Huawei Hisilicon Quietly Powering Tens of Millions of Western IoT Devices
Huawei Hisilicon chips are powering, at least, tens of millions of Western IoT devices, such as IP cameras and surveillance recorders, a fact that has gone without notice nor understanding by the general public and often within the surveillance industry.
As concerns rise about Huawei, IPVM examines the role and risks of these chips that are being used, without disclosure, in many of the largest Western brands across most low-cost models even including Honeywell, Panasonic, and Axis.
Update Feb 2020 - Hanwha and Axis Drop Huawei
Hanwha told IPVM in June 2019 that they were dropping Huawei Hisilicon from all of their products. As of January 2020, Hanwha Techwin said that:
All L series and most Q series cameras (except QNE-7080RV/VW) have been migrated to Ambarella.
There are a handful of P series models that will be transitioned between Q1-Q4 this year.
Axis told IPVM in February 2020, that they were discontinuing its Companion hardware that used Huawei Hisilicon chips, as a decision to carry only NDAA-compliant products.
Norm In Low-Cost IoT Surveillance Devices
While on the phone side, Huawei does not offer its Hisilicon chips to rivals, for years on the IoT side, Huawei has. Indeed, due to its aggressive low cost, Huawei Hisilicon chips have become the most common choice in low-cost IoT devices. In IPVM's interviews and testing, for professional IP cameras that sell for less than $200, Hisilicon chips are the norm.
Tens of Millions Easily Deployed In the US And EU
There are easily tens of millions of these IoT devices deployed in the West. Though Huawei does not publicly report such segmentation, many data points show that:
- HiSilicon has surpassed 500M units shipped in video surveillance, claims this Chinese news source October 2018.
- Tens of millions of IP cameras are shipped each year, with Hisilicon clearing providing the majority of cameras / chips, on a unit basis.
- Multiple Chinese tech outlets report that Hisilicon has a 60% global market share for video surveillance chips overall and 70% of the domestic Chinese market share
- Hisilicon made "over ten million" chip shipments for major 4k TV brands like Sharp in 2016, commanding an estimated 30% share of the domestic market another Chinese news source reports
- A Huawei executive was quoted claiming he expected Hisilicon's Boudica 120 chip used for smart cities to reach "1 million monthly shipments"
And as the Nikkei Asian Review described:
HiSilicon mostly designs high-end chips for Huawei, including mobile processors, modems chips and networking processors. It also produces chips for surveillance cameras, smart TVs and other devices, according to Bernstein Research. The company is growing fast, with revenue rising 21% to $4.71 billion in 2017 -- in the same league as U.S.-based Advanced Micro Devices and well above two other U.S. chipmakers, Xilinx and Marvell, according to research agency IC Insights.
Largely Unknown Due To Huawei Marketing
Over the past decade, as Huawei Hisilicon chips gained ground, Hisilicon's marketing has not emphasized their ownership and control by Huawei. However, the company was founded as the ASIC Design Center of Huawei Technologies in 1991, and in 2004, this center transitioned into Hisilicon, a wholly owned Huawei subsidiary.
Despite this, in our decade-plus of covering the surveillance / IoT market, we have not seen Hisilicon co-brand or market their ownership / control by Huawei. Whatever the intent, it did have the effect of even industry people generally being unaware of the relationship. This was strengthened by IoT device manufacturers, especially well-known brands, rarely acknowledging who their chip (SoC) provider was.
Brains of IoT Devices
The component that Huawei / Hisilicon makes (the System on a Chip, of SoC) is effectively the brains of IoT devices - literally a computer on a chip, the SoC provides both the core hardware and software (including Linux OS and various core software components) that runs the IoT device.
Examples of Honeywell, Axis, Hanwha Use
A variety of manufacturers use Huawei Hisilicon chips, typically in their lowest cost products. For example, below is a Honeywell camera that is OEMed from Dahua using a Hisilicon chip:
And here is Hanwha's lowest cost L series camera using a Hisilicon chip:
Hanwha explained to IPVM that:
Hanwha takes comprehensive, rigorous and thorough measures to develop, test and inspect all Hisilicon chips before they are used in its cameras. This includes developing and compiling source code including Open Source elements and those provided by Hisilicon. Hanwha also use its own chip mounting technology to fully control the production process, and to prevent placement of unintended components on any Hanwha Techwin circuit board. Production is out of Hanwha’s facility in Vietnam, by Hanwha employees. Finally, Hanwha conducts rigorous penetration testing by a reputable third party white hat hacker. Results are used to refine the firmware and t address any discovered vulnerabilities.
And here is Axis lowest cost Companion camera using a Huawei Hisilicon chip:
Axis explained to IPVM that:
In all markets, there are different segments and different customer demands. Axis has identified that certain parts of customers in our segment “Small Business” demand more cost-optimized solutions. With that in mind, Axis has took the decision a few years ago to develop a few special Companion Line products using Hisilicon chips. These products are not “general purpose” cameras as they are to be used together with the Axis Companion recorder. Even though a Hisilicon chip is used in theses cameras, the overall product is designed by Axis and Axis internally developed firmware is utilized in order to secure Axis quality and maintainability.
How much security work each manufacturer does is difficult to determine, though generally, we have seen manufacturers like Axis and Hanwha take greater than average.
On the other hand, some like Honeywell show little if any concern about security, e.g., Honeywell who left in the Dahua labeled ActiveX control (a security risk in its own right) in that same camera, as shown below:
Avigilon No Huawei Hisilicon Use At All
Canada manufacturer Avigilon, acquired in 2018 by US manufacturer Motorola, confirmed to IPVM that they do not use Huawei Hisilicon chips in their products. We cannot determine how many manufacturers use no Huawei Hisilicon but they certainly represent a minority, though Avigilon also does not target low-end, low-cost applications.
How to Determine If Your IoT Device Uses Huawei Hisilicon
Though rarely do device manufacturers disclose their SoC / chip provider, opening up the device generally does reveal a chip labeled with the manufacturer's name, as the examples above show. Sometimes it will require breaking the device to access the main board but other times one can simply open up the housing to find the chip as the video below of the Axis Camera Companion shows:
Other Low-Cost IoT Device SoC Providers
While Huawei Hisilicon is the most common, it is not the only one used in low-cost devices. For example, our recent testing of US manufacturer Ubiquiti's $79 IP camera showed they used Ambarella, commonly used in more expensive products. And ~$20 IP camera manufacturer Wyze uses rival China semiconductor supplier Ingenic.
Dahua & Hikvision Use Of Hisilicon
Like Western manufacturers, Dahua and Hikvision tend to use Western SoC providers (like Ambarella) in their higher-end products but Huawei Hisilicon in their lower end ones.
Unlike Western manufacturers, Dahua and Hikvision have a massive business in low-cost cameras including through their various OEMs (see Dahua OEMs and Hikvision OEMs). These products generally use Hisilicon chips. For US buyers, at least, they bring a double problem as Dahua and Hikvision products are US government banned themselves plus the use of Huawei, which is also banned.
Impact of US NDAA Ban
HiSilicon chips’ domination of the global low-end camera market leaves integrators vulnerable to the federal purchasing ban on Huawei equipment passed as part of the NDAA in August.
Claude Chafin, a spokesperson for the Congressional committee which drafted the NDAA, told IPVM:
“If a company has an end item with Hisillicon chips that they sell to anyone, they will be unable to do business with the federal government.”
This poses a huge logistical hurdle to the US video surveillance industry given the widespread presence of HiSilicon chips and the fact that many integrators don’t even know whether their cameras have HiSilicon chips inside them.
Pelco has already taken the step of issuing a statement anticipating this happening:
the NDAA ban also includes “essential component of any system” and “critical technology as part of the system” from the named manufacturers. Pelco and others in the industry believe that the ban extends to the System on a Chip (SoC), which includes embedded processor circuitry capable of executing software commands, frequently used in various video surveillance cameras.
In that statement, Pelco said it did not sell cameras with banned components:
as of August 24, 2018, Pelco does not sell cameras which incorporate SoCs produced by NDAA banned component vendors in any of its shipping products.
However, multiple sources close to Pelco confirmed that its GFC Professional 4k Camera line (just announced in November 2018) use Huawei Hisilicon SoCs and that the decision was made prior to the NDAA ban going into effect."
(It is worth keeping in mind that the precise rules implementing the NDAA are still being drafted and only take effect in August 2019.)
Huawei Cybersecurity Concerns
Many Western nations fear the prospect of Huawei equipment being used by the Chinese government for espionage purposes. Huawei strongly denies this, however, its denials have held little weight due to the Chinese Communist Party’s extensive control over the Chinese economy and its history of aggressive cyberespionage.
So far, the US, Australia, New Zealand, Taiwan, Japan have all barred Huawei from participating in the 5G rollout, while Huawei’s smartphones are effectively shut out of US market altogether. The widespread presence of HiSilicon SoCs across IoT devices could also pose a cybersecurity risk, said Tom Uren, an analyst at the Australian Strategic Policy Institute.
“Chinese produced chips could definitely be used to introduce vulnerabilities in devices that carry them," Uren said, although he was “skeptical” that a “broad-based hardware compromise of cameras would be really useful for Chinese intelligence” since IoT devices are already so easy to hack via software-based exploits.
It seems more likely that Chinese intelligence agencies use “inside knowledge of device construction and take advantage of the generally poor security practice in the space rather than engineering something in specially”, noted Uren.
Hardware security has been particularly salient since Bloomberg reported in a bombshell October cover story that Chinese intelligence snuck chips in servers used by major US tech companies, although the story was met by strong denials by all parties and doubts have risen about its accuracy.
Poll / Vote
UPDATE: May 2019 Huawei 'Ban'
On March 15, 2019, the US signed an executive order targeting foreign adversary technology as well as adding Hisilicon to the 'entity list', restricting US exports to Hisilicon and 'red flagging' Hisilicon for US companies to have any dealings with Hisilicon:
Numerous manufacturers have indicated plans to reduce or eliminate Hisilicon usage and we would expect this move to increase the motivation to do so.