LONDON (Reuters) - Telecoms group Vodafone found security flaws in equipment supplied by China’s Huawei to its Italian business in 2011 and 2012, the two companies said on Tuesday.
Vodafone, the world’s second-biggest mobile operator, said it had found security vulnerabilities in two products and that both incidents, first reported by Bloomberg, had been resolved quickly.
Huawei, the world’s biggest producer of telecoms equipment, is under intense scrutiny after the United States told allies not to use its technology because of fears it could be a vehicle for Chinese spying. Huawei has denied such accusations.
Vodafone paused the deployment of Huawei equipment in its core networks in January as the British group waits for Western governments to give the Chinese company full security clearance.
Last week Britain sought to navigate its way through the bitter dispute and two security sources told Reuters that it had decided to block Huawei from all core parts of its 5G network and restrict access to non-core parts.
The British government is still deliberating on the use of Huawei equipment in a future 5G network but aims to announce its decision in the next month.
A government report in March rebuked Huawei for failing to fix long-standing security issues and said that British security officials had found “several hundred vulnerabilities and issues” with the company’s equipment in 2018.
However, mobile operators such as Vodafone have warned that a complete ban on Huawei would delay 5G, which will offer much faster data speeds and underpin future development in many industries, such as self-driving cars.
The two companies said they had found software vulnerabilities in 2011 and 2012 that were fixed by Huawei.
Vodafone said it had found no evidence of any unauthorised access and that Huawei could not have accessed the fixed-line network in Italy without permission.
“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” a Vodafone spokesman said.
Huawei said it was made aware of historical vulnerabilities in 2011 and 2012 and that they had been addressed at the time.
“There is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment,” a Huawei spokesman said in a statement.
It said the Bloomberg report “refers to a maintenance and diagnostic function, common across the industry, as well as vulnerabilities, which were corrected over seven years ago”.
Vodafone said the vulnerability had stemmed from the use of Telnet, a protocol that was commonly used by many vendors for performing diagnostic functions. It allows equipment manufacturers to communicate with their products after they have been deployed.
“It would not have been accessible from the internet,” Vodafone said.
Spokesmen for the British government’s digital department and for the National Cyber Security Centre declined to comment.
BT, Britain’s biggest fixed and mobile operator, said that over the course of more than 10 years of working with Huawei it had not identified any security breaches or evidence of unsolicited communications.
Huawei competes with Sweden’s Ericsson and Finland’s Nokia.
Reporting by Kate Holton and Jack Stubbs; Editing by Louise Heavens and David Goodman