Forwarded from BlackBox (Security) Archiv
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
π ππΌ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
π ππΌ π©πͺ https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
π ππΌ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
π ππΌ π©πͺ https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
huawei
Security Notice β Statement on the Media Reports About the Suspected Security Issues in HiSilicon Video Surveillance Chips