For years U.S. and some of its allies are claiming that Huawei should not be trusted and that the Chinese company is likely to have backdoors. (See my article for more background on the geopolitics of 5G https://5g.security/5g-geopolitics/geopolitics-of-5g-massive-critical-iot/). Today’s report from Bloomberg is already being held as the “smoking gun” by the supporters of the U.S. position.
Bloomberg alleges that Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011. With these backdoors, Huawei could have gained unauthorized access to Vodafone’s “fixed-line network in Italy.”
It wouldn’t be a 5G story if things would be as simple as that. Vodafone disagrees with the assessment arguing that vulnerabilities, which in any case were not remotely accessible, were fixed by Huawei. Proclamations about Huawei’s malicious intent seem to hinge on Vodafone finding unsecured telnet access that in theory could be used for malicious intent. However, telnet is also a service that is by default found unintentionally enabled in almost every network. I would be disappointed if the “scary” Chinese intelligence apparatus is planning to spy on the world and control critical infrastructure by leaving the telnet service enabled.
In any case, this story is not going to help Huawei as it’s trying to fight back against backdoor allegations.