X

Huawei Backdoors Found By Vodafone, Risking Unauthorized Access To Network

April 30, 2019

Excerpt: FBI Director Christopher Wray said last week, “China seems determined to steal its way up the economic ladder, at our expense… They’re strategic in their approach—they actually have a formal plan, set out in five-year increments, to achieve dominance in critical areas.”

On Tuesday, Vodafone, Europe's largest phone company, "acknowledged that it found vulnerabilities going back years with equipment supplied by Huawei for the carrier’s Italian business." This will cast even more doubt on the decision taken by the U.K. to include Huawei in the country's 5G network which, on Monday, prompted the U.S. to warn that this might compromise intelligence-sharing arrangements. 

[Zak Doffman | April 30, 2019 | Forbes]

This is the first time a Huawei security issue of this severity has been made public. Vodafone identified "hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses." As reported in Bloomberg the findings were set out in "briefing documents from 2009 and 2011," and in response, Huawei said in a statement that "it was made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time." 

According to Bloomberg's unnamed sources, the Huawei security issues found in Vodafone's Italian business were also found in the U.K., Germany, Spain and Portugal. 

 

The debate around Huawei's inclusion in 5G networks around the world has weaved its way through many months, with claim and counter-claim being made. The crux of the debate has landed on the ownership of the company and the level to which the Chinese state may or may not be able to exercise control. But this misses the point. Huawei is a 'national champion' technology company domiciled in China, exporting networking equipment around the world, including to countries against which China is engaged in aggressive espionage activity.

"We are right to have a degree of caution about the role of large Chinese companies," warned Britain's Foreign Secretary in Monday's Telegraph, "because of the degree of control the Chinese state is able to exercise over them in the way that would not be possible if they were large Western companies."

According to Bloomberg, "Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes."

This isn't a Vodafone issue, this is a Huawei issue. Vodafone did the right thing and their security team identified and resolved the vulnerability. Carriers around the world may now need to ask whether they have the same issues, but as yet undiscovered.

Vodafone said that no data was compromised and that the vulnerabilities were identified and resolved. "In the telecoms industry," the company said, "it is not uncommon for vulnerabilities in equipment from suppliers to be identified by operators and other third parties. Vodafone takes security extremely seriously and that is why we independently test the equipment we deploy to detect whether any such vulnerabilities exist. If a vulnerability exists, Vodafone works with that supplier to resolve it quickly."

Last week's controversial decision to green light Huawei's inclusion in the U.K.'s 5G networks has alarmed Washington. And they're not alone. A wave of U.K. politicians queued up to criticize the move. "There’s a reason others have said no," tweeted the chair of the U.K.'s Foreign Affairs Committee. 

"That doesn't mean to say that their role is automatically malign," Jeremy Hunt was quoted as saying on Monday, "but there are things like the 2017 law which requires all Chinese companies, whatever their ownership, to co-operate with Chinese intelligence services on any occasion."

"Countries of global influence, like the U.K., make decisions independently and in accordance with their national interests," China's ambassador in London said in a letter published in the Sunday Telegraph.

Yes, but we all know that this is a one-way street. "Huawei’s 2018 research budget grew 149 percent from 2014," according to Bloomberg, "outpacing increases by Apple Inc, Microsoft Corp and Korea’s Samsung over the same period. Amazon’s 210 percent growth in R&D expenditure was the only bigger rise among the top R&D spenders."

Countries like Britain embrace companies like Huawei because there is little choice. "Put plainly," FBI Director Christopher Wray said last week, "China seems determined to steal its way up the economic ladder, at our expense... They’re strategic in their approach—they actually have a formal plan, set out in five-year increments, to achieve dominance in critical areas."

Imagine, for a second, that this was Russian technology. Can you envisage the U.K. making the case for Russian networking equipment in their strategic future communications infrastructure? Obviously not. But Chinese technology is advanced, unavoidable, endemic. The country has subsidized and invested and closed its domestic market to ensure sustainability. And it has worked. Huawei, ZTE, Dabua, Hikvision. And then the surveillance AI unicorns, SenseTime, Megvii, Yitu, Cloudwalk.

And so where does that leave us? Staring at the truth of the situation we have created through years of looking the other way on Xinjiang and closed procurements and soft loans and state subsidies. We can't compete with Chinese technology because the playing field is anything but level. So the choice that faces the U.K., and which faces everyone else, is whether or not to keep calm and carry on regardless or to make a stand and take the hit.

"Huawei’s roots in Britain run so deep that its equipment is ubiquitous in our networks while its contacts go to the heart of the establishment," reported the Times earlier this month, with the newspaper unearthing that Huawei had "secured at least 35 meetings with ministers and audiences with Theresa May and her predecessor David Cameron.

Huawei's ownership is controversial. "Huawei says it is employee-'owned' - but not really," reported the Wall Street Journal. The company insists that they are independent, uncontrolled, uninfluenced, that they would refuse to collect intelligence even if asked. Huawei's global communications chief told me that "Huawei is a private company. The Chinese government does not have any ownership or any interference in our business operations. China does not have any law to force any company or business to install back doors."

But two academics delved into the famous book in Shenzhen that lists the thousands of employee shareholders. "Huawei calls itself “employee-owned,” but this claim is questionable and the corporate structure described on its website is misleading," explained Christoper Balding, of Fulbright University Vietnam, and Donald C. Clarke, of George Washington University Law School, in a paper examining the company's claims. "Regardless of who, in a practical sense, owns and controls Huawei, it is clear that the employees do not."

Put simply, the 99% of the company not owned by founder Ren Zhengfei is owned by a 'trade union committee', of which nothing is known. If there is any external influence on the company, this is how it is applied. And so Huawei's ownership is a "murky matter," as explained by the New York Times.

But, again, this is actually more of a distraction than it seems. if Huawei was publicly traded but still a dominant Chinese player, would we worry less? Would that change the potential for the company to be compelled into certain actions or activities by its government?

To make the claim that there's no difference between Chinese and non-Chinese technology is foolish and naive. FBI Director Christopher Wray said last week that "we have economic espionage investigations that almost invariably lead back to China in nearly all of our 56 field offices... It’s illegal. It’s a threat to our economic security. And by extension, it’s a threat to our national security."

If China really is the cyber threat to western governments and businesses that have been represented by almost all of the major security agencies, then what on earth are we thinking?

The news that backdoors are not a figment of Washington's imagination is a major setback for Huawei.

Read the original article here.


Be the first to comment

Please check your e-mail for a link to activate your account.