LONDON (Reuters) – Telecoms group Vodafone found security flaws in equipment supplied by China’s Huawei to its Italian business in 2011 and 2012, the two companies said on Tuesday.
FILE PHOTO: The Logo of Huawei is seen at its showroom in Shenzhen, Guangdong province, China March 29, 2019. REUTERS/Tyrone Siu/File Photo
Vodafone, the world’s second-biggest mobile operator, said it had found security vulnerabilities in two products and that both incidents had been resolved quickly.
Huawei, the world’s biggest producer of telecoms equipment, is under intense scrutiny after the United States told allies not to use its technology because of fears it could be a vehicle for Chinese spying. Huawei has categorically denied such accusations.
Vodafone paused the deployment of Huawei equipment in its core networks in January as the British group waits for Western governments to give the Chinese company full security clearance.
Last week Britain sought to navigate its way through the bitter dispute, with two security sources telling Reuters that it had decided to block Huawei from all core parts of its 5G network and restrict access to non-core parts.
The British government is still deliberating on the use of Huawei equipment in a future 5G network but aims to announce its decision in the next month.
A government report in March rebuked Huawei for failing to fix long-standing security issues and said that British security officials had found “several hundred vulnerabilities and issues” with the company’s equipment in 2018.
However, mobile operators such as Vodafone have warned that a complete ban on Huawei would delay 5G, which will offer much faster data speeds and underpin future development in many industries, such as self-driving cars.
The two companies said they had found software vulnerabilities in 2011 and 2012 that were fixed by Huawei.
Vodafone said it had found no evidence of any unauthorized access and that Huawei could not have accessed the fixed-line network in Italy without permission.
“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” a Vodafone spokesman said.
Huawei said it was made aware of historical vulnerabilities in 2011 and 2012 and that they had been addressed at the time.
“Software vulnerabilities are an industry-wide challenge,” it said. “Like every information and communications technology vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”
Vodafone said the vulnerability had stemmed from the use of Telnet, a protocol that was commonly used by many vendors for performing diagnostic functions. It allows equipment manufacturers to communicate with their products after they have been deployed.
“It would not have been accessible from the internet,” Vodafone said.
The news of the historical flaws was first reported by Bloomberg.
Spokesmen for the British government’s digital department and for the National Cyber Security Centre declined to comment.
BT, Britain’s biggest fixed and mobile operator, said that over the course of more than 10 years of working with Huawei it had not identified any security breaches or evidence of unsolicited communications.
Huawei competes with Sweden’s Ericsson and Finland’s Nokia.
Reporting by Kate Holton and Jack Stubbs; Editing by Louise Heavens and David Goodman