抓到了!華為旗下海思晶片有後門 恐加深各國對中國產品疑慮
連結:
https://newtalk.tw/news/view/2020-02-06/363068
中國企業華為的5G設備正因安全問題被世界各國放大檢視,如今又爆出華為旗下的海思(HiSilicon)晶片被發現有後門,可讓有心人藉此存取使用該晶片的網路攝影機或閉路電視所拍到的影像,這項消息恐將加深各國對華為的疑慮。
海思半導體為華為集團旗下的晶片設計公司,產品被應用在數百萬的連網裝置上,包括監視器、數位錄影機(DVR)及網路硬碟錄影機(NVR)等。
綜合《The Register》、《Extreme Tech》等多個國外科技網站報導,一名俄羅斯安全研究人員Vladislav Yarmak發現,海思SoC晶片系統韌體有個遠距除錯和管理工具,可存取同個網路的攝影機和閉路電視等產品的內容。只要有人連接特定端口TCP 9530,並開啟Telnet守護程序,就可以憑簡單的root帳號和固定密碼登入(而且所有裝置上的密碼都一樣),進而擁有最高權限,可隨意存取內容或控制該裝置。
Vladislav Yarmak認為,這項漏洞是刻意留存的後門,至少存在於使用 hi3518 SoC 晶片的大量網路攝影機和閉路電視產品,估計受影響的連網裝置有數十萬到數百萬不等,用戶恐怕無法期待海思修補這項漏洞,只能限制裝置本身的網路存取能力,或直接改用其它未含漏洞的產品,才能確保內部資料的安全。
自美中貿易戰以來,美國一直向歐洲各國喊話,強調採用中國企業華為的產品將對國安造成風險。雖然有些國家始終秉持自己的立場,未對美國的說法全盤買單,但這項消息一出,無疑重挫華為的信用,且可能會影響更多尚未表態是否採用華為產品的國家的最後決定。
心得:
這時候補刀的竟然是俄羅斯
https://newtalk.tw/news/view/2020-02-06/363068
中國企業華為的5G設備正因安全問題被世界各國放大檢視,如今又爆出華為旗下的海思(HiSilicon)晶片被發現有後門,可讓有心人藉此存取使用該晶片的網路攝影機或閉路電視所拍到的影像,這項消息恐將加深各國對華為的疑慮。
海思半導體為華為集團旗下的晶片設計公司,產品被應用在數百萬的連網裝置上,包括監視器、數位錄影機(DVR)及網路硬碟錄影機(NVR)等。
綜合《The Register》、《Extreme Tech》等多個國外科技網站報導,一名俄羅斯安全研究人員Vladislav Yarmak發現,海思SoC晶片系統韌體有個遠距除錯和管理工具,可存取同個網路的攝影機和閉路電視等產品的內容。只要有人連接特定端口TCP 9530,並開啟Telnet守護程序,就可以憑簡單的root帳號和固定密碼登入(而且所有裝置上的密碼都一樣),進而擁有最高權限,可隨意存取內容或控制該裝置。
Vladislav Yarmak認為,這項漏洞是刻意留存的後門,至少存在於使用 hi3518 SoC 晶片的大量網路攝影機和閉路電視產品,估計受影響的連網裝置有數十萬到數百萬不等,用戶恐怕無法期待海思修補這項漏洞,只能限制裝置本身的網路存取能力,或直接改用其它未含漏洞的產品,才能確保內部資料的安全。
自美中貿易戰以來,美國一直向歐洲各國喊話,強調採用中國企業華為的產品將對國安造成風險。雖然有些國家始終秉持自己的立場,未對美國的說法全盤買單,但這項消息一出,無疑重挫華為的信用,且可能會影響更多尚未表態是否採用華為產品的國家的最後決定。
心得:
這時候補刀的竟然是俄羅斯
22 个评论
小粉紅:乾爹,你幹嘛這時候補刀!是不要我們了嗎?!
p.s.難道這就是剛剛美國新聞說的“新工具”......
p.s.難道這就是剛剛美國新聞說的“新工具”......
用iphone無壓力,icloud也照用,
反正自己那點自拍和聊天信息我覺得FBI也不會感興趣的,
感覺比國產手機,特別是某為安全得多。
反正自己那點自拍和聊天信息我覺得FBI也不會感興趣的,
感覺比國產手機,特別是某為安全得多。
中共:乾爹,你幹嘛這時候補刀!是不要我們了嗎?!p.s.難道這就是剛剛美國新聞說的“新工具”.......
把:(冒号)前的两个字改成诸如——饭圈女孩、小粉红这类群体名,你的回复会更令人有身临其境的感觉
这个不用想都知道了
HW本来就是披着民企外衣的
共产党军企
HW本来就是披着民企外衣的
共产党军企
就算华为啥产品都好,就凭他996压榨员工还勾结黑警打压维权员工,就值得我这个学电子的抵制它一辈子。
我不仅自己要抵制,我还要发动整个系,整个学院(电物院)一起抵制,和计(算机)院的一起抵制,和别的学校的一起抵制。
华为最邪恶的地方就是他给员工比高通诺基亚还底的工资,让他们整天干着前所未有的累活,把整个行业做臭的同时还洗脑式的告诉人们没有我你们连这点钱都挣不了。
为了理想我学了电子,为了生活我努力移民。
我不仅自己要抵制,我还要发动整个系,整个学院(电物院)一起抵制,和计(算机)院的一起抵制,和别的学校的一起抵制。
华为最邪恶的地方就是他给员工比高通诺基亚还底的工资,让他们整天干着前所未有的累活,把整个行业做臭的同时还洗脑式的告诉人们没有我你们连这点钱都挣不了。
为了理想我学了电子,为了生活我努力移民。
美国封杀华为的理由,想不到是由俄罗斯(也是美国劲敌之一)证实的,可以说这是双重证明且互证成功。当然,墙内开始洗地了,这不奇怪。
脱欧前,英国首相和议会下了决定发展5G允许用华为,这下子打脸打得又红又肿了吧。
脱欧前,英国首相和议会下了决定发展5G允许用华为,这下子打脸打得又红又肿了吧。
这条消息有没有引发欧洲猪头们的重视呢?还有加拿大,如果没有那么还不是一样,该买的照样买,对欧洲白皮猪真的是恨铁不成钢,短视的极致还自以为是,占了美国那么多便宜还要与美国为敌。
不知道华为在美国市场份额怎么样,网络通讯设备倒是听说没有华为,但是监控就不知道了,尼康的监控什么的难道不好吗?摩托罗拉系统公司,诺基亚公司,爱立信公司和三星公司、思科公司难道它不香吗?暴露一下本单位的监控全部是尼康的,不过交换机?还是华为。
不知道华为在美国市场份额怎么样,网络通讯设备倒是听说没有华为,但是监控就不知道了,尼康的监控什么的难道不好吗?摩托罗拉系统公司,诺基亚公司,爱立信公司和三星公司、思科公司难道它不香吗?暴露一下本单位的监控全部是尼康的,不过交换机?还是华为。
虽然知道中共想尽一切办法监控屁民,但真被证实后还是有一种说不出的愤怒,仿佛身在1984的世界中。
美国封杀华为的理由,想不到是由俄罗斯(也是美国劲敌之一)证实的,可以说这是双重证明且互证成功。当然,...
欧洲这些左左猪总有一天会被中共割韭菜最后不得不去抱美国大腿,日本在面对肺炎上也极其令人失望,果然美国是人类最后的希望。
就算华为啥产品都好,就凭他996压榨员工还勾结黑警打压维权员工,就值得我这个学电子的抵制它一辈子。我...
兄弟你让我看到学理工科的里面也有明白人
我坐等德共的默大妈和英国强怎么回应。
我估计又来这套,中国有后门,美国就没有后门吗?
搞不清楚,美国还是自由民主的国家,中国是独裁国家,可以这样比吗?呸
我估计又来这套,中国有后门,美国就没有后门吗?
搞不清楚,美国还是自由民主的国家,中国是独裁国家,可以这样比吗?呸
这条消息有没有引发欧洲猪头们的重视呢?还有加拿大,如果没有那么还不是一样,该买的照样买,对欧洲白皮猪...
君子好欺,小人难惹。美国好欺负,因为美国讲契约、讲法律,要占美国的便宜很容易,美国不能随随便便就报复回来。土共就是土匪作风,不顺土共的意,大陆市场随时能够关闭,不关闭也能搞得你没了利润。欧洲当然柿子挑软的捏了。
君子好欺,小人难惹。美国好欺负,因为美国讲契约、讲法律,要占美国的便宜很容易,美国不能随随便便就报复...
我比較怕美國不講法律的時候....
這種平常不發飆,一發飆起來通常最狠XD
欧洲这些左左猪总有一天会被中共割韭菜最后不得不去抱美国大腿,日本在面对肺炎上也极其令人失望,果然美国...
我没看错吧,左?
欧洲其他国家例如德国,如果因为默克尔来自东德统一党而认为她左也就算有名分,但英国批准用华为的是“左”?
