※ 本文為 MindOcean 轉寄自 ptt.cc 更新時間: 2019-05-01 08:41:58
看板 Gossiping
作者 標題 [新聞] Vodafone承認在華為的設備中發現後門
時間 Tue Apr 30 19:13:32 2019
1.媒體來源:
Bloomberg
2.記者署名:
Daniele Lepido
3.完整新聞標題:
Vodafone Found Hidden Backdoors in Huawei Equipment
4.完整新聞內文:
For months, Huawei Technologies Co. has faced U.S. allegations that it flouted
sanctions on Iran, attempted to steal trade secrets from a business partner a
nd has threatened to enable Chinese spying through the telecom networks it’s
built across the West.
Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabili
ties going back years with equipment supplied by Shenzhen-based Huawei for the
carrier’s Italian business. While Vodafone says the issues were resolved, th
e revelation may further damage the reputation of a major symbol of China’s g
lobal technology prowess.
Europe’s biggest phone company identified hidden backdoors in the software th
at could have given Huawei unauthorized access to the carrier’s fixed-line ne
twork in Italy, a system that provides internet service to millions of homes a
nd businesses, according to Vodafone’s security briefing documents from 2009
and 2011 seen by Bloomberg, as well as people involved in the situation.
Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and
received assurances from the supplier that the issues were fixed, but further
testing revealed that the security vulnerabilities remained, the documents sh
ow. Vodafone also identified backdoors in parts of its fixed-access network kn
own as optical service nodes, which are responsible for transporting internet
traffic over optical fibers, and other parts called broadband network gateways
, which handle subscriber authentication and access to the internet, the peopl
e said. The people asked not to be identified because the matter was confident
ial.
A backdoor, in cybersecurity terms, is a method of bypassing security controls
to access a computer system or encrypted data. While backdoors can be common
in some network equipment and software because developers create them to manag
e the gear, they can be exploited by attackers. In Vodafone’s case, the risks
included possible third-party access to a customer's personal computer and ho
me network, according to the internal documents.
The Trump administration, arguing such end-runs around security in Huawei’s e
quipment could invite espionage by the Chinese state, is trying to persuade We
stern allies to block the company from the next generation of mobile networks.
Huawei has repeatedly denied that it creates backdoors and says it’s not beh
olden to Beijing.
Huawei’s ability to continue winning contracts from London-based Vodafone, de
spite the carrier’s security concerns, underscores the challenge facing the U
S. as it tries to hinder the world’s top telecom equipment vendor and No. 2
supplier of smartphones. Huawei is vying against a stable of Western companies
including Nokia Oyj and Ericsson AB to roll out fifth-generation, or 5G, wire
less networks.
Vodafone has defended Huawei against the U.S. onslaught, which has placed Euro
pe—Huawei’s largest market outside China—in the middle of a trade battle be
tween two superpowers. At stake is leadership in key areas, principally 5G tec
hnology that’s designed to support the internet of things and new application
s in industries spanning automotive, energy to healthcare. Vodafone Chief Exec
utive Officer Nick Read has joined peers in publicly opposing any bans on Huaw
ei from 5G rollouts, warning of higher costs and delays. The defiance shows th
at countries across Europe are willing to risk rankling the U.S. in the name o
f 5G preparedness.
In a statement to Bloomberg, Vodafone said it found vulnerabilities with the r
outers in Italy in 2011 and worked with Huawei to resolve the issues that year
There was no evidence of any data being compromised, it said. The carrier al
so identified vulnerabilities with the Huawei-supplied broadband network gatew
ays in Italy in 2012 and said those were resolved the same year. Vodafone also
said it found records that showed vulnerabilities in several Huawei products
related to optical service nodes. It didn’t provide specific dates and said t
he issues were resolved. It said it couldn't find evidence of historical vulne
rabilities in routers or broadband network gateways beyond Italy.
“In the telecoms industry it is not uncommon for vulnerabilities in equipment
from suppliers to be identified by operators and other third parties,” the c
ompany said. “Vodafone takes security extremely seriously and that is why we
independently test the equipment we deploy to detect whether any such vulnerab
ilities exist. If a vulnerability exists, Vodafone works with that supplier to
resolve it quickly.”
In a statement, Huawei said it was made aware of historical vulnerabilities in
2011 and 2012 and they were addressed at the time.
However, Vodafone’s account of the issue was contested by people involved in
the security discussions between the companies. Vulnerabilities in both the ro
uters and the fixed access network remained beyond 2012 and were also present
in Vodafone’s businesses in the U.K., Germany, Spain and Portugal, said the p
eople. Vodafone stuck with Huawei because the services were competitively pric
ed, they said.
While backdoors are common in home routers, they are usually fixed by manufact
urers once disclosed, said Eric Evenchick, Principal Research Consultant at At
redis Partners, a U.S. based cybersecurity firm. Evenchick called the situatio
n with Huawei’s equipment “very concerning.”
