The Russian researcher security Vladislav Yarmak revealed yesterday that there is one backdoor mechanism in HiSilicon chips, which are integrated into millions smart Appliances around the world (eg security cameras, DVRs, NVRs etc.).
Still no correction has been released, as Yarmak did not inform HiSilicon about the security issue. As he said, he has no confidence in her abilities company for correct correction of the backdoor.
Yarmak posted one report at Habr, containing a detailed analysis of the backdoor. According to the expert, this is a combination of four old bugs / backdoors discovered in March 2013, March 2017, July 2017, and September 2017.
"Obviously, over the years HiSilicon has been reluctant or unable to provide adequate security fixes for the same backdoor, which, incidentally, was deliberately implemented," Yarmak said.
How it works backdoor;
These commands will activate the Telnet service on the vulnerable device.
Yarmak says once the Telnet service is installed, the attacker can connect to one of the following Telnet credentials and yes acquire access into a root account, thus gaining full control over the vulnerable device.
These Telnet logins had been found hardcoded in the HiSilicon chip firmware in previous years, but according to Yarmak, the company didn't do anything about them.
As we said above, Yarmak doesn't trust HiSilicon, so he didn't inform her about the security issue. So there is no one at this time patch. However, the researcher did proof-of-concept (PoC) code that can be used to check whether a "smart" device works with the HiSilicon on-chip (SoC) system and whether the SoC is vulnerable to type attack mentioned above.
If a device is vulnerable, it should be done replacement of equipment.
"Given previous false fixes for this particular backdoor, it is unwise to expect firmware security fixes from the company," Yarmak said. "Owners of such devices should consider finding alternatives."
If owners of vulnerable devices do not have the financial means to change equipment, they must “severely restrict access network on these devices, so that only trusted users can enter ”, especially on ports 23 / tcp, 9530 / tcp, 9527 / tcp (which can be used in attacks).