LONDON—Telecoms group Vodafone found security flaws in equipment supplied by China’s Huawei to its Italian business in 2011 and 2012, the two companies said on April 30.
Vodafone, the world’s second-biggest mobile operator, said it had found security vulnerabilities in two products and that both incidents had been resolved quickly.
Vodafone said it had found no evidence of any unauthorized access and that Huawei could not have accessed the fixed-line network in Italy without permission.
“The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei,” a Vodafone spokesman said.
Huawei said it was made aware of historical vulnerabilities in 2011 and 2012 and that they had been addressed at the time.
Vodafone said the vulnerability had stemmed from the use of Telnet, a protocol that was commonly used by many vendors for performing diagnostic functions. It allows equipment manufacturers to communicate with their products after they have been deployed.
“It would not have been accessible from the internet,” Vodafone said.
The news of the historical flaws was first reported by Bloomberg.
Huawei, the world’s biggest producer of telecoms equipment, is under intense scrutiny after the United States told allies not to use its technology because of fears it could be a vehicle for Chinese spying. Huawei has categorically denied such accusations.
Last week Britain sought to navigate its way through the bitter dispute, with two security sources telling Reuters that it had decided to block Huawei from all core parts of its 5G network and restrict access to non-core parts.
The British government is still deliberating on the use of Huawei equipment in a future 5G network but aims to announce its decision in the next month.
A government report in March rebuked Huawei for failing to fix long-standing security issues and said that British security officials had found “several hundred vulnerabilities and issues” with the company’s equipment in 2018.
Spokesmen for the British government’s digital department and for the National Cyber Security Centre declined to comment.