Founded in 1987, Huawei entered the European market in 2000. Landmark contract
s with Britain’s BT Group Plc and Norway’s TeliaSonera helped Huawei win mar
ket share from—and eventually surpass—Nokia and Ericsson.
Vodafone started buying wifi routers from Huawei in 2008 for its Italian busin
ess and, later, for the U.K., Germany, Spain and Portugal. Routers are special
ized machines that assist in directing voice and other kinds of data coursing
over the internet.
Pulling Ahead
Between 2013 and 2018, Huawei increased its telecom market share by 8 percenta
ge points.
Vodafone managers had concerns with the security of the routers almost right a
way. They were the topic of an internal presentation from October 2009 that po
inted to 26 open bugs in the routers, six identified as “critical” and nine
as “major.” Vodafone said in the report that Huawei would need to remove or
inhibit a so-called telnet service—a protocol used to control devices remotel
y—that the carrier said was a backdoor giving Huawei access to sensitive data
.
In January 2011, Vodafone Italy started a deeper probe of the routers, accordi
ng to an April report from the year. Security testing by an independent contra
ctor identified the telnet backdoor as the greatest concern, posing risks incl
uding giving unauthorized access to Vodafone’s broader Wide Area Network (WAN
is a network that spans a large footprint). Vodafone noted that it’s an indu
stry practice by some router manufacturers to use a telnet service to manage t
heir equipment, but the company said it didn’t allow this.
The document chronicles a two-month period during which Vodafone’s Italian un
it discovered the telnet service, demanded its removal by Huawei and received
assurances from the supplier that the problem was fixed. After further testing
, Vodafone found that the telnet service could still be launched.
Vodafone said Huawei then refused to fully remove the backdoor, citing a manuf
acturing requirement. Huawei said it needed the telnet service to configure de
vice information and conduct tests including on wifi, and offered to disable t
he service after taking those steps, according to the document.
Huawei’s apparent reluctance only amplified concerns that were circulating ev
en then that the company might pose a security threat to customers.
“Unfortunately for Huawei the political background means that this event will
make life even more difficult for them in trying to prove themselves an hones
t vendor,” Vodafone said in the April 2011 document authored by its chief inf
ormation security officer at the time, Bryan Littlefair. He noted that Vodafon
e had made a recent security visit to Shenzhen and said he was surprised Huawe
i hadn’t given the matter a greater priority.
What is of most concern here is that actions of Huawei in agreeing to remove t
he code, then trying to hide it, and now refusing to remove it as they need it
to remain for ‘quality’ purposes,” Littlefair wrote.
Huawei declined to comment on the concerns raised by Littlefair. Littlefair di
dn’t respond to requests for comment.
“There’s no specific way to tell that something is a backdoor and most backd
oors would be designed to look like a mistake,” said Stefano Zanero, an assoc
iate professor of computer security at Politecnico di Milano University. “Tha
t said, the vulnerabilities described in the Vodafone reports from 2009 and 20
11 have all the characteristics of backdoors: deniability, access and a tenden
cy to be placed again in subsequent versions of the code,” he said.
Huawei called software vulnerabilities “an industry-wide challenge.” In a st
atement, it said: “Like every ICT vendor we have a well-established public no
tification and patching process, and when a vulnerability is identified we wor
k closely with our partners to take the appropriate corrective action.”
Made in China
Huawei has a lot of market share to lose in Europe, the Middle East and Africa
Huawei has expanded its relationship with Vodafone well beyond routers and is
now its fourth-largest supplier behind Apple, Nokia and Ericsson. Huawei’s ge
ar is found across Vodafone’s wireless networks in Europe; in the U.K., equip
ment from Huawei accounts for about one-third of the radio-access network, a c
ritical piece of the infrastructure.
Some telecom companies have taken steps to limit Huawei’s exposure from the m
ost sensitive parts of their networks, amid the added government scrutiny. In
January, Vodafone’s CEO Read said the company had paused purchases of Huawei
equipment for the core of its mobile networks in Europe, citing too much “noi
se” around the situation.
Still, carriers including Vodafone are fighting against the threat of Huawei b
eing banned in Europe because they’ve come to rely so heavily on the supplier
Abandoning Huawei for 5G, with Europe already lagging behind China and the U
S., could force them to rip out the supplier’s 4G gear, a process that could
take years and cost billions of dollars.
