U.S. officials and a number of governments around the world have been urging restriction on, or outright bans of, the use of network equipment from Chinese vendors, due to concerns around possible “backdoor” access that could allow the Chinese government to have unauthorized access to Western telecom company systems and users’ communications. Now, Vodafone has confirmed to Bloomberg that it had found evidence of vulnerabilities in Huawei equipment in its wireline network equipment over the years — although the carrier also said that the issues were resolved by working with the vendor.
Bloomberg‘s Daniele Lepido wrote that Vodafone “identified hidden backdoors in … software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy,” citing Vodafone’s security briefing documents from 2009 and 2011 that were seen by Bloomberg, as well as people involved in the situation. Vodafone reportedly found security vulnerabilities in home internet routers, and backdoors in optical service nodes and broadband network gateways in its fixed-access network.
In the case of the home routers, according to Bloomberg, Vodafone had asked Huawei to address the vulnerability and was told that it had been fixed, then found out through further testing that the security vulnerabilities persisted. Bloomberg’s reporting said that according to Vodafone’s internal documents, the risks included “possible third-party access to a customer’s personal computer and home network.”
Vodafone, in a statement to Bloomberg, categorized the situation as normal work with a vendor to find and address software security vulnerabilities, saying that “in the telecoms industry it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties” and that is why Vodafone conducts its own independent equipment testing and then works with vendors to resolve issues. Vodafone told Bloomberg that it had no evidence of any data being compromised and that in each case, the security risks were ultimately resolved by working with Huawei. But that version of events is contested by “people involved in the security discussions between the companies,” Bloomberg reported, adding that according to those anonymous sources, “vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal” — but that Vodafone stuck with Huawei because of its competitive equipment pricing.
In January, Vodafone CEO Nick Read told investors that the carrier will continue to use gear from Huawei in its 5G Radio Access Network but will pause the implementation of the vendor’s equipment for 5G core networks.
“We are predominately using Huawei in radio. We are continuing to use them in radio for 5G. However, in the core, we have put them on pause. They are not significant in the scale of our operations in the core, and therefore it’s not a big financial implication,” he added.
