UK MOBILE OPERATOR Vodafone uncovered hidden backdoors in Huawei communications equipment in 2011 and 2012.
That's according to a Bloomberg report, which claims the security flaws were identified in Huawei technology supplied to Vodafone's Italian business. If not resolved, the flaws could have given Huawei or anyone connected to the company unauthorised access to Vodafone's fixed-line communications network in Italy.
Bloomberg said its report is based on Vodafone's security briefing documents from 2009 and 2011 as well as on discussions with people familiar with the matter.
Vodafone informed Huawei about the security flaws present in home internet routers in 2011, and the Chinese firm later reassured Voda that the flaws had been fixed.
However, additional tests carried out by Vodafone showed that the vulnerabilities were still present in Huawei's equipment. The firm also discovered more flaws in optical service nodes on its fixed-access network, as well as in parts of its broadband network gateways.
In a statement, Vodafone acknowledged that some backdoors were found in 2011 in Huawei-supplied routers in Italy, but claimed that no data had been compromised as a result of the flaws.
The company also admitted that it had found flaws in network gateways in Italy in 2012, adding that those flaws were fixed the same year.
"Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly," the company told Bloomberg.
In a statement given to INQ, Huawei added: "We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time. Software vulnerabilities are an industry-wide challenge. Like every ICT vendor, we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action."
However, people familiar with the matter told Bloomberg that security flaws in both routers and fixed access network hardware persisted beyond 2012, adding that those flaws were also identified in hardware embedded in Vodafone's businesses in the UK, Spain, Germany, and Portugal.
Nevertheless, Vodafone decided to stick with the Chinese firm as its products and services were competitively priced. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked