Wednesday, 01 May 2019 09:16

Vodafone slams Bloomberg over Huawei 'backdoor' claims Featured

Vodafone slams Bloomberg over Huawei 'backdoor' claims Image by Kerstin Riemer from Pixabay

The American news agency Bloomberg has been caught on the hop again with a technically inaccurate report, this time claiming that Vodafone had found what it called "hidden backdoors" in software that "could have given Huawei unauthorised access to the carrier’s (Vodafone's) fixed-line network in Italy".

But Vodafone denied it had made any such claim. A company spokesperson told iTWire that the so-called backdoor that Bloomberg referred to was telnet, a protocol used for communication using a virtual terminal connection, adding that it was not exposed to the Internet.

"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'," the Vodafone spokesperson said.

"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development. The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."

Asked for his take on the Bloomberg story, former NSA hacker Jake Williams said practically every manufacturer had placed engineering access features in their products at one time or another.

"Obviously this includes Huawei, but also includes other telecom giants like Cisco and Fortigate. The claimed backdoor appears to have simply been a hard-coded account and access method for engineers to provide remote support," he said.

"While these are bad for security, they aren't backdoors to be used by the Chinese Government."

Williams, who worked for the elite Tailored Access Operations unit while with the spy agency, said there were many reasons to be sceptical of Huawei. "But these arguments should be limited to facts. Hyperbole like calling engineering features backdoors trivialises the important discussions about trust in Huawei we should be having," he added.

This is not the first time that Bloomberg has published a technology story with such a major error. Last year, the agency filed a story claiming that China spied on Apple and Amazon using server chips. The story was met with stout denials from Amazon, Apple, the US Department of Homeland Security and the British National Cyber Security Centre.

But the very next week, Bloomberg went one better by claiming that a big US telco had been hit by hardware tampering. Both stories drew heavily on anonymous stories and could not be verified by any tech news site.

The agency has a practice of paying higher annual bonuses to those who write stories that move markets. The story about Apple and Amazon resulted in Lenovo shares falling by as much as 23% across Asia, while the stocks of ZTE Corporation, China's biggest telecommunications equipment maker, fell by about 14% in Hong Kong trading. And both Apple and Amazon lost a little less than 2% of their value following the report.

For Tuesday's story, Bloomberg cited Vodafone’s security briefing documents from 2009 and 2011 which it claimed to have seen, as well as unnamed people involved in the situation.

iTWire has contacted Bloomberg to inquire whether the agency plans to correct its story. The news agency also had a related op-ed titled "The West Finally Has Its Huawei Smoking Gun".

Reuters also reported the story, but referred to "security flaws", "security vulnerabilities", and "software vulnerabilities", rather than backdoors.

Huawei said in a statement that the story published by Bloomberg was misleading. "It refers to a maintenance and diagnostic function, common across the industry, as well as vulnerabilities, which were corrected over seven years ago," a spokesperson said.

"There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment.”

For more than two years, the US has been pushing countries it considers allies to avoid using equipment from Chinese companies, Huawei foremost, in 5G networks. But Washington has produced no proof to back up its claims that these products could be used to spy for China.

Only Australia and New Zealand have fallen in line with Washington's dictates, but Wellington has indicated that the initial refusal for telco Spark to use Huawei gear is not the end of the matter. That stance was reiterated by Prime Minister Jacinda Ardern during a one-day China visit in April. Huawei sued the US on 7 March, seeking to be reinstated as a telco supplier in the country.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments