
Backdoor mechanism still active in devices using HiSilicon chips - LogicRiver
https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/
======
mzs
[https://habr.com/en/post/486856/](https://habr.com/en/post/486856/)

------
milankragujevic
This is not a HiSilicon thing, but instead a "feature" of Sofia DVR software
made by XiongMai (Hangzhou Xiongmai Technology Co.,Ltd).

I tried the exploits on my HiSilicon Hi3518 IP camera, and none worked. It has
no weird open ports (including telnet, ssh, ftp, http[s]) and communicates
with temporary udp ports and the local broadcast IP address.

Basically you broadcast the camera's name, command and hash that includes the
password, and if it acknowledges your request it will reply to you on the
specified IP and port with a UDP packet. If you want to watch the camera, you
have to listen on a port and tell it to send the stream to you. It's a push
not a pull configuration.

------
powerapple
When I read the title, I thought the chip has backdoors.. so misleading...