这次英国批准用华为的直接就是右派——保守党啊,连续两任保守党党魁都觉得华为可以用,他们趁着现在保守党人数够多,强行通过。
在英国议会,另一个右派DUP是反对的;左派,SNP和工党都表示反对。
https://www.bbc.com/news/uk-politics-51278305
至于首相为什么会选华为,有人猜测是因为美国压力大到等差不多像发命令的程度。我的看法是约翰逊被报价(华为过于低价)诱惑了。
我没看错吧,左?欧洲其他国家例如德国,如果因为默克尔来自东德统一党而认为她左也就算有名分,但英国批准...
好吧,反正真的觉得💊
这个不用想都知道了HW本来就是披着民企外衣的共产党军企
就是以前沒證據呢,現在可以實鎚了,boris johnson 之前說不限制華為的5g使用,這下子要被打臉了。
用iphone無壓力,icloud也照用,反正自己那點自拍和聊天信息我覺得FBI也不會感興趣的,感覺...
提醒一下,现在的i phone 也不是那么安全的。听说香港警察就可以破解(当然我对科技的东西不太了解……),你认为身为他们的主人的中国会破解不了吗?小心点。
参考资料: https://unwire.hk/2019/12/21/elcomsofthkpolice/tech-secure/
Report on the Suspected Security Issue of HiSilicon Video Surveillance Chips Reported by Some Media
Security Notice
HiSilicon is a global leading fabless semiconductor and IC design company that is dedicated to providing comprehensive connectivity and multimedia chipset solutions for global equipment vendors in fields such as video surveillance, set-top boxes, and smart homes.
The vulnerability response of video surveillance devices may involve different stakeholders such as vulnerability research organizations/individuals, chip suppliers, component suppliers, equipment vendors, and end users. It is necessary to clearly understand the complexity of the supply chain. Any part of the supply chain may introduce vulnerabilities, which increases the difficulty in vulnerability response. Coordinated vulnerability disclosure is the best practice in the industry in this scenario. As an important part of the supply chain of video surveillance devices, HiSilicon is willing to cooperate with stakeholders in the industry to cope with cyber security risks through coordinated vulnerability disclosure and protect the interests of end users.
HiSilicon noticed the media report about the suspected security issue in DVRs/NVRs built on HiSilicon video surveillance chips on February 4, 2020: The Telnet service can be enabled via TCP port 9530 and the default password can be exploited to log in and gain control over the device. HiSilicon immediately investigates the security issue mentioned in the report and provides our investigation results as follows:
This vulnerability is not introduced by the chips and SDKs provided by HiSilicon
The researcher did not explicitly state product models and equipment vendors but inferred that the vulnerability is introduced by HiSilicon chips merely based on that the products use HiSilicon chips and that the firmware obtains the Telnet login password from the /etc/passwd file and logs in to Telnet to get root shell.
The research report said that the Telnet service that is disabled by default on the device can be enabled through TCP port 9530, and then the attacker can brute force the device to gain control over the device.
The article also mentioned four vulnerabilities back from 2013 to 2017. HiSilicon analyzed the vulnerabilities and found that they were not introduced by the chips or SDKs provided by HiSilicon.
Huawei has got in touch with the researcher and made technical clarifications. The researcher has updated the blog information, stating that HiSilicon cannot be blamed for the issue in the specified binary. To protect the customer's interests, HiSilicon has informed the equipment vendor for immediate handling.
The following figure shows the logic of the HiSilicon chip in an entire device.
https://www-file.huawei.com/-/media/corporate/images/psirt/hi-en.png?h=420&w=554&la=en
In this figure, the components marked in blue are delivered by HiSilicon; the parts marked in green are open-source code, and HiSilicon provides it as reference code to equipment vendors; the applications marked in orange are delivered by equipment vendors. The PSK and authentication management mechanisms mentioned in the reported research are categorized as the contents marked in orange and are delivered by equipment vendors.
HiSilicon offers SDK versions to subscribed customers via the HiSupport website. The reference code (contents marked in green) in SDK versions contains development and debugging interfaces commonly used in the industry, for example, the serial port, Telnet, and JTAG interfaces, which can be used by downstream equipment vendors for secondary development. This is a common practice of chip vendors in the industry. Telnet is disabled by default, and there is no default user password. In addition, HiSilicon provides the Cyber Security Precautions for Secondary Development to equipment vendors along with the software package. The Cyber Security Precautions for Secondary Development strongly advises customers to delete the Telnet function and other functions concerning risky services from final mass production versions and provides specific methods to do so. Huawei (and its affiliates worldwide, including HiSilicon) has long committed that it has not and will never place backdoors nor allow anyone else to do so.
