Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment.


In a disclosure published this week, Alexei Kojenov, lead product security engineer at Salesforce, outlined a series of flaws affecting IPTV/H.264/H.265 video encoders powered by the hi3520d chipset from Huawei's HiSilicon subsidiary. The security holes are present in software, whose developer is unknown, that runs on top of a Linux stack provided by HiSilicon for products using its system-on-chips.


"The vulnerabilities exist in the application software running on these devices," said Kojenov in his post. "All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device."


The critical ..

Support the originator by clicking the read the rest link below.