Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A Huawei logo. Photo: Jaap Arriens/NurPhoto via Getty Images

Bloomberg reported Tuesday that Vodafone's Italian division had discovered "backdoors" in its Huawei-brand telecommunications equipment in 2011 and 2012.

But, but, but: The story did not play well in the security community, where the evidence is seen as insufficient to the central claims. It didn't make a strong case that the "backdoor" was anything more than a minor, unintentional problem. Vodafone's official stance was it wasn't.

Reality check: The story was based on internal memos leaked to Bloomberg.

  • The "backdoors" were a number of security flaws that Vodafone found in security testing. All hardware and software have security vulnerabilities, so that doesn't seem particularly malicious.

Details: One "backdoor" was Telnet, an extremely common communications protocol that many hardware manufacturers use for configuration. While Huawei used the industry standard way to make Telnet inaccessible via the wider internet, Vodafone has a policy of not allowing Telnet.

  • When Huawei fixed the equipment, it claimed it resolved the Telnet issue, but Telnet was still accessible.
  • According to the memos, Huawei said that Telnet couldn't be entirely removed from the router.

To be clear: This chain of events is common for manufacturers. It's hard to make the leap to claiming this was a backdoor based on the story.

  • This is where the story stopped.

However: Bloomberg may not have given the full account of the technical reasoning that the Telnet issue was intentional.

  • Bloomberg did not release the memos, so it's hard to verify any technical details.
  • Still, according to Stefano Zanero, an expert quoted in the story who did see the memos, the memos make Huawei seem sketchier than the story suggested.

According to Zanero, the following was left out of the story:

  • The Telnet service wasn't in guides explaining how the hardware worked.
  • The passwords to the Telnet service couldn't be changed, meaning the manufacturer would always know how to hack the hardware.
  • It accepted connections in a nonstandard way, which made it seem hidden.
  • The Telnet was successfully removed once but reintroduced later.

The bottom line: It still isn't a smoking gun. Even with Zanero's elaborations, to most of the security community, this has read like Vodafone employees attributing malice to incompetence.

Go deeper: Vodafone denies Bloomberg report on security flaws in Huawei equipment

Go deeper

17 mins ago - Podcasts

Bob Nelsen on AstraZeneca and his plan to revolutionize biotech

AstraZeneca and the University of Oxford on Monday reported promising efficacy data for their COVID-19 vaccine, which has less stringent storage requirements than the Pfizer and Moderna vaccines and may be distributed earlier in developing countries.

Axios Re:Cap digs into the state of vaccine and therapeutics manufacturing with Bob Nelsen, a successful biotech investor who on Monday launched Resilience, a giant new pharma production platform that he believes will prepare America for its next major health challenges.

Ben Geman, author of Generate
Updated 24 mins ago - Energy & Environment

Unpacking Joe Biden's decision to tap John Kerry as his climate envoy

Photo: Pablo Blazquez Dominguez/Getty Images

President-elect Joe Biden is naming former Secretary of State John Kerry as a special presidential envoy for climate change.

Why it matters: The transition team's announcement sought to show that it will be an influential role, noting that Kerry — a former Massachusetts senator and the Democrats' 2004 presidential nominee — will be on the National Security Council.

Dave Lawler, author of World
2 hours ago - World

Oxford and AstraZeneca's vaccine won't just go to rich countries

Waiting, in New Delhi. Photo: Jewel Samad/AFP via Getty Images

While the 95% efficacy rates for the Moderna and Pfizer/BioNTech vaccines are great news for the U.S. and Europe, Monday's announcement from Oxford and AstraZeneca may be far more significant for the rest of the world.

Why it matters: Oxford and AstraZeneca plan to distribute their vaccine at cost (around $3-4 per dose), and have already committed to providing over 1 billion doses to the developing world. The price tags are higher for the Pfizer ($20) and Moderna ($32-37) vaccines.