Security News

Vodafone finds Huawei vulnerabilities 'going back years'

In a report to Bloomberg on April 30, Vodafone admits it "found vulnerabilities going back years with equipment supplied by Huawei for the carrier’s Italian business." They further admitted that "hidden backdoors in the software could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses."

The findings were set out in "briefing documents from 2009 and 2011" and Huawei responded that "it was made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time."

To make matters worse, the same (Huawei) security issues were also found in Germany, Spain, Portugal and the UK, where reports suggest they may be willing to let the company assist building its 5G network.

Even before the report came to light, countries around the world were keeping Huawei at arms length. Australia, Japan and Taiwan are refusing to allow Huawei equipment on their 5G networks, while Canada and New Zealand are reviewing their association with the company. The US won't use Huawei, the world's second biggest selling smartphone brand, citing security reasons.

Huawei have hit back: "Software vulnerabilities are an industry-wide challenge. Like every information and communications technology vendor, we have a well-established public notification and patching process, and when a vulnerability is identified, we work closely with our partners to take the appropriate corrective action ... There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment."

Even though Huawei have said the security flaws were addressed at the time, this years-old revelation won't do their reputation any good.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts