Researcher Discloses Critical Flaws Affecting Millions of HiSilicon Chips(cyware.com)
cyware.com
Researcher Discloses Critical Flaws Affecting Millions of HiSilicon Chips
https://cyware.com/news/researcher-discloses-critical-flaws-affecting-millions-of-hisilicon-chips-bc25313a
9 comments
There was an article a few days ago about a software backdoor built by a different company that was unrelated to the actual silicon. Is this the same vulnerability, or is this one actually implemented in silicon?
The link to the PoC is the same as for this submission: https://news.ycombinator.com/item?id=22251329
Same vulnerability. The reason HiSilicon couldn't provide the fix is that they didn't write the firmware running on those devices, Xiongmai did. This information was added as an update to the original writeup.
Same vulnerability. The reason HiSilicon couldn't provide the fix is that they didn't write the firmware running on those devices, Xiongmai did. This information was added as an update to the original writeup.
More interesting info on Xiongmai if anyone’s unfamiliar:
https://krebsonsecurity.com/2018/10/naming-shaming-web-pollu...
https://krebsonsecurity.com/2018/10/naming-shaming-web-pollu...
HiSilicon is a subsidiary of Huawei https://en.wikipedia.org/wiki/HiSilicon
I'm probably picking nits, but is something intentionally designed and implemented a "flaw" if it works as intended?
You're right, depends on the perspective.
From Huawei/CCP standpoint it's a feature. For everyone else, it's a flaw.
From Huawei/CCP standpoint it's a feature. For everyone else, it's a flaw.
Indeed, and given that this was an intentional design tells you who they truly believe is their primary "customer."
If the intention was to allow telnet login over the internet, they'd also have added hole punching so accessing the port doesn't require bypassing the firewall.
The design is more consistent with a debug feature intended for troubleshooting by someone on the same LAN. Of course the debug interface shouldn't be so easy to access, but that's just stupidity, not malice.
The design is more consistent with a debug feature intended for troubleshooting by someone on the same LAN. Of course the debug interface shouldn't be so easy to access, but that's just stupidity, not malice.
Flawed by design!
"Apparently, all these years HiSilicon was unwilling or incapable to provide adequate security fixes for [the] same backdoor which, by the way, was implemented intentionally," Yarmak remarked.
"Apparently, all these years HiSilicon was unwilling or incapable to provide adequate security fixes for [the] same backdoor which, by the way, was implemented intentionally," Yarmak remarked.