Vodafone found security flaws in Huawei equipment in
2011, 2012
Send a link to a friend
 [April 30, 2019]
LONDON (Reuters) - Telecoms group Vodafone
found security flaws in equipment supplied by China's Huawei to its
Italian business in 2011 and 2012, the two companies said on Tuesday.
Vodafone, the world's second-biggest mobile operator, said it had found
security vulnerabilities in two products and that both incidents had
been resolved quickly.
Huawei, the world's biggest producer of telecoms equipment, is under
intense scrutiny after the United States told allies not to use its
technology because of fears it could be a vehicle for Chinese spying.
Huawei has categorically denied such accusations.
Vodafone paused the deployment of Huawei equipment in its core networks
in January as the British group waits for Western governments to give
the Chinese company full security clearance.
Last week Britain sought to navigate its way through the bitter dispute,
with two security sources telling Reuters that it had decided to block
Huawei from all core parts of its 5G network and restrict access to
non-core parts.
The British government is still deliberating on the use of Huawei
equipment in a future 5G network but aims to announce its decision in
the next month.
A government report in March rebuked Huawei for failing to fix
long-standing security issues and said that British security officials
had found "several hundred vulnerabilities and issues" with the
company's equipment in 2018.
However, mobile operators such as Vodafone have warned that a complete
ban on Huawei would delay 5G, which will offer much faster data speeds
and underpin future development in many industries, such as self-driving
cars.
The two companies said they had found software vulnerabilities in 2011
and 2012 that were fixed by Huawei.
Vodafone said it had found no evidence of any unauthorized access and
that Huawei could not have accessed the fixed-line network in Italy
without permission.
"The issues were identified by independent security testing, initiated
by Vodafone as part of our routine security measures, and fixed at the
time by Huawei," a Vodafone spokesman said.
[to top of second column] |
The Logo of Huawei is seen at its showroom in Shenzhen, Guangdong
province, China March 29, 2019. REUTERS/Tyrone Siu/File Photo
Huawei said it was made aware of historical vulnerabilities in 2011 and 2012 and
that they had been addressed at the time.
"Software vulnerabilities are an industry-wide challenge," it said. "Like every
information and communications technology vendor we have a well-established
public notification and patching process, and when a vulnerability is identified
we work closely with our partners to take the appropriate corrective action."
Vodafone said the vulnerability had stemmed from the use of Telnet, a protocol
that was commonly used by many vendors for performing diagnostic functions. It
allows equipment manufacturers to communicate with their products after they
have been deployed.
"It would not have been accessible from the internet," Vodafone said.
The news of the historical flaws was first reported by Bloomberg.
Spokesmen for the British government's digital department and for the National
Cyber Security Centre declined to comment.
BT, Britain's biggest fixed and mobile operator, said that over the course of
more than 10 years of working with Huawei it had not identified any security
breaches or evidence of unsolicited communications.
Huawei competes with Sweden's Ericsson and Finland's Nokia.
(Reporting by Kate Holton and Jack Stubbs; Editing by Louise Heavens and David
Goodman)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
