Vodaphone sources claim Huawei created a "backdoor" for its home routers and network switching equipment and then lied about removing it

Vodaphone discovered that the home routers that Huawei provided for its Italian residential broadband business had a "backdoor" -- an open telnet interface that could allow attackers to take over the router and surveil the user's network -- and after they complained to Huawei about it, Huawei released an update that they claimed removed the interface, but that this was a lie.

Bloomberg's Daniele Lepido broke the story, and it's a little confusing. The term "backdoor" implies that Huawei left an interface open so that it could do something nefarious, like conducting surveillance on Vodaphone's customers, but Huawei's statements about the interface imply that it was a sloppy mistake -- they say that the telnet interface was used as part of the setup and configuration process, and that they couldn't remove it altogether without making it hard (or maybe impossible?) to set up their routers.

If Huawei is to be believed, then they are guilty of terrible security practices (that's a really stupid way to design a router), but not necessarily guilty of a "backdoor" in the customary sense of the word. But as one expert quoted by Bloomberg notes, if you were going to design a deliberate backdoor, you'd be smart to disguise it as a programming error.

Much more damning (and somewhat buried in the Bloomberg reporting) is the presence of telnet interfaces in "optical service nodes" (which are used for managing fiber optic traffic) and "broadband network gateways" (which bridge between customer equipment like home routers and internet backbones). Read the rest