Vodafone, Huawei Dispute Report of Telnet 'Backdoor'Huawei Denies Concealing Backdoors in Equipment
Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy.
See Also: 2021: A Cybersecurity Odyssey
Bloomberg reports that the vulnerabilities and backdoors were found in home routers, optical service nodes and broadband network gateways by Vodafone in Italy in 2011 and 2012. Vodafone and Huawei, which remains a Vodafone partner, say the issues were fixed at the time.
Huawei officials couldn't immediately be reached for comment, but the company tells Bloomberg "there is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment."
The story is causing a stir, in part, due to terminology. Bloomberg refers to telnet functionality that had been enabled in some Huawei home routers as a "backdoor." Vodafone says that's not the case, but rather telnet was present for diagnostic purposes but should have been removed.
While the two companies appear to be on the same page now, Bloomberg cites internal documents indicating that Vodafone was irritated with Huawei for re-enabling telnet, which was discovered in another check.
Absent in the story, however, is deeper detail about the vulnerabilities within optical service nodes and broadband network gateways.
The story comes as Huawei faces continued criticism and questions. The Beijing-based manufacturer continues to refute allegations that it may be influenced by the Chinese government or vulnerable to having its networking equipment manipulated for intelligence purposes (see: Huawei Security Shortcomings Cited by British Intelligence).
Over the past few years, several countries, including the U.S., have banned the use of Huawei equipment in their 5G network rollouts. Also, its CFO, Meng Wanzhou, faces charges in the U.S. tied to the company allegedly evading sanctions against Iran.
Last week, news leaked that the U.K.'s National Security Council voted to allow Huawei to supply equipment for some "noncore" parts of the country's 5G network, such as antennas, although the government wasn't yet prepared to publicly make that declaration (see Huawei's Role in 5G Networks: A Matter of Trust).
The 'Backdoor': Telnet
As far back as October 2009, Vodafone had spotted telnet functionality within routers, Bloomberg reports. An internal presentation from that time highlighted 26 vulnerabilities in routers, including six "critical" ones and nine categorized as "major."
After testing by an independent contractor, Vodafone Italy found a "telnet backdoor" in January 2011, Bloomberg reports. That posed risks to Vodafone's wide area network, according to the Bloomberg report.
If it could be posted, it would be posted already, unfortunately. But the issue is not "a telnet service enabled". It is "an undocumented telnet service with hardcoded credentials found by testing, removed upon complaints and then added again in a different way".— Stefano Zanero (@raistolo) April 30, 2019
Huawei inserted an undocumented, hidden telnet daemon that could have allowed administrative control over routers, Bloomberg reports. But Vodafone takes issue with Bloomberg's use of the term "backdoor" as well as its potential for abuse.
"The 'backdoor' that Bloomberg refers to is telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions," according to a Vodafone statement. "It would not have been accessible from the internet. Bloomberg is incorrect in saying that this 'could have given Huawei unauthorized access to the carrier's fixed-line network in Italy.'"
Telnet is often used to administer routers, and its presence is not unusual, although it can pose a security issue if configured incorrectly or left directly exposed to the internet. But Bloomberg reports that at that time Vodafone didn't allow router manufacturers to manage routers using telnet.
Vodafone says telnet's presence on the routers "was nothing more than a failure to remove a diagnostic function after development."
Irritation with Huawei
Internal Vodafone documents cited by Bloomberg, however, point to past tension.
Vodafone asked Huawei to remove the telnet function, but further testing showed it remained. Then, Huawei allegedly refused to remove telnet, saying it needed the functionality for configuration and testing.
Bloomberg cited an April 2011 internal document written by Bryan Littlefair, Vodafone's CISO at the time.
"What is of most concern here is that actions of Huawei in agreeing to remove the code, then trying to hide it, and now refusing to remove it as they need it to remain for 'quality' purposes," Littlefair wrote, according to Bloomberg.
I saw the report too, it's bullshit in angle - millions of routers and switches across the world have telnet enabled. Cisco's had something like 7 actual backdoor accounts this year so far, I wait for the similar Bloomberg report about them.— Kevin Beaumont (@GossiTheDog) April 30, 2019
Bloomberg didn't publish those documents, which may shed greater light on Littlefair's broader thinking toward Huawei. Littlefair, who now is CEO of Cambridge Cyber Advisors, couldn't be immediately reached for comment.
One of Bloomberg's sources is Stefano Zanero, an associate professor of computer security at Politecnico di Milano University. Zanero wrote on Twitter that he has seen the internal Vodafone report that Bloomberg cited, but that it couldn't be publicly posted.
The issue isn't just that telnet was enabled, Zanero writes: "It is 'an undocumented telnet service with hardcoded credentials found by testing, removed upon complaints and then added again in a different way.'"
Still, many computer security experts felt the story has cast an unnecessarily negative light on Huawei, at least given the supposed evidence.
"I saw the report too, it's bullshit in angle," writes Kevin Beaumont, a security researcher based in the U.K. "Millions of routers and switches across the world have telnet enabled. Cisco's had something like seven actual backdoor accounts this year so far, I wait for the similar Bloomberg report about them."