— With assistance by Tommaso Ebhardt, Tom Giles, Thomas Seal, Frank Connelly,
and Patricia Suzara
5.完整新聞連結 (或短網址):
https://tinyurl.com/y3ao6n69
6.備註:
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 111.71.96.113
※ 文章代碼(AID): #1So2tVU2 (Gossiping)
※ 文章網址: https://www.ptt.cc/bbs/Gossiping/M.1556622815.A.782.html
推 : 沒抓到說你抹黑造謠 抓到後說只是漏洞待修補1F 04/30 19:14
→ : 幹 翻譯勒2F 04/30 19:14
推 : 中國品牌手機沒考慮過3F 04/30 19:15
推 : ...一定不是後門 而是漏洞被發現而已 別緊張4F 04/30 19:15
→ : 發現後門,然後爭取要繼續使用。中國人終於把鴉片賣回去了?5F 04/30 19:15
推 : 沒翻譯台男看不懂啦6F 04/30 19:15
華為再爆安全漏洞!全球電信老二:10年前就發現 - 自由財經
全球第2大行動通訊運營商沃達豐(Vodafone)最新承認,該公司早在2009年,就發現華為為沃達豐在義大利業務提供的設備,存在隱藏後門漏洞。(法新社)
〔財經頻道/綜合報導〕雖然美國已警告,華為設備 ...
全球第2大行動通訊運營商沃達豐(Vodafone)最新承認,該公司早在2009年,就發現華為為沃達豐在義大利業務提供的設備,存在隱藏後門漏洞。(法新社)
〔財經頻道/綜合報導〕雖然美國已警告,華為設備 ...
→ : 阿不是講得很大聲說投資下去了?這下GG了厚?9F 04/30 19:16
推 : 鄉民不都多益1000分 沒翻譯也沒什麼吧10F 04/30 19:16
→ : 超長 ==11F 04/30 19:16
噓 : 這什麼名不見經傳的小公司 發農場文還有記者抄12F 04/30 19:16
推 : 沒關係 手機版照買~15F 04/30 19:18
→ : Vodafone是小公司?16F 04/30 19:18
→ : 外國記者真的很認真...超長文=_=17F 04/30 19:18
推 : 這是彭博社的新聞原文18F 04/30 19:19
推 : 直通習近平的後門19F 04/30 19:19
推 : 我以為vodafone是世界第二大通訊公司20F 04/30 19:20
彭博爆料:歐電信龍頭2009年就發現華為設備藏漏洞 | 全球財經 | 全球 | 聯合新聞網
歐洲電信龍頭伏得風(Vodafone)向彭博資訊坦承,早在數年前就發現由中國華為公司供應給旗下義大利事業的設備出現資安... ...
歐洲電信龍頭伏得風(Vodafone)向彭博資訊坦承,早在數年前就發現由中國華為公司供應給旗下義大利事業的設備出現資安... ...
推 : 這是中國式的民主、這是中國式的隱私22F 04/30 19:21
→ : 怎麼多了兩個字 承認 是華為才需要承認吧23F 04/30 19:22
→ : 反觀台灣新聞24F 04/30 19:22
噓 : 我岳父說是小公司 就是小公司25F 04/30 19:22
推 : 感謝樓上精神加持26F 04/30 19:23
推 : 正常27F 04/30 19:24
推 : 女兒知道了不知會不覺得丟臉28F 04/30 19:24
推 : 支那就是賤,死性不改29F 04/30 19:25
推 : 沒看到是yo在轉彎就回了XD這次是繞過世界第二大電信公30F 04/30 19:25
→ : 司
→ : 司
→ : 買方跟媒體承認有這件事啊 而且看來不了了之 內部被禁32F 04/30 19:26
→ : 口
→ : 口
推 : 勿忘彭博的間諜晶片報導34F 04/30 19:26
→ : 迫於政治壓力,但現在剛好美國在罩可以講了35F 04/30 19:27
噓 : 聽都沒聽過的小公司。who care?36F 04/30 19:27
推 : 資安不值錢37F 04/30 19:27
→ : 彭博如果亂講是會被調查罰款的 結果有嗎?還在否認晶片38F 04/30 19:29
→ : 門喔 你以為影響股價的新聞美國會放任你亂報嗎?
→ : 門喔 你以為影響股價的新聞美國會放任你亂報嗎?
