For years U.S. and some of its allies are claiming that Huawei should not be trusted and that the Chinese company is likely to have backdoors. (See my article for more background on the geopolitics of 5G https://5g.security/5g-geopolitics/geopolitics-of-5g-massive-critical-iot/). Today’s report from Bloomberg is already being held as the “smoking gun” by the supporters of the U.S. position.

Bloomberg alleges that Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011. With these backdoors, Huawei could have gained unauthorized access to Vodafone’s “fixed-line network in Italy.”

It wouldn’t be a 5G story if things would be as simple as that. Vodafone disagrees with the assessment arguing that vulnerabilities, which in any case were not remotely accessible, were fixed by Huawei. Proclamations about Huawei’s malicious intent seem to hinge on Vodafone finding unsecured telnet access that in theory could be used for malicious intent. However, telnet is also a service that is by default found unintentionally enabled in almost every network. I would be disappointed if the “scary” Chinese intelligence apparatus is planning to spy on the world and control critical infrastructure by leaving the telnet service enabled.

In any case, this story is not going to help Huawei as it’s trying to fight back against backdoor allegations.

Source: https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment

 

Marin Ivezic
marin@ivezic.com | Website | Other articles

Marin Ivezic is a Partner at PwC (PricewaterhouseCoppers) specializing in risks of emerging technologies. He leads PwC’s 5G cybersecurity efforts. He also leads cybersecurity for the Telecommunications, Media & Technology sector; and Industrial, IoT, Critical Infrastructure & Cyber-Kinetic security capabilities in the region. All these focus areas are being transformed with the emergence of 5G. Marin worked with critical infrastructure protection organizations in a dozen countries, 20+ of the top 100 telecom companies, and a number of technology companies on understanding the geopolitics of 5G; uncovering as-yet-unknown security and privacy risks of 5G, AI and IoT; and defining novel security and privacy approaches to address emerging technology risks.

Luka Ivezic
luka@5g.security | Website | Other articles

Luka Ivezic is an independent consultant and author exploring geopolitical and socioeconomic implications of emerging technologies such as 5G, Artificial Intelligence (AI) and Internet of Things (IoT). To better observe policy discussions and societal attitudes towards early adoptions of emerging technologies, Luka spent last five years living between US, UK, Denmark, Singapore, Japan and Canada. This has given him a unique perspective on how emerging technologies shape different societies, and how different cultures determine technological development.