• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

Researcher: Backdoor mechanism still active in devices using HiSilicon chips

by technewshero
February 4, 2020
in Security
0
Share on FacebookShare on Twitter
circuit-circuitry-motherboard.jpg

Image: Magnus Engø

Russian security researcher Vladislav Yarmak has published today details about a backdoor mechanism he discovered in HiSilicon chips, used by millions of smart devices across the globe, such as security cameras, DVRs, NVRs, and others.

A firmware fix is not currently available as Yarmak did not report the issue to HiSilicon citing a lack of trust in the vendor to properly fix the issue.

In a detailed technical rundown that Yarmak published on Habr earlier today, the security researcher says the backdoor mechanism is actually a mash-up of four older security bugs/backdoors that were initially discovered and made public in March 2013, March 2017, July 2017, and September 2017.

“Apparently, all these years HiSilicon was unwilling or incapable to provide adequate security fixes for [the] same backdoor which, by the way, was implemented intentionally,” Yarmak said.

How the backdoor works

According to Yarmak, the backdoor can be exploited by sending a series of commands over TCP port 9530 to devices that use HiSilicon chips.

The commands will enable the Telnet service on a vulnerable device.

Yarmak says that once the Telnet service is up and running, the attacker can log in with one of the six Telnet credentials listed below, and gain access to a root account that grants them complete control over a vulnerable device.

hisilicon-telnet-passwords.png

Image: Vladislav Yarmak

These Telnet logins have been found in previous years as being hardcoded in the HiSilicon chip firmware, but despite the public reports, Yarmak says the vendor chose to leave them intact and disable the Telnet daemon instead.

Proof-of-concept code

Because Yarmak did not intend to report the vulnerability to HiSilicon, firmware patches are not available. Instead, the security researcher has created proof-of-concept (PoC) code that can be used to test if a “smart” device is running on top of HiSilicon system-on-chip (SoC), and if that SoC is vulnerable to attacks that can enable its Telnet service.

If a device is found to be vulnerable, in his Habr write-up the Russian researcher is adamant that device owners should ditch and replace the equipment.

“Taking into account earlier bogus fixes for that vulnerability (backdoor, actually) it is not practical to expect security fixes for firmware from [the] vendor,” Yarmak said. “Owners of such devices should consider switching to alternatives.”

In the case that device owners can’t afford the price of new equipment, Yarmak recommends that users “should completely restrict network access to these devices to trusted users,” especially on device ports 23/tcp, 9530/tcp, 9527/tcp — the ports that can be exploited in attacks.

The proof-of-concept code is available on GitHub. Build and usage instructions for the PoC are available in the Habr post.

As for the impact, Yarmak says that the vulnerable HiSilicon chips most likely ship with devices from countless of white-label vendors, under numerous brands and labels. Here, he cited the work of another researcher who in September 2017 tracked down a similar backdoor mechanism in HiSilicon firmware that was being used by DVRs sold by tens of vendors.

brands-affected.png

Image: tothi on GitHub

ZDNet could not reach HiSilicon for comment as the Shenzhen-based company does not list a contact method on its official website.

Previous Post

The best indoor TV antennas 2020: 7 great digital TV antennas for inside your home

Next Post

Coronavirus Sends Asia’s Social Media Censors Into Overdrive

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
A Massive Fraud Operation Stole Millions From Online Bank Accounts
Security

A Massive Fraud Operation Stole Millions From Online Bank Accounts

by technewshero
December 21, 2020
Next Post

Coronavirus Sends Asia's Social Media Censors Into Overdrive

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Diebold Nixdorf warns customers of RCE bug in older ATMs

June 9, 2019
9 ingenious ways to give your old Android phone new life

9 ingenious ways to give your old Android phone new life

January 13, 2021

A mysterious AMD Threadripper CPU appears in leaked Geekbench result

August 14, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?