back to article Trivial backdoor found in firmware for Chinese-built net-connected video recorders

CCTV equipment maker Xiongmai effectively built a poorly hidden, insecure backdoor into potentially millions of surveillance devices, it is claimed. If true, this security blunder could be exploited over the local network to inject commands into vulnerable gear. A hardware probester going by the name of Vladislav Yarmak …

COMMENTS

This topic is closed for new posts.
  1. mittfh
    Big Brother

    Never mind China...

    GCHQ once snooped on a Belgian telecoms company, and since they're often asking the government for permission to snoop on UK nationals, they'd no doubt welcome gaping security holes in 5G equipment (especially zero day holes)...

    1. Oh Homer
      Childcatcher

      Re: Never mind China...

      And of course the NSA spied (and is probably still spying) on the entire population of the US, including visiting dignitaries from the EU. Not to mention all the other spying it does elsewhere.

      What's that you say? China does it too?

      Shocking.

      1. Anonymous Coward
        Anonymous Coward

        Re: Never mind China...

        It's a crazy world, next they will be putting video cameras on every street to track those that don't have a tracking device (phone) on them at all times.

  2. Doctor Syntax Silver badge

    Given that the communication is over Telnet it doesn't sound as if they were at pains to hide whatever might be communicated. More likely to be an ill-thought out diagnostic/IoT business as usual.

    1. Nick Ryan

      Seeing it was only a couple of years ago that I loudly slapped down a developer who proposed to put in place a hard coded super-admin password in the software they were developing... it's hard to tell an utter lack of competence from malicious coding. The best malicious coding could easily masquerade as lack of competence and how would we know?

    2. NonSSL-Login

      Exactly.

      When various 'debugging backdoors' have been found in Cisco equipment the el reg articles say it was a probably a genuine dev mistake and no mention of a backdoor.

      When a company connected to Huawei have something similar, even if it's not internet connectable like Cisco's built in keys and backdoors, its suddenly the end of the world and Huawei are evil and it was likely intentional.

      I love el reg but slowly losing my respect for their articles with this bullshit. There needs to be a way for us to be able to disable American based propaganda authors articles showing on the page....

  3. Anonymous Coward
    Anonymous Coward

    Par for the course really

    Isn't most IoT (Idiots or Twats) kit just as bad?

    Ring with its slurping and nudge, nudge, wink, wink wanna see this video Mr Cop?

    etc

    etc

    None of this shite will be coming into my home any time soon. If I am forced to buy something that needs to phone home, I'll block it at my firewall just like I have done with all Social Media, 99.9% of Google and a lot more ad slingers. If it stop working because it can't phone home then I'll get my money back.

    Phoning home was only cool about the time of the 'ET' release. Since then it has just become F*****g annoying.

  4. W.S.Gosset Silver badge
    Happy

    Heh

    > A hardware probester

    I tiredly misread this as "hardware protester"; my reaction "great, ANOTHER group of fictionalising attention-seekers stuffing things up -- wait, no, hardware's too nuts to protest about even for the faux-greenies, read that again..."

  5. PeterM42
    Joke

    A friend of mine......

    .......has a Huawei phone and asked what all the fuss was about.

    so I explained about Chinese "eavesdropping" - he laughed.

    I laughed with him.

    So did an oriental voice on his phone.

    1. Anonymous Coward
      Anonymous Coward

      Re: A friend of mine......

      <JOKE>

      Arexa?

      </JOKE>

      I think I'm gonna go to hell for that one.

      1. W.S.Gosset Silver badge
        Joke

        Re: A friend of mine......

        Where's ya wheelie bin?

        1. Sir Runcible Spoon

          Re: A friend of mine......

          It's being refitted with a hot tub and mini bar

  6. Cuddles

    Who did what?

    The article talks about an issue with HiSilicon firmware, but then seems to randomly blame Huawei a couple of times. Is one a subsidiary of the other or something? Yes, I'm aware DuckDuckGo exists, but this is the sort of information that should be included in the article.

    "You then connect to that remote service with the username root and password 123456"

    Well, at least it's slightly more secure than my luggage.

    1. Outski

      Re: Who did what?

      It's in the very first sentence:

      "Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips..."

    2. Anonymous Coward
      Anonymous Coward

      Re: Who did what?

      Paragraph 1 of the article:

      "This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips, it appears."

  7. Anonymous Coward
    Anonymous Coward

    I would, but I used the last piece of chalk on Cisco's latest batch of 'totally accidental honest' vulns.

