Never mind China...
GCHQ once snooped on a Belgian telecoms company, and since they're often asking the government for permission to snoop on UK nationals, they'd no doubt welcome gaping security holes in 5G equipment (especially zero day holes)...
Trivial backdoor found in firmware for Chinese-built net-connected video recorders
CCTV equipment maker Xiongmai effectively built a poorly hidden, insecure backdoor into potentially millions of surveillance devices, it is claimed. If true, this security blunder could be exploited over the local network to inject commands into vulnerable gear. A hardware probester going by the name of Vladislav Yarmak …
-
-
Tuesday 4th February 2020 23:50 GMT Oh Homer
Re: Never mind China...
And of course the NSA spied (and is probably still spying) on the entire population of the US, including visiting dignitaries from the EU. Not to mention all the other spying it does elsewhere.
What's that you say? China does it too?
Shocking.
-
-
-
Wednesday 5th February 2020 20:55 GMT Nick Ryan
Seeing it was only a couple of years ago that I loudly slapped down a developer who proposed to put in place a hard coded super-admin password in the software they were developing... it's hard to tell an utter lack of competence from malicious coding. The best malicious coding could easily masquerade as lack of competence and how would we know?
-
Thursday 6th February 2020 13:31 GMT NonSSL-Login
Exactly.
When various 'debugging backdoors' have been found in Cisco equipment the el reg articles say it was a probably a genuine dev mistake and no mention of a backdoor.
When a company connected to Huawei have something similar, even if it's not internet connectable like Cisco's built in keys and backdoors, its suddenly the end of the world and Huawei are evil and it was likely intentional.
I love el reg but slowly losing my respect for their articles with this bullshit. There needs to be a way for us to be able to disable American based propaganda authors articles showing on the page....
-
-
Wednesday 5th February 2020 06:49 GMT Anonymous Coward
Par for the course really
Isn't most IoT (Idiots or Twats) kit just as bad?
Ring with its slurping and nudge, nudge, wink, wink wanna see this video Mr Cop?
etc
etc
None of this shite will be coming into my home any time soon. If I am forced to buy something that needs to phone home, I'll block it at my firewall just like I have done with all Social Media, 99.9% of Google and a lot more ad slingers. If it stop working because it can't phone home then I'll get my money back.
Phoning home was only cool about the time of the 'ET' release. Since then it has just become F*****g annoying.
-
Wednesday 5th February 2020 11:17 GMT Cuddles
Who did what?
The article talks about an issue with HiSilicon firmware, but then seems to randomly blame Huawei a couple of times. Is one a subsidiary of the other or something? Yes, I'm aware DuckDuckGo exists, but this is the sort of information that should be included in the article.
"You then connect to that remote service with the username root and password 123456"
Well, at least it's slightly more secure than my luggage.
-
-
Wednesday 5th February 2020 14:15 GMT Mike 137
This is not a backdoor
Never ascribe to malice what can be readily explained by incompetence.
The UK Huawei Cyber Security Evaluation Centre Oversight Board annual report 2019 notes:
"[...] the following advice from NCSC:
i. That there remains no end-to-end integrity of the products as delivered by Huawei and limited confidence on Huawei’s ability to understand the content of any given build and its ability to perform true root cause analysis of identified issues. This raises significant concerns about vulnerability management in the long-term;
ii. That Huawei’s software component management is defective, leading to higher vulnerability rates and significant risk of unsupportable software;
[...]"
I suspect they're far from unique in this.
-
Wednesday 5th February 2020 15:56 GMT mj.jam
This feels exactly like a backdoor.
I can't imagine that you write this code in any way that is not deliberate.
1. Sending messages to a particular port
2. Encrypting some of the information with a key
3. Checking the response and opening another port.
4. Allowing you to connect to that port using hardcoded credentials
This isn't a "If you send a very long message then you can overflow a buffer" issue, or a "you can trick the authentication system due to it not properly validating input", it is a backdoor used to be able to get access to a system. It may have been put there for debug purposes, or for troubleshooting, but it is not documented. Therefore it is a backdoor.
-
-
Wednesday 5th February 2020 15:56 GMT Anonymous Coward
Nothing new here
Many years ago the BAs in the local authority I worked for asked me to check the network security of some CCTV kit they were trying out. Turned out port 80 was open and you had full control with no authentication. We had a bit of fun for half an hour and then got bored with watching shoppers walk past.
The company acted surprised when we asked them to close off port 80 - I doubt if port 443 was closed off as well or any authentication was put in though.
This sounds like the same sort of thing brought forward a decade and a half or so.
-
Thursday 6th February 2020 01:53 GMT Alan Brown
Not Huawei
Not Huawei directly anyway.
The DVRs run on HiSilicon SoCs. HiSilicon is a Huawei company. The HiSilicon parts of this are full of GPL violations - I've complained to Huawei Europe about this several times but never managed to get any traction (more people need to be complaining)
The DVR part of the system is a monolithic binary called "Sofia" written by a company called XiongMai (XM EYE) - which is "interesting" to scroll through for the stuff that's been pulled into it - GPL violations galore and even some RSA private keys in there.
XiongMai have been screaming loudly about "Software Piracy" for some time - which is..... ironic.
And yes, this is typical shit pulled by companies when someone finds an open telnet - hide it instead of fixing it. It's not a "chinese" thing - I saw it lots of times in American ones too.
As for WHY XiongMai's DVR software is there - Huawei contracted them to create it on top of a Linux distro on the SoC - and it's the same stuff underlaying a huge number of brands (various stuff turned on or off for differing feature sets)
The Sofia binary needs a concerted reverse assembly project thrown at it, or even better some GPL project setup to replace it with a better OpenDVR on these HiSilicon SoCs (there's a Linux SDK available for them) - it's got definite Internet of Crap tendencies including building tunnels out to bypass NAT that will backdoor your security and expose your internal lan to the world if you are not careful, etc, as well as being only viewable with Internet Exploder(ActiveX) instead of using HTML5, etc.
The SOCs themselves are _VERY_ nice and cheap as chips, so putting secure auditable GPL software on them would be a winner all around.
-
Monday 10th February 2020 14:04 GMT Aodhhan
Only in England
...do the people deal with making bad decisions by pointing out the bad decisions of others.
Even after they were told by at least 3 other countries not to deal with this Chinese company.
Just how many really wealthy political donors in London, have a lot of investment in Huawei?
Must be a lot. Enough to screw the average English citizen.
This topic is closed for new posts.
Biting the hand that feeds IT
