Wednesday, 01 May 2019 09:16

Vodafone slams Bloomberg over Huawei 'backdoor' claims Featured

By
Vodafone slams Bloomberg over Huawei 'backdoor' claims Image by Kerstin Riemer from Pixabay

The American news agency Bloomberg has been caught on the hop again with a technically inaccurate report, this time claiming that Vodafone had found what it called "hidden backdoors" in software that "could have given Huawei unauthorised access to the carrier’s (Vodafone's) fixed-line network in Italy".

But Vodafone denied it had made any such claim. A company spokesperson told iTWire that the so-called backdoor that Bloomberg referred to was telnet, a protocol used for communication using a virtual terminal connection, adding that it was not exposed to the Internet.

"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'," the Vodafone spokesperson said.

"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development. The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."

Asked for his take on the Bloomberg story, former NSA hacker Jake Williams said practically every manufacturer had placed engineering access features in their products at one time or another.

"Obviously this includes Huawei, but also includes other telecom giants like Cisco and Fortigate. The claimed backdoor appears to have simply been a hard-coded account and access method for engineers to provide remote support," he said.

"While these are bad for security, they aren't backdoors to be used by the Chinese Government."

Williams, who worked for the elite Tailored Access Operations unit while with the spy agency, said there were many reasons to be sceptical of Huawei. "But these arguments should be limited to facts. Hyperbole like calling engineering features backdoors trivialises the important discussions about trust in Huawei we should be having," he added.

This is not the first time that Bloomberg has published a technology story with such a major error. Last year, the agency filed a story claiming that China spied on Apple and Amazon using server chips. The story was met with stout denials from Amazon, Apple, the US Department of Homeland Security and the British National Cyber Security Centre.

But the very next week, Bloomberg went one better by claiming that a big US telco had been hit by hardware tampering. Both stories drew heavily on anonymous stories and could not be verified by any tech news site.

The agency has a practice of paying higher annual bonuses to those who write stories that move markets. The story about Apple and Amazon resulted in Lenovo shares falling by as much as 23% across Asia, while the stocks of ZTE Corporation, China's biggest telecommunications equipment maker, fell by about 14% in Hong Kong trading. And both Apple and Amazon lost a little less than 2% of their value following the report.

For Tuesday's story, Bloomberg cited Vodafone’s security briefing documents from 2009 and 2011 which it claimed to have seen, as well as unnamed people involved in the situation.

iTWire has contacted Bloomberg to inquire whether the agency plans to correct its story. The news agency also had a related op-ed titled "The West Finally Has Its Huawei Smoking Gun".

Reuters also reported the story, but referred to "security flaws", "security vulnerabilities", and "software vulnerabilities", rather than backdoors.

Huawei said in a statement that the story published by Bloomberg was misleading. "It refers to a maintenance and diagnostic function, common across the industry, as well as vulnerabilities, which were corrected over seven years ago," a spokesperson said.

"There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment.”

For more than two years, the US has been pushing countries it considers allies to avoid using equipment from Chinese companies, Huawei foremost, in 5G networks. But Washington has produced no proof to back up its claims that these products could be used to spy for China.

Only Australia and New Zealand have fallen in line with Washington's dictates, but Wellington has indicated that the initial refusal for telco Spark to use Huawei gear is not the end of the matter. That stance was reiterated by Prime Minister Jacinda Ardern during a one-day China visit in April. Huawei sued the US on 7 March, seeking to be reinstated as a telco supplier in the country.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments