Oh dear. Huawei enterprise router ‘backdoor’ was Telnet, sighs Vodafone
A claimed “backdoor” in Huawei routers used in the core of Vodafone Italy’s 3G network was, in fact, a routine implementation of Telnet.
The Bloomberg financial newswire reported this morning that Vodafone had found “vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business”.
“Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy,” wailed the newswire.
Unfortunately for Bloomberg, Vodafone had a far less alarming explanation for the “backdoor”.
“The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet,” said the telco in a statement to The Register, adding: “Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy’.”
It added: “The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.”
Huawei itself told us: “We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time. Software vulnerabilities are an industry-wide challenge. Like every ICT vendor we have a well-established public notification and patching process, and when a vulnerability is identified we work closely with our partners to take the appropriate corrective action.”
Prior to removing the LAN-facing Telnet server, Huawei was said to have insisted in 2011 on carrying out various configuration-related tasks remotely via the service. Bloomberg reported, citing a leaked internal memo from then-Vodafone CISO Bryan Littlefair:
Vodafone said Huawei then refused to fully remove the backdoor, citing a manufacturing requirement. Huawei said it needed the Telnet service to configure device information and conduct tests including on Wi-Fi, and offered to disable the service after taking those steps, according to the document.
El Reg understands that while Huawei was initially resistant to removing Telnet from the affected items – broadband network gateways in the core of Vodafone Italy’s 3G network – this was done to the satisfaction of all involved parties by the end of 2011, with another affected network-level product de-Telnet-ised in 2012.
Broadband network gateways in 3G UMTS mobile networks are described in technical detail in this Cisco (sorry) PDF. The devices are also known as Broadband Remote Access Servers and sit at the edge of a network operator’s core.
The issue is separate from Huawei’s failure to fully patch consumer-grade routers, as exclusively revealed by The Register in March.
Repeat after me: Telnet is not a backdoor
Characterising Telnet as a backdoor is a bit like describing your catflap as an access portal with no physical security features that allows multiple species to pass unhindered through a critical home security layer. In other words, massively over-egging the pudding.
Many Reg readers won’t need it explaining, but Telnet is a routinely used method of connecting to remote devices for management purposes. When deployed with appropriate security and authentication controls in place, it can be very useful. In Huawei’s case, the Telnet service wasn’t even facing the public internet, and used for in-network control.
Twitter-enabled infoseccer Kevin Beaumont also shared his thoughts on the story, highlighting the number of vulns in equipment from Huawei competitor Cisco, a US firm:
I saw the report too, it’s bullshit in angle – millions of routers and switches across the world have Telnet enabled. Cisco’s had something like 7 actual backdoor accounts this year so far, I wait for the similar Bloomberg report about them.
— Kevin Beaumont 🧝🏽♀️ (@GossiTheDog) April 30, 2019
Given Bloomberg’s previous history of trying to break tech news, when it claimed that tiny spy chips were being secretly planted on Supermicro server motherboards – something that left the rest of the tech world scratching its collective head once the initial dust had settled – it may be best to take this latest revelation with a pinch of salt. Telnet wasn’t even mentioned in the latest report from the UK’s Huawei Cyber Security Evaluation Centre, which savaged Huawei’s pisspoor software development practices.
While there is ample evidence in the public domain that Huawei is doing badly on the basics of enterprise software development, so far there has been little that tends to show it deliberately implements espionage backdoors. Rhetoric from the US alleging Huawei is a threat to national security seems to be having the opposite effect around the world.
With Bloomberg, an American company, characterising Vodafone’s use of Huawei equipment as “defiance” showing “that countries across Europe are willing to risk rankling the US in the name of 5G preparedness,” it appears that the US-Euro-China divide on 5G technology suppliers isn’t closing up any time soon. ®
Bootnote
This isn’t shaping up to be a good week for Bloomberg. Only yesterday High Court judge Mr Justice Nicklin ordered the company to pay up £25k for the way it reported a live and ongoing criminal investigation.
Sponsored:
Becoming a Pragmatic Security Leader
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/