The report mentioned the fact that the tested devices have telnet access. As an important part of the supply chain of video surveillance devices, HiSilicon is willing to collaborate with downstream equipment vendors and researchers through coordinated response to cyber security risks brought by the vulnerability and protect the interests of end users.
Note: All Huawei equipment that uses HiSilicon video surveillance chips has already had risky services such as Telnet deleted, in accordance with the Cyber Security Precautions for Secondary Development and therefore does not contain the vulnerability mentioned in the report.
- Initial Release Date: 2020-02-05
- Last Release Date: 2020-02-06
Security Notice
HiSilicon is a global leading fabless semiconductor and IC design company that is dedicated to providing comprehensive connectivity and multimedia chipset solutions for global equipment vendors in fields such as video surveillance, set-top boxes, and smart homes.
The vulnerability response of video surveillance devices may involve different stakeholders such as vulnerability research organizations/individuals, chip suppliers, component suppliers, equipment vendors, and end users. It is necessary to clearly understand the complexity of the supply chain. Any part of the supply chain may introduce vulnerabilities, which increases the difficulty in vulnerability response. Coordinated vulnerability disclosure is the best practice in the industry in this scenario. As an important part of the supply chain of video surveillance devices, HiSilicon is willing to cooperate with stakeholders in the industry to cope with cyber security risks through coordinated vulnerability disclosure and protect the interests of end users.
HiSilicon noticed the media report about the suspected security issue in DVRs/NVRs built on HiSilicon video surveillance chips on February 4, 2020: The Telnet service can be enabled via TCP port 9530 and the default password can be exploited to log in and gain control over the device. HiSilicon immediately investigates the security issue mentioned in the report and provides our investigation results as follows:
This vulnerability is not introduced by the chips and SDKs provided by HiSilicon
The researcher did not explicitly state product models and equipment vendors but inferred that the vulnerability is introduced by HiSilicon chips merely based on that the products use HiSilicon chips and that the firmware obtains the Telnet login password from the /etc/passwd file and logs in to Telnet to get root shell.
The research report said that the Telnet service that is disabled by default on the device can be enabled through TCP port 9530, and then the attacker can brute force the device to gain control over the device.
The article also mentioned four vulnerabilities back from 2013 to 2017. HiSilicon analyzed the vulnerabilities and found that they were not introduced by the chips or SDKs provided by HiSilicon.
Huawei has got in touch with the researcher and made technical clarifications. The researcher has updated the blog information, stating that HiSilicon cannot be blamed for the issue in the specified binary. To protect the customer's interests, HiSilicon has informed the equipment vendor for immediate handling.
The following figure shows the logic of the HiSilicon chip in an entire device.
In this figure, the components marked in blue are delivered by HiSilicon; the parts marked in green are open-source code, and HiSilicon provides it as reference code to equipment vendors; the applications marked in orange are delivered by equipment vendors. The PSK and authentication management mechanisms mentioned in the reported research are categorized as the contents marked in orange and are delivered by equipment vendors.
HiSilicon offers SDK versions to subscribed customers via the HiSupport website. The reference code (contents marked in green) in SDK versions contains development and debugging interfaces commonly used in the industry, for example, the serial port, Telnet, and JTAG interfaces, which can be used by downstream equipment vendors for secondary development. This is a common practice of chip vendors in the industry. Telnet is disabled by default, and there is no default user password. In addition, HiSilicon provides the Cyber Security Precautions for Secondary Development to equipment vendors along with the software package. The Cyber Security Precautions for Secondary Development strongly advises customers to delete the Telnet function and other functions concerning risky services from final mass production versions and provides specific methods to do so. Huawei (and its affiliates worldwide, including HiSilicon) has long committed that it has not and will never place backdoors nor allow anyone else to do so.
The report mentioned the fact that the tested devices have telnet access. As an important part of the supply chain of video surveillance devices, HiSilicon is willing to collaborate with downstream equipment vendors and researchers through coordinated response to cyber security risks brought by the vulnerability and protect the interests of end users.
Note: All Huawei equipment that uses HiSilicon video surveillance chips has already had risky services such as Telnet deleted, in accordance with the Cyber Security Precautions for Secondary Development and therefore does not contain the vulnerability mentioned in the report.
提醒一下,现在的i phone 也不是那么安全的。听说香港警察就可以破解(当然我对科技的东西不太了解...
謝謝提醒!我會小心的,至少上品蔥我是用無痕模式應該沒什麼問題…(大概)
这算什么后门……完全是中国厂商一向不重视安全留下的root访问漏洞。这种只要把所有端口扫描一遍就能发现的玩意儿,如果真是人为留下的“后门”未免也太低级了……