Vodafone, one of the biggest telecommunications company in the EU, revealed that they identified several security vulnerabilities in equipment manufactured by Huawei between 2009 and 2011. These vulnerabilities could allow access to sensitive user data, however, these backdoor were not used as far as the data collected by Vodafone revealed. The vulnerabilities were initially discovered in home routers manufactured by Huawei and distributed to Vodafone customers for home use and later on, several other problems were identified in telecommunications equipment used by the company in the UK, Italy, and Spain.
Huawei mentioned that none of the backdoors were intentionally inserted in the code, but were programming errors that were resolved with software fixes. The story after this is blurry, where Vodafone wrote that even after the updates, some backdoors could still be identified during penetration testing performed by the company, and a real fix came later than initially reported by Huawei. These backdoors could have allowed access to internal configurations of the devices as well as logs and other sensitive data.
Even with the fixes implemented and deployed, this story further discredits Huawei, a company that has been a lot under fire from the Trump administration. There are real concerns related to Huawei and it’s support for the Chinese government, where the company could potentially supply data, information, and access to critical telecommunications infrastructure, if requested by the Chinese. Even though no actual proof was discovered so far related to a close collaboration between the company and the government, the US forbids the usage of Huawei’s equipment, with other EU states following the same trend.