A heads-up for anyone using popular security camera recorders (Swann and the like) that they should disconnect them from the network, pending firmware updates from all the manufacturers...
But who would want to? Brian
It provides easy access in through your firewall from which someone can access any other system on your network, or hop out somewhere else as you, even if you don't care about viewing/deleting recordings, and retrieving the admin username and password in cleartext (which you might have used somewhere else too).
Not to mention an incredible level of incompitence shipped in a security device...
Incompetence at having allowed easy access into security systems? Or incompetence at having the back door to gain easy access into security systems discovered?
Just wait a moment while I don this tin-foil hat..
..That's better.
I sense a growing unease about the use of Chinese manufactured ICs and systems in computing and telecommunications in 'The West.' For plenty of examples you only need to use site:theregister.co.uk in a google search for China Back Door.
Tin foil hat removed now.
Nick
For amusement I did just that. The first article I picked
Let?s pick up the high points of Skorobogatov?s story again: (1) a ?military grade? FPGA that is (2) manufactured in China (3) has a backdoor. With a combination like that, the headlines are guaranteed ? even if the threat is nebulous =========
and the nebulous threat illustrated by examples quoted like ====== ?Military? doesn?t mean ?this is a chip designed to protect military secrets.? It means ?if you put this chip into a product it can stand temperatures from -55°c to 125°C.? ====== Didn't worry me enough to look for any more articles.
The moral of that storey being, stick all that kind of kit safely on the lan where it can only be accessed via VPN, and not via a tunnel through your firewall.
(and if you must do the latter, then wither make that segment a DMZ, or put strict filtering on the entry router to only accept connections from trusted locations).
Still pretty inexcusable though...
Where FPGAs are concerned it means more than simple temperature range. But I don't see any western "military" projects using chinese FPGAs fro the foreseeable future.
MBQ
likely to write heavily biassed articles to get its readership up.
The device in question is supposed to be militarily secure using encryption, but has back doors. There is certainly an issue (you?ve heard of Stuxnet, I presume?) Read
I wouldn't be too sure. There was a rumour that Chinese FPGAs were used as replacements for military kit in Hong Kong before we handed it back to the Chinese.
And the back door doesn't necessarily mean that they can change the way an existing product works. It's an easy means of back engineering the algorithms etc. if they get hold of military equipment sold to "Chinese friendly" countries.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.