Bloomberg alleges Huawei routers and network gear are backdoored

Article note: Hiding behind Hanlon's razor (let's go with the modified "Any sufficiently advanced incompetence is indistinguishable from malice"): We _genuinely can't tell_ if internet connected garbage is insecure because it's garbage, or because it's backdoored.

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone's "fixed-line network in Italy." But Vodafone disagrees, saying that while it did discover some security vulnerabilities in Huawei equipment, these were fixed by Huawei and in any case were not remotely accessible, and hence they could not be used by Huawei.

Bloomberg's claims are based on Vodafone's internal security documentation and "people involved in the situation." Several different "backdoors" are described: unsecured telnet access to home routers, along with "backdoors" in optical service nodes (which connect last-mile distribution networks to optical backbone networks) and "broadband network gateways" (BNG) (which sit between broadband users and the backbone network, providing access control, authentication, and similar services).

In response to Bloomberg, Vodafone said that the router vulnerabilities were found and fixed in 2011 and the BNG flaws were found and fixed in 2012. While it has documentation about some optical service node vulnerabilities, Vodafone continued, it has no information about when they were fixed. Further, the network operator said that it has no evidence of issues outside Italy.