Subscriber Discussion

Researcher: Backdoor Mechanism Still Active In Devices Using Hisilicon Chips

UM
Undisclosed Manufacturer #1
Feb 05, 2020

Quote from article about backdoor and not trusting hisilicon.

Researcher said he did not notify HiSilicon due to a lack of trust in the hardware vendor to adequately fix the issue.

**********: ******** ********* ***** ****** ** devices ***** ********* ***** | *****

"**********, *** ***** ***** ********* *** unwilling ** ********* ** ******* ******** security ***** *** [***] **** ******** which, ** *** ***, *** *********** intentionally," ****** ****.

****** **** **** **** *** ****** service ** ** *** *******, *** attacker *** *** ** **** *** of *** *** ****** *********** ****** below, *** **** ****** ** * root ******* **** ****** **** ******** control **** * ********** ******.

(1)
JH
John Honovich
Feb 05, 2020
IPVM

****** *** *******. ** *** ******* into **** *** ** ***'* **** to ******* * ****** ***** ** have **** *** *** *** *********.

** ****** *** *** ***** **** this **********'* ******, ****** *****.

U
Undisclosed
Feb 05, 2020
In reply to John Honovich

******* **** ***** **********: **** ************* (********) ** firmware *** *********-***** ****, **** *** IP ******* / ****

**** **'* ******* ****** ** *** entirely ******** *** **** ******** ****** claiming ****'* **** ** *** *** having ********** ******* **** *** ****** that **** ******'* ******. ******'* ******* thread ******** * ****** ******** **** works (* *****.)

** ***'** ******** **** *** ** make **** **** ******* ******* ***** at *** *********** *****. **** ******** do * ******* *** ** ***** and ***** **** **** ** *****.

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero

* ****** * ****** *** ****** out ** * ***. **** *** a ********** ****** ****, **** *** Chinese ******* ** **. ** **** not **** **** **** ****:

** **** **** *** **** ****** already ****:

*** ** **** *** **** *** debug **** ******* ****:

*** ***** ******* ** **** ** sloppy, ***. ** **** ************* ****** (and ** ****** ****), ** ***** be * ************* ** *** "********", not ** *** "********* ****". ****** a **** *** * ************* ***** imply, ** **, **** *** **** is *********** **** ** *** **** instruction *** ** *** ****, ********* that ** *** ****** ******* ** fixed. **** **** *** ****** **** and *** ******* ********, ***** **** vulnerability ******, ** ** * ********* of *** ********.

*******, **** ***** **** **** *****, it ***** ** * ************* ***** threat **** *** ********* ***** ****** backdoor, ** **** ***** ***** *** have ***** **** ** **** ********* by *******. ** ***** ***** ** a **** ****** *********, *** **** harder ** ******* ******* ****** ******* from *** ********.

* **** ** *** ** * have *** ********* ***'* ****** ******.

****, **** *** ********** ****, *** can *** **** ** ** * Hik ****** **** ** ********* ******* connections:

(1)
ZS
Zachary S.
Feb 05, 2020
Gen IV Technology
In reply to Brian Karas

*** *** ******* **** :
"********* ** ******, *** ******** *** be ********* ** ******* * ****** of ******** **** *** **** **** to ******* **** *** ********* *****.

The ******** **** ****** *** ****** service on a vulnerable device."

**** *** *********** ** ***** **** you *** **** ******* *** **** short ********* ** **** ******* :**** **********: **** ************* (********) ** firmware *** *********-***** ****, **** *** IP ******* / ****

$ ****** ***.**.***.** ****** ***.**.***.**... ******: Unable ** ******* ** ****** ****: Connection ******* $ ./**-***-****** ***.**.***.** ******** Sent **********:******** *******. *******:******** *********=**************** ******:** Open:OK


****** ****** ** ********** ********** **:

  • ****** **** ***** *******-***-*********.
  • ****** ******** **** ********* ****-***-*************. **** ** ************ ***** *** to ***** ***, ***** ****** ******* PSK *********** **** ********.
  • **-***-****** ****** ******** *** ********, *** telnet **** ***** (**** **** ****** with ***** ******** ******** ***** ******* only**********:***************).

* **** ******* **** ***** ** my *** ** ****.

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero
In reply to Zachary S.

The ******** **** ****** *** ******

* ***** * ********** ***** **** confusion ** ****** ****.

