Stories
Slash Boxes
Comments

SoylentNews is people

Vodafone Found Hidden Backdoors in Huawei Equipment

posted by martyb on Tuesday April 30 2019, @06:46PM   Printer-friendly
from the Can-you-hear-me-now? dept.

Phoenix666 writes:

Bloomberg:

For months, Huawei Technologies Co. has faced U.S. allegations that it flouted sanctions on Iran, attempted to steal trade secrets from a business partner and has threatened to enable Chinese spying through the telecom networks it's built across the West.

Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier's Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China's global technology prowess.

Europe's biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier's fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone's security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.

Only the Five Eyes, Google, Facebook, and Amazon are allowed to spy.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Vodafone Found Hidden Backdoors in Huawei Equipment | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by khallow on Tuesday April 30 2019, @10:44PM (2 children)

    by khallow (3766) Subscriber Badge on Tuesday April 30 2019, @10:44PM (#836929) Journal

    A backdoor is something that is hidden in the software. Not an obvious inclusion of an easily detectable and scannable protocol like Telnet.

    Hide in plain sight. There's plausible deniability since it's just superficially a minor misconfiguration. And it's easily detectable only if someone looks for it.

    The sneakiest backdoors are where a remotely exploitable bug is left in place with a slight change elsewhere so existing exploits don't work with it. That way if it's found, the vendor/NSA/CCP/etc can plausibly deny intentionality.

    Which could be the case here as I noted. Not much you can do with diagnostics unless there's a second bug you can then exploit.

    The point is not that this is solid evidence of a back door, but rather it is indeed an exploitable vulnerability which could be part of an attempted back door. Meanwhile there are parties, such as the Chinese government, with both motive and opportunity to create and exploit this vulnerability as part of a larger scheme.

  • (Score: 0) by Anonymous Coward on Tuesday April 30 2019, @11:35PM (1 child)

    by Anonymous Coward on Tuesday April 30 2019, @11:35PM (#836960)

    but rather it is indeed an exploitable vulnerability which could be part of an attempted back door.

    And AGW could profoundly impact the human civilization. You not afraid of it?

    • (Score: 1) by khallow on Tuesday April 30 2019, @11:41PM

      by khallow (3766) Subscriber Badge on Tuesday April 30 2019, @11:41PM (#836964) Journal

      And AGW could profoundly impact the human civilization. You not afraid of it?

      Well, sure I'm concerned. But we know of zillions of successful computer systems intrusions, with the best groups using weaknesses they put in the systems themselves. Meanwhile there's not a lot of concrete threats observed from present day global warming with most of the systems affect, both human and nature having considerable ability to adapt to the existing global warming.