Bloomberg Appears To Flub Another China Story, Insists Telnet Is A Nefarious Huawei Backdoor

from the protectionism-dressed-up-as-natsec dept

So we've noted for a while now how the Trump administration's protectionist bid to ban Huawei from US networks is a bit light on, you know, public evidence. While Huawei is now routinely lambasted for helping the Chinese government directly spy on American consumers, there's still no public evidence that supports that claim. That hasn't stopped the administration from waging an all out war on the company, ranging from pressuring the FCC to pressure carriers to avoid Huawei phones, to banning ISPs from getting public subsidies if they use Chinese equipment.

The problem, again, is that despite an 18 month investigation the last time these concerns flared up, there's been absolutely no public evidence Huawei spies on US consumers. The other problem: numerous US hardware vendors have a bit of a history of drumming up lawmaker hysteria on this front to their own benefit.

The Trump administration's protectionist gambit has had a lot of help from a US media that isn't particularly keyed into this added context, or how patriotism may color their coverage of the issue. The latest case in point: Bloomberg this week issued what seemed like a bombshell report claiming they'd finally found evidence of Huawei installing seemingly nefarious backdoors in their gear:

"Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China’s global technology prowess. Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation."

And while that sounds monumentally terrible, that's not actually what happened. Follow up reporting quickly told a different story:

"In a statement, Vodafone said: "The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012. " The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet . "Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'. "In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development. "The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei." A Huawei spokesperson said: 'We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time.

In other words, it wasn't a nefarious backdoor, it was just a screw up -- and not a diabolical one at that. This falls in line with what the UK and Germany governments have been saying: Huawei gear may sometimes be shitty, but that's not synonymous with malicious espionage. Both countries have cast doubt on US demands that Huawei be blacklisted globally, stating the US has not provided suitable evidence to justify such a move. The UK recently stated it would be tightening overall security and restricting Huawei's use in some of its more sensitive networks, but wouldn't be supporting an outright ban. If this political cartoon in the Guardian is any indication, some folks didn't take the news particularly well.

Bloomberg, of course, has been widely criticized for recently flubbing a story that claimed Chinese spies had infiltrated the supply chain and embedded surveillance backdoors in equipment used by major companies including Apple and Amazon. Like that story (albeit different authors), all the companies involved in this latest report say Bloomberg appears to have misread the evidence provided the outlet by anonymous third parties.

Again, none of this is to say the Chinese government is a saint. Its treatment and surveillance of political dissidents and its critics is well established. But that doesn't change the fact that before you blackball a company you should be able to provide actual evidence, something the US would justly demand were the shoe on the other foot. Nor does it change the fact that US gear makers have been trying to have Huawei banned for years for one real reason: they don't want to have to compete with cheaper Chinese kit:

"What happens is you get competitors who are able to gin up lawmakers who are already wound up about China,” said one Hill staffer who was not authorized to speak publicly about the matter. “What they do is pull the string and see where the top spins."

Journalists need to be careful not to be manipulated by US companies and their dubious shell operations hoping to gin up protectionist hysteria dressed up as natsec concerns. It also shouldn't be forgotten that the United States has engaged in much of the same behavior it has accused Huawei of, something usually ignored by journalists covering this story. That's not intended as "whataboutism" ("the US spies too therefore spying isn't bad!"), but to note that this is some important context that should be included in coverage but, somehow, usually isn't.

Meanwhile, China doesn't even really need Huawei to spy on Americans. Chinese gear is in pretty much everything from your smart doorbell to your router, and China's intelligence operatives are busy tapping undersea cables much like the US has for decades. Given Americans are busy happily attaching internet of things devices with paper mache grade security to every home and business network in America, there's a universe of attack vectors available to them that don't involve ruining the global reputation of one of their most successful companies.

Again, maybe Huawei does spy on Americans as a cutout for the Chinese government. But before engaging in a cross-continental blackballing effort of a hugely successful company, asking for some hard public evidence of that fact doesn't seem like too much to ask.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, reporting, security, telnet

Companies: huawei, vodafone