Security News > 2020 > September > Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment.
Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components.
In a statement emailed to The Register and posted online, a Huawei spokesperson said, "Following the media reports about the suspected security issues in HiSilicon video surveillance chips on September 16, 2020, Huawei has launched an immediate investigation. After technical analysis, it was confirmed that none of the vulnerabilities were introduced by HiSilicon chips and SDK packages. Huawei is in favor of coordinated vulnerability disclosure by all organizations and individuals in the security research ecosystem to reduce the impact on stakeholders."
The encoders are used to stream video over IP networks, converting raw video signals to digital video using compression standards like H.264 or H.265 for distribution through a service like YouTube, or to be viewed directly in a web or app-based video player as an RTSP or HLS stream.
Kojenov says he analyzed video encoders from URayTech, J-Tech Digital, and Pro Video Instruments, and found their devices to be vulnerable to some or all of the reported flaws.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/
Related news
- Chinese cyberspies use new SSH backdoor in network device hacks (source)
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- Undocumented backdoor found in Bluetooth chip used by a billion devices (source)
- Chinese cyberspies backdoor Juniper routers for stealthy access (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Juniper patches bug that let Chinese cyberspies backdoor routers (source)
- FCC on the prowl for Huawei and other blocked Chinese makers in America (source)