Stories
Slash Boxes
Comments

SoylentNews is people

Vodafone Found Hidden Backdoors in Huawei Equipment

posted by martyb on Tuesday April 30 2019, @06:46PM   Printer-friendly
from the Can-you-hear-me-now? dept.

Phoenix666 writes:

Bloomberg:

For months, Huawei Technologies Co. has faced U.S. allegations that it flouted sanctions on Iran, attempted to steal trade secrets from a business partner and has threatened to enable Chinese spying through the telecom networks it's built across the West.

Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier's Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China's global technology prowess.

Europe's biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier's fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone's security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.

Only the Five Eyes, Google, Facebook, and Amazon are allowed to spy.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Vodafone Found Hidden Backdoors in Huawei Equipment | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Interesting) by Anonymous Coward on Tuesday April 30 2019, @09:13PM

    by Anonymous Coward on Tuesday April 30 2019, @09:13PM (#836888)

    As with other companies, Huawei has had some vulnerabilities, but they have mostly been fixed.

    Telnet access isn't a backdoor. It's not a bug. It's not a vulnerability. It's how the line runners configure and test the units after assembling the covers and wifi antenna and just before packaging and shipping to make sure everything is working. Leaving it open and undocumented in the firmware is sloppy but it's hardly uncommon and any corporate customer buying networking equipment knows full well it's standard practice to sweep through the ports to test for any leftovers and close / firewall them off. Practically speaking it only deserves a quick errata in the v1.1 manual. But if you do decide to close the interface in the next firmware version, letting the owners reinstall the service is a feature since some folks, like myself, want access to the system for all sort of administrative operations that aren't very easy to automate over the browser gui. In fact, when my ISP delivered new VDSL router firmware over TR-069 a few years ago that disabled telnet, they got angry calls for weeks until they gave up and added a button in the web gui to turn it back on.

    Overall, fake news.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Total Score:   2