"******" ** * *** ** ** overloaded ****. **** ***********, "** ****** to * ******" ******* ***** ** use *** ****** ******* ** ******* to *** ****** **** ** * remote ****, ***** *** *** ***** to * ***** *** ******* ******* commands. *******, *** ****** ******** ** unencrypted, *** ********* **** ********.

*** ****** ******* ** ******** **** as * ***** ** ********* * basic ********** ** * **** ** exchange *********** **** ****. ** *** end ** ** ******** ****, *** can *** **** * *** *** telnet ******* ** ******* ** *** webserver (****) **** ** ** ******, and **** ***** * ***** *** command, ******* ** * *******. *** camera ******** **** *** **** ******** it ***** ** * ***** *** browser, ***** *** *** *** ** the ****.

***** ** ** ****** ****** ** port ** ** *** ******, ***** is * *********, *** ** *** base ***** *** ** *** ***** is ********** ****** **** **** * TCP **********, ***** *** ****** ****** client/program ** ***** ** ********.

** **** *******, *** ******* ** port ****, *** ******** **** ****** challenge/response **** ***** ** * ***-****** key. ** *** ******* ** **** exchange, *** ** *** **** ******* access ** ******* ** *** ******. If *** **** *** ****** ******** codes *** ****** (*********) **** ***** up **** * **** **** * "traditional" ****** ****, ***** *** *** then *** *** ****** ******* *** protocol ** *** ***** ****** ** the ******. ** **** ****** ** vulnerable, *** ***** ******* **** ************* entirely *** *** ****** *******, ** sending *** ****** *********.

*** ***** ************* ** ***** ** being **** ** **** * ********** to **** ****. ** ***** ** no ******** ** **** ****, ** it ** ********** ***, **** *** won't ** **** ** *** *** exploit. ** ** ****** ****, ***** is ** ******** ** *** **** and *** ****** ** *** ********** to **** ******* (******: * **** not **** * **** **** ** see ** *** **** ****** *** listener ** ***** ** * ********* port *** **** ******* *** ** executed ******* * ********* **** ****).

ZS
Zachary S.
Feb 05, 2020
Gen IV Technology
In reply to Brian Karas

* ** ****** ******** **** ******. I *** **** **** ********* *** I ******* : **** ****** ******** versions **** **** **** ****/*** ********* for ******* ********, *** ******* ************* challenge-response ************** *** **** ** ** committed. **** ** * ******* ** actual **********.

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero
In reply to Zachary S.

* ** ****** ******** **** ******.

* ******* *** **** ***, *** based ** **** **** * ******* maybe * ************* *** :)

***, ******** ** ****** ****, * did *** *** **** ****:

**** ****** ******** ******** **** **** port ****/*** ********* *** ******* ********

** ** "******", **** **** ****-***** and **** ***** ****** ******** *****, this ***** ** ****** ******* ******** of ******** ****** ** *** ** backdoors.

(1)
ZS
Zachary S.
Feb 05, 2020
Gen IV Technology
In reply to Brian Karas

* ******* *** **** ***, *** based ** **** **** * ******* maybe * ************* *** :)

*** ***** ***** ** ************** ** ;) ****** * **** **** *** movie "*******" ****** ** ** ********** a ************!

* ** **** **** **** * little **** ***** ***** **** ********, considering ********* ***** **** **** *** developer *** *** *** *** ****, some **** **-**** ******* ** ******** could've **** ****** *** *********** *** from ** *** *** *** *** most ***** ** ****** ****.

* ** *** **/****** *** * lot ** ***** ****** * ***'* recognize ****** **** ** ****** ************ ****. ** **** ***** * would ******* **** ******* ** *** going ** ****** ****, ** ***, of *** **** ***** ***** ******* that *** ******* **** *** ******* market *********.

UM
Undisclosed Manufacturer #1
Feb 05, 2020

***** *** ************* ** **** *** stock ********/************ **** *** ******* ************. Then *** **** **** ** ***** their ********, *** **** *** ****** to *** *** ***-***** *********/******** ** build ***** ***.

******* ******* ** **** * ****** quickly *** ****** ** *** *** stock **** ***** *** **** *** vuln ** ****, *** *** ****** OEMs **-******* ***** **********/** *** ******* the *****?? **** ******** ****...

