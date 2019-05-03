(Bloomberg) -- A story published by Bloomberg on April 30 showed that Vodafone Group Plc found security flaws several years ago with equipment supplied by Huawei Technologies Co. The piece was based on documents obtained by Bloomberg and conversations with people familiar with the situation.

Below are excerpts from one of the documents.

The document, from April 2011, was written after Europe’s largest phone company identified what it called a telnet backdoor in home internet routers provided by Shenzhen-based Huawei for the carrier’s Italian business.

Both companies now say the router issues were tied to a failure to remove maintenance and diagnostic functions after development and were resolved later that year.

In the document, Vodafone’s chief information security officer at the time, Bryan Littlefair, outlined how Vodafone discovered the telnet service, requested its removal by Huawei and received assurances from the supplier that the problem was fixed. After further testing, Vodafone found that the telnet service could still be launched in the routers, known as Vodafone Stations. The following is Littlefair’s evaluation of the situation:

Below, Littlefair listed perceived risks tied to the backdoors:

The document by Littlefair, who didn’t respond to Bloomberg requests for comment, highlighted concerns at the time that the flaws in home routers could have given unauthorized access to both devices in a consumer’s home as well as in the broader Vodafone network.

In a statement to Bloomberg, Vodafone said the vulnerabilities only affected the routers and had nothing to do with its access, transport or core networks. An attacker would have only been able to access data local to the device and not the data of any other users, Vodafone said.

Bloomberg’s reporting also showed that Vodafone found vulnerabilities in parts of the fixed-line Italian network supplied by Huawei called optical service nodes and broadband network gateways. Vodafone said the BNG issues were resolved in 2012 and the OSN issues were also resolved, without giving a time frame.

Both Vodafone and Huawei said equipment vulnerabilities are an industrywide issue. Huawei said: “There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment.”

In his conclusion in the 2011 document, Littlefair expressed concern about how the telnet backdoor ended up in the routers and how the matter was handled by Huawei:

Huawei has since expanded its relationship with Vodafone and is now the carrier’s fourth-largest supplier behind Apple Inc., Nokia Oyj and Ericsson AB.

To contact the reporter on this story: Daniele Lepido in Milan at dlepido1@bloomberg.net

To contact the editors responsible for this story: Rebecca Penty at rpenty@bloomberg.net, Giles Turner

©2019 Bloomberg L.P.