Huawei Equipment Backdoor Found in HiSilicon Chips

Russian security researcher Vladislav Yarmak posted detailed information about the backdoor program he found in Huawei Hisilicon chip on the technology blog platform Habr. He said that the backdoor program has been used by millions of smart devices around the world, such as security cameras, DVR (Digital Video Recorder), NVR (Network Video Recorder) and so on.

At this time, a firmware fix for this backdoor is not available because Yarmak has not reported the problem to Hisilicon-he does not believe Hisense will properly resolve this issue. In a detailed technical summary published earlier to Habr, Yarmak stated that the backdoor is actually a mashup of four old security holes/backdoors that were previously in March 2013, March 2017, July 2017, and 2017 Found in September and has been made public.

Yarmak declared- Obviously, for many years, Hisilicon was unwilling or unable to provide enough security fixes for the same backdoor, and the backdoor was intentionally implemented.

According to Yarmak, a series of devices can be sent on TCP port 9530 to devices using Hisilicon chips (these devices run Linux, the firmware vulnerable devices run the macGuarder or dvrHelper processes, and accept connections on TCP port 9530) Command to take advantage of the backdoor.

These commands will enable the Telnet service on the vulnerable device.

Leifeng.com has learned that Telnet is a member of the TCP / IP protocol family and a standard protocol and main method for Internet remote login services. It provides users with the ability to do remote host work on the local computer. Use the Telnet program on the end user’s computer to connect to the server. End users can enter commands in the Telnet program, and these commands run on the server as if they were entered directly on the server console.

Yarmak said that once the Telnet service is up and running, an attacker could log in using one of the six Telnet login credentials listed below and gain access to a Root account, which gives them complete access to the vulnerable device Control.

Check the complete process here.

Huawei Replied in the same concern, “The researcher did not explicitly state product models and equipment vendors but inferred that the vulnerability is introduced by HiSilicon chips merely based on that the products use HiSilicon chips and that the firmware obtains the Telnet login password from the /etc/password file and logs in to Telnet to get root shell” said Huawei.