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero
In reply to Undisclosed Manufacturer #1

**** ** *** ** ***** ** me.

********* **** ** *** "***** ***** own ********" ** **** ** **** take * ****** ** ************* **** the ************ *** **** ***** **** things ** ***. *** **** ******* would ** ********* **** * *********** discovery ********, ** ******** *** ******** so **** *** ****** *** **** with ******** *** ******* *** ************.

**** *** *********** ********* ** **** vulnerability, ** ** ******* *** ******* integrated *** ****** ***** **** **** is ** *** **** ********. **, in *** **** ** *****, *** have * ****** (***** ** *****, I ****** ***** ** ** ******) that *** * *** ** **** functionality ****** **** **. ** ** very ********* ** ****** **** ******, since *** ** *** *** *** source **** *** **. ** *** vulnerability *** ** *** ** ***** core ********, ** ***** ** **** to *********, *** *** *** ***** not **** ******* ** ** *****. If ** ** **** **** ** external *****/******* ******, **** *** *** would ******** ** ***** ** **, and ** ***** ** **** **** to **** **** ** ******** **** the ******** ******** *******.

UM
Undisclosed Manufacturer #1
Feb 05, 2020
In reply to Brian Karas

*'* ******** **** **** *** ***/*** side ** **, ****** **** *** relabeler "***". *** *** ******* * making * ****** (*** ***/***** ** OEM *******) *** *** * ********* chipset. ***** ** *** ***** *** to *** ********* **** ********* ** compiling **** ***.

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero
In reply to Undisclosed Manufacturer #1

*** **, ****** * ***** ***** many ** ***** ***** ** ********* rely **** ** *********'* ********* ****** vs. ***** ***** *** **** *******.

***, ** **** *****, **** *** the ************* ** *********, ** ** a ******* ** *********-******** ********, *** if ** ************ **** ********* ***** and ****** ***** *** ********, **** vuln ** **** ****** *** *******.

Avatar
Sean Patton
Feb 05, 2020
In reply to Brian Karas

**** ****** ** ******:

******(****-**-** **:**+**:**): ***** *********** *** **** users *** ******* *** **** ************* is ********** ** ******* ***** ** Xiongmai (******** ******** ********** **, ******) software, ********* ******** ** ***** ******* which **** ******** ***** ** **** software. ** **** ****** ********* ***'* be **** *********** *** ******** ** dvrHelper/macGuarder ******.

**** *** *** ********* ***** *******, but ** ** * ******* ************* in *** **********.

UM
Undisclosed Manufacturer #2
Feb 05, 2020

***'* **** *** ******, **** ** doesn't **** *** ***** **** ****** is **.
**** ***** ***** * *** ***** involving ******* ******** ******** ** ******** ports *** **** ***** ******** ** other *****. ******* *** ********** ********** info ******** ***** ** ******* **** that *** *** *** ******* *******.

Avatar
Brian Karas
Feb 05, 2020
Pelican Zero
In reply to Undisclosed Manufacturer #2

***, *** *** ******* ****** **** establishing * ********** ** **** ****. If ***** ** ** ******** ** that ****, **** *** ***** ***** do *** ******, *****?

(1)
ZS
Zachary S.
Feb 05, 2020
Gen IV Technology

***** **** ****** *** ********* **** report :******** ****** - ********* ******** ****** on *** ********* ******** ***** ** HiSilicon ***** ************ ***** ******** ** Some *****

**** ********* *** **** * **** in * ****** ******** ** ***** about ** ***** *** ***** ** a ********* ***** ***** *** *** not *** **** ******.

********* ****** *** ******** ** ********** customers *** *** ********* *******. *** reference **** (******** ****** ** *****) in *** ******** ******** *********** *** debugging ********** ******** **** ** *** industry, *** *******, *** ****** ****, Telnet, *** **** **********, ***** *** be **** ** ********** ********* ******* for ********* ***********. **** ** * common ******** ** **** ******* ** the ********. ****** ** ******** ** default, *** ***** ** ** ******* user ********. ** ********, ********* ******** the***** ******** *********** *** ********* ************* ********* ******* ***** **** *** software *******. ******** ******** *********** *** ********* ******************* ******* ********* ** ****** *** Telnet ******** *** ***** ********* ********** risky ******** **** ***** **** ********** versions *** ******** ******** ******* ** do **. ****** (*** *** ********** worldwide, ********* *********) *** **** ********* that ** *** *** *** **** never ***** ********* *** ***** ****** else ** ** **.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions