Vodafone denies Huawei security risk

null

Vodafone has dismissed reports saying it could have used Huawei hardware to gain unauthorised access to user devices.

A report from Bloomberg has claimed Vodafone detected security flaws in Huawei hardware being used in Italy as far back as 2011, and this could have allowed the Chinese giant to illegally spy on users in the country.

The alleged "backdoor" was reportedly a software vulnerability that would have granted access to Italy's fixed-line network, which provides internet access to millions of homes and businesses across the country.

However Vodafone says that the the issues "were all resolved" and that it was not to blame with a commonly-used industry service at fault.

"The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet," the company said in a statement.

"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'.

"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development.

"The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."

Huawei hardware has been under scrutiny for some time, with the US in particular banning the company's products and services for fears it may be used for illegal surveillance from the Chinese government.

However the UK has indicated it may be prepared to let Huawei to help build its 5G network.

A Huawei spokesperson told the BBC that the company was aware of historical vulnerabilities in 2011 and 2012, but these were addressed at the time.

"Software vulnerabilities are an industry-wide challenge," the spokesperson added. "Like every ICT [information and communications technology] vendor, we have a well-established public notification and patching process, and when a vulnerability is identified, we work closely with our partners to take the appropriate corrective action."