News

Backdoor found on millions of DVRs, NVRs and IP cameras that use HiSilicon chips

Technological devices developed and manufactured in China remain a threat to the privacy and data protection of users around the world. Recent reports state that Huawei installed a rudimentary and unsecure backdoor on millions of surveillance devices including chips from HiSilicon, a subsidiary of the Chinese tech giant.

This backdoor exists in the form of a remote debugging tool in the firmware of video cameras produced by the company, and could be used on a local network to inject commands into vulnerable devices.

Data protection experts point out that this
vulnerability lies in the software that HiSilicon produces for its customers;
allegedly compromised components are employed by countless security system
manufacturers installed in business, industrial and government environments.

Vladislav Yarmak, pseudonym of the editor of
this report, says that this is a really simple, obvious and insecure backdoor.
“The firmware opens a service on TCP port 9530. By connecting to this port
it is possible to exchange some data to agree on a randomly generated session
key to encrypt the rest of communications with the software. Subsequently, a
Telnet OpenOnce request is sent to instruct the device to open a Telnet
service,” Yarmak says. If everything goes according to plan, a Telnet
daemon starts on TCP port 9527.

While Yarmak believes this is not a critical or
easily exploitable flaw, it does believe it is a sign of the poor commitment
that Huawei
(and many other technology firms) has shown with user data protection. So far,
neither Huawei nor HiSilicon has responded to questions.

Although specialists from the International
Cyber Security Institute (IICS), among others, have externalized their concern
about this finding and its potential reach of millions of devices, Yarmak
states that, during its scans using Shodan, it has only 13 exposed devices with
port 9530 open detected. Still, it is Huawei’s responsibility to speak out on
this finding, especially in the face of the complex picture facing the company
regarding its potential with the Chinese government, which has generated
multiple business problems, including potential ban in the U.S.

You Might Also Like