/apr 30, 2019

Learning From the Vodafone-Huawei Backdoor Scandal

By Laura Paine

Yesterday, Bloomberg reported that Vodafone uncovered hidden backdoors in Huawei equipment used for the carrier’s Italian business, which could have given Huawei unauthorized access to Italian homes and businesses. The alleged backdoors were found in 2011 and 2012, and Vodafone told Bloomberg that the issues were resolved at the time.

However, the BBC published a piece this morning in which Vodafone denied the Bloomberg report, citing a spokesperson who says that, "The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.”

Further, the spokesperson indicated that Bloomberg was incorrect in saying that Huawei could have had unauthorized access to the carrier’s Italian network, nor does Vodafone have evidence of any unauthorized access.

According to the BBC, Vodafone took some time off of deploying Huawei equipment in its core networks until a few issues are resolved – namely that Huawei has been accused of being controlled by the Chinese government, which could pose a security risk. The US encouraged allies not to use the equipment in 5G networks, with Secretary of State Mike Pompeo saying the U.S. wouldn't be able to work with nations using the Chinese technology.

What’s the Deal with Backdoors?

Backdoors are a method of bypassing authentication or other security controls in order to access a computer system or the data contained on that system. They can exist at the system level, in a cryptographic algorithm, or within an application. Some backdoors are included in software intentionally, however, they can still pose a serious threat if uncovered by the wrong people.

According a paper from Veracode CTO Chris Wysopal and Veracode Chief Research Officer Chris Eng, backdoored software enables attackers to gain access to highly secure systems that are otherwise rigorously locked down and monitored. The network traffic to and from an application backdoor will most often look like typical usage of the networked application.

For instance, the network traffic of an attacker using backdoored blog software will look like the typical web traffic of a blog user. This will enable them to bypass any network IDS protection. Since the backdoored software is installed by the system operator and is legitimate software it will typically bypass anti-virus software protection.

Many attackers will place backdoors in the source code of software that they have legitimate access to simply because it is a challenge and because they can. They have no intention initially of compromising systems where the software will be installed but take the opportunity because they may want to use the backdoor in the future.

Companies like Apple have forsaken backdoors, and has gone as far as to create their hardware without third-party access to ensure an acceptable level of protection for users and their personal information.

Curious to find out if you have backdoors in your code? Get in touch so we can help.

Related Posts

By Laura Paine

Laura Paine is a senior product marketing manager at Veracode, based in Burlington, MA.