    1. Anonymous Coward
      Anonymous Coward

      Lol. Wow Cisco. You never disappoint.

      https://www.wired.com/story/cisco-cdp-flaws-enterprise-hacking/amp

  8. Anonymous Coward
    Anonymous Coward

    Backdoor implies a deliberate act of allowing unauthorised access.

    This is not a backdoor.

    1. Mike 137 Silver badge

      This is not a backdoor

      Never ascribe to malice what can be readily explained by incompetence.

      The UK Huawei Cyber Security Evaluation Centre Oversight Board annual report 2019 notes:

      "[...] the following advice from NCSC:

      i. That there remains no end-to-end integrity of the products as delivered by Huawei and limited confidence on Huawei’s ability to understand the content of any given build and its ability to perform true root cause analysis of identified issues. This raises significant concerns about vulnerability management in the long-term;

      ii. That Huawei’s software component management is defective, leading to higher vulnerability rates and significant risk of unsupportable software;

      [...]"

      I suspect they're far from unique in this.

      1. Richard 51

        Re: This is not a backdoor

        Which probably explains why their kit is so cheap ( I believe cost is one of the reasons given for using Huawei kit).

    2. midcapwarrior

      Correct, more of a front door, maybe a window, perhaps a side door.

      But definitely not a backdoor

      1. ThatOne Silver badge
        Coat

        > more of a front door, maybe a window, perhaps a side door

        No, only microsoft has windows...

    3. mj.jam

      This feels exactly like a backdoor.

      I can't imagine that you write this code in any way that is not deliberate.

      1. Sending messages to a particular port

      2. Encrypting some of the information with a key

      3. Checking the response and opening another port.

      4. Allowing you to connect to that port using hardcoded credentials

      This isn't a "If you send a very long message then you can overflow a buffer" issue, or a "you can trick the authentication system due to it not properly validating input", it is a backdoor used to be able to get access to a system. It may have been put there for debug purposes, or for troubleshooting, but it is not documented. Therefore it is a backdoor.

  9. Anonymous Coward
    Anonymous Coward

    Nothing new here

    Many years ago the BAs in the local authority I worked for asked me to check the network security of some CCTV kit they were trying out. Turned out port 80 was open and you had full control with no authentication. We had a bit of fun for half an hour and then got bored with watching shoppers walk past.

    The company acted surprised when we asked them to close off port 80 - I doubt if port 443 was closed off as well or any authentication was put in though.

    This sounds like the same sort of thing brought forward a decade and a half or so.

  10. Alan Brown Silver badge

    Not Huawei

    Not Huawei directly anyway.

    The DVRs run on HiSilicon SoCs. HiSilicon is a Huawei company. The HiSilicon parts of this are full of GPL violations - I've complained to Huawei Europe about this several times but never managed to get any traction (more people need to be complaining)

    The DVR part of the system is a monolithic binary called "Sofia" written by a company called XiongMai (XM EYE) - which is "interesting" to scroll through for the stuff that's been pulled into it - GPL violations galore and even some RSA private keys in there.

    XiongMai have been screaming loudly about "Software Piracy" for some time - which is..... ironic.

    And yes, this is typical shit pulled by companies when someone finds an open telnet - hide it instead of fixing it. It's not a "chinese" thing - I saw it lots of times in American ones too.

    As for WHY XiongMai's DVR software is there - Huawei contracted them to create it on top of a Linux distro on the SoC - and it's the same stuff underlaying a huge number of brands (various stuff turned on or off for differing feature sets)

    The Sofia binary needs a concerted reverse assembly project thrown at it, or even better some GPL project setup to replace it with a better OpenDVR on these HiSilicon SoCs (there's a Linux SDK available for them) - it's got definite Internet of Crap tendencies including building tunnels out to bypass NAT that will backdoor your security and expose your internal lan to the world if you are not careful, etc, as well as being only viewable with Internet Exploder(ActiveX) instead of using HTML5, etc.

    The SOCs themselves are _VERY_ nice and cheap as chips, so putting secure auditable GPL software on them would be a winner all around.

  11. Anonymous Coward
    Anonymous Coward

    Surely, if you're opening up port 9530 and 9527 to the public you're complicit in the, so called, backdoor.

  12. Aodhhan

    Only in England

    ...do the people deal with making bad decisions by pointing out the bad decisions of others.

    Even after they were told by at least 3 other countries not to deal with this Chinese company.

    Just how many really wealthy political donors in London, have a lot of investment in Huawei?

    Must be a lot. Enough to screw the average English citizen.

This topic is closed for new posts.