security Evaluation Centre (HCSEC), which works with the NCSC to oversee Huawei products destined for use in the UK, called attention to “major defects” in the quality of Huawei’s security and software engineering and “concerning issues in Huawei’s approach to software development”.

Do you know all about security? Try our quiz!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Coronavirus Outbreak May Disrupt iPhone Production – Report

As Apple seeks to ramp up iPhone production by 10 percent in China, deadly coronavirus outbreak may derail this goal…

1 hour ago

Silicon UK in Focus: Data Protection Day 2020

Today is the 14th annual Data Protection Day. Silicon UK speaks to Bob Canaway, Chief Marketing Officer, Privitar to gain…

2 hours ago

Officials Blame Turkey For Cyber-Attacks

Turkish government likely to be behind ongoing campaign of DNS hijacking incidents targeting rival countries, Western officials say

19 hours ago

Citrix Flaw Opens Networks To Ransomware Risk

Hackers attempt to exploit critical flaw in Citrix ADC and Citrix Gateway to install 'Ragnarok' ransomware on vulnerable networks

19 hours ago

Google Takes Dataset Search Out Of Beta

Custom-built framework aims to help researchers find the vast amount of data published online by labs, governments, universities and other…

20 hours ago

ICO Children’s Data Rules Meet With Divided Response

Upcoming regulations hailed as a pioneering step to protect children's data online, but some fear they could favour big tech…

21 hours ago