推 : 看不懂啦40F 04/30 19:30
推 : 沒差啦歐洲還是繼續用41F 04/30 19:30
→ : 上個月才從別的電信轉vodafone因為最近有便宜方案42F 04/30 19:31
推 : 12樓做簽名黨囉!43F 04/30 19:33
推 : 沒懶人包,怒噓44F 04/30 19:34
推 : 樓上新警察45F 04/30 19:35
→ : yo叔又調皮了46F 04/30 19:37
→ : 還好我都用ORANGE(誤XD)47F 04/30 19:37
推 : 抓包48F 04/30 19:38
→ : 彭博的間諜晶片 => 結果是烏龍 看這次有沒有XDDD49F 04/30 19:38
推 : 被發現不奇怪 但是這個時間點很妙50F 04/30 19:39
推 : 爛透了51F 04/30 19:41
推 : yo來反串52F 04/30 19:42
推 : 大大有摘要可以看嗎?小弟多益200分的看不懂53F 04/30 19:42
推 : 沒聽過我打瘋也是厲害了XD54F 04/30 19:42
→ : 拿個反串的做簽名檔幹啥?55F 04/30 19:43
→ : 沒翻譯發什麼文56F 04/30 19:44
推 : 哦哦哦Vodafone好用57F 04/30 19:44
→ : 看不懂的可以去自殺了
→ : 看不懂的可以去自殺了
推 : 還好我都用中華59F 04/30 19:46
推 : vodafone 沒聽過啦,一定是哪邊的野雞公司60F 04/30 19:46
→ : 彭博社上次的植入晶片事件讓人無法不聯想這新聞的真61F 04/30 19:52
→ : 實性?
→ : 這新聞別急...等幾個月先
→ : 實性?
→ : 這新聞別急...等幾個月先
推 : YoYodiy 你又反串了 這麼多新警察?64F 04/30 19:55
推 : 承認三小 Vodafone 跟華為又沒什麼關係 另外沒翻譯888865F 04/30 20:03
→ : 8888
→ : 8888
→ : 嗯嗯 真的耶67F 04/30 20:07
→ : 支那手機我是不敢用啦68F 04/30 20:10
→ : 看完了,原來是這樣子啊69F 04/30 20:13
→ : 承認的意思是說之前早發現了,只是現在才講出來70F 04/30 20:15
推 : Vodafone 很大啊 我跑船羅馬尼亞 烏克蘭都用它71F 04/30 20:16
→ : 沒翻譯不能貼喔72F 04/30 20:24
推 : vodafone=>歐洲中華電信73F 04/30 20:35
→ : 為蛇麼整篇都亂碼@@74F 04/30 20:44
推 : yo叔的餌會有多少26咬 XDDD75F 04/30 20:47
推 : 支那賤畜又要崩潰了76F 04/30 20:57
推 : 高調77F 04/30 21:02
推 : 在澳洲也用vodafone78F 04/30 21:05
→ : 不稀奇啊.. 認識內部的人就提到,華為的筆電會回傳資料79F 04/30 21:09
→ : 手機肯定也是少不了的
→ : 手機肯定也是少不了的
推 : 幹好長81F 04/30 21:13
推 : 高調82F 04/30 21:21
推 : 用"承認"好像怪怪的83F 04/30 21:25
推 : 這時代還有新警察喔? 還是五毛? 連我岳父都不認識84F 04/30 21:30
→ : 野雞公司85F 04/30 22:34
推 : 意外嗎86F 04/30 22:41
推 : 推87F 04/30 22:48
推 : 華為:無所不偷 共產黨沒有距離88F 04/30 22:53
推 : 推推89F 04/30 23:32
推 : 嘻嘻90F 05/01 00:15
推 : ptt舔共手機版極力護航91F 05/01 00:16
推 : 嗯嗯 原來是這樣92F 05/01 00:51
推 : 中國出的多多少少啦,別大驚小怪的,不要用就好了93F 05/01 01:07
推 : 2009—2011年間發現裝置有後門/漏洞回報給華為,華為說94F 05/01 01:07
→ : 修好了但vodafone事後測試發現還是有辦法開啓
→ : 修好了但vodafone事後測試發現還是有辦法開啓
推 : 高調96F 05/01 06:34
--
3樓 時間: 2019-04-30 21:04:49 (台灣)
→
04-30 21:04 TW
有 Vodafone 前全球資安首席 Bryan Littlefair 證實:“Unfortunately for Huawei the political background means that this event will make life even more difficult for them in trying to prove themselves an honest vendor,” Vodafone said in the April 2011 document authored by its chief information security officer at the time, Bryan Littlefair. He noted that Vodafone had made a recent security visit to Shenzhen and said he was surprised Huawei hadn’t given the matter a greater priority.
4樓 時間: 2019-04-30 21:06:54 (台灣)
→
04-30 21:06 TW
不幸的是,華為的政治背景意味著這一事件將使他們在努力證明自己是一個誠實的供應商時更加困難,“ Vodafone 在其當時的首席資訊安全官 Bryan Littlefair 撰寫的2011年4月文件中提過。 他指出, Vodafone 最近對深圳進行了一次資安訪問,並表示他對華為未給予此事較高優先權感到驚訝。
5樓 時間: 2019-04-30 21:38:12 (台灣)
→
04-30 21:38 TW
沃達豐Vodafone集團,是英國跨國電信公司, 總部位於英國倫敦。沃達豐Vodafone為世界第二大行動通訊網路公司。 截至2011年12月31日,沃達豐在全球擁有約4億3900萬名用戶。
回列表(←)
分享