Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huawei Is Blocked in US, But Its Chips Power Cameras Everywhere (bloomberg.com)

Posted by msmash on from the how-about-that dept.

An anonymous reader shares a report: Pelco, a California-based security camera maker, set lofty sales targets last year for a model with sharper video resolution and other cutting-edge features. That was until Congress derailed its plans. In August, updated legislation barred the U.S. military and government from buying tech gear from firms deemed too close to authorities in China. When the bill surfaced, Pelco scrapped any thought of providing its new GPC Professional 4K camera to the U.S. government and lowered its sales goals. The reason: The device uses parts from HiSilicon, the chip division of Huawei.

[...] Most of the focus is on Huawei telecom gear that helps run communications networks all over the world. But chips from the HiSilicon unit are also sparking concern because they power about 60 percent of surveillance cameras. That means Chinese chips process video from cameras that sit in places as varied as pizzerias, offices and banks across the U.S.

29 of 49 comments (clear)

  1. Ridiculous. Can we block the USA too? by Anonymous Coward · · Score: 1, Insightful

    I mean yes, let's absolutely block ALL mnufacturers from China, because they spy sneakingly.

    Following that same (valid) reasoning, since the USA has more than ten times the spying budget and we havd literal proof that they spy on ALL the people, including for corporate interests or sexual/love reasons, we should ban ALL US products ten times more.

    Priorities, people!

    It's the NSA/DHS/FBI/DEA/... that are the biggest threat, if you're US-American, since they have actual power over you.

    Ban Huawei, if you are *Chinese*! Again since the Chinese government has powet over you.

    Oh wait ... this is about protecting the US *corporate government*! Not the people!
    It's about a spying monopoly ON the US-American people!

  2. Pizzarias? by Ol+Olsoc · · Score: 1
    So that's where the PizzaGate rumors came from!

    But seriously, if you have an Internet of Things device, it is being used to spy on you. Doesn't matter who made the chips, doesn't matter what it is doing.

    We can argue about whether that is a main or secondary purpose, but It is a spying device that you voluntarily install.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    1. Re:Pizzarias? by AmiMoJo · · Score: 1

      Someone needs to make a consumer router that has a special Internet of Shit wifi hotspot built in.

      I've got one on my own network. It can't access the internet, can't access anything that isn't local in fact. I can get at it from the main LAN though. Device isolation is turned on as well, so devices can't even talk to each other.

      I've got another one just for my smart meter. It is allowed to talk to the energy company server only, once a month, for five minutes. That appears to be adequate for them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Pizzarias? by Ol+Olsoc · · Score: 1

      Someone needs to make a consumer router that has a special Internet of Shit wifi hotspot built in.

      I've got one on my own network. It can't access the internet, can't access anything that isn't local in fact. I can get at it from the main LAN though. Device isolation is turned on as well, so devices can't even talk to each other.

      I've got another one just for my smart meter. It is allowed to talk to the energy company server only, once a month, for five minutes. That appears to be adequate for them.

      It's just a pity that we have to go to that level to keep these things from reporting home. Do you use Wireshark to check on them?

      Does GB use direct to internet for smart meters? I've got one too, but it uses a Broadband over power line method of chatting with home. "Broadband" in the most lenient terms. Anyhow, I can't control it, but there isn't much it can glean on me.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:Pizzarias? by AmiMoJo · · Score: 1

      I monitor the filewall so if they do attempt to connect out I see it. So far all devices stop when asked to. It's mostly cameras.

      Some smart meters use the cellular network or powerline comms, the one I have uses wifi. It's supposed to be better because if you change supplier you don't have to change the meter, at least in theory. Since I change supplier every year or two (you have to or you bills shoot up) that's actually kinda useful.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Pizzarias? by Ol+Olsoc · · Score: 1

      I monitor the filewall so if they do attempt to connect out I see it. So far all devices stop when asked to. It's mostly cameras.

      Some smart meters use the cellular network or powerline comms, the one I have uses wifi. It's supposed to be better because if you change supplier you don't have to change the meter, at least in theory. Since I change supplier every year or two (you have to or you bills shoot up) that's actually kinda useful.

      Yep, the original BPL version of smartmeters is pretty inferior to the wifi version.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  3. Maybe, but not likely. by foxalopex · · Score: 1

    I'd partially question the reasoning behind this because it seems more political than science based. Although yes, a camera chip is a tad more complex than decades ago, I'm still willing to bet that if a manufacturing entity was crazy enough to insert spyware into such a chip that it would stand out like a sore thumb. You can't hide things entirely when you have scanning electron microscopes or X-ray technology. It's like asking the company constructing your house to build an actual secret passageway. A much more discrete way is to leave a lock on a window broken for example so that it doesn't look like you're making an obvious backdoor. The problem is on a chip the most likely way would be that it would leak a little EMI which would probably be only usable at extremely close range. I'm not saying this isn't impossible but it would be an impressive challenge.

    1. Re:Maybe, but not likely. by gweihir · · Score: 1

      There is zero reason to compromise a camera chip. The interface is just not suitable for any kind of attack against the main system. But the whole "spying" thing is a big, fat lie anyways, purely motivated by economic arguments. As the US falls more and more behind, it turns out that it only wants to compete in an open market as long as it is ahead.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Maybe, but not likely. by AHuxley · · Score: 1

      CCTV in/near the gov/mil/city hall gives every face and every plate, every passengers face.
      Some voice prints too? Hows that new, low cost, fully imported IMSI-catcher working?
      Thats every US worker, officer, walk in informant, undercover gov/mil.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Maybe, but not likely. by tlhIngan · · Score: 5, Interesting

      There is zero reason to compromise a camera chip. The interface is just not suitable for any kind of attack against the main system. But the whole "spying" thing is a big, fat lie anyways, purely motivated by economic arguments. As the US falls more and more behind, it turns out that it only wants to compete in an open market as long as it is ahead.

      True, a camera chip is hard to compromise, but the threat is still very real. Because in China, by law (or really decree of Dictator Xi) every large company must have a Party member on board, and every company must obey the will of the Government. There are terrible consequences for not obeying. And speaking out is a sure way to get "disappeared".

      For something like a camera, OK, maybe not so much. But for something like a network switch or core router or switchgear, things get a lot more interesting, because it will have access to sensitive traffic, and there's the rub. Huawei cannot come clean about any spyware it installed on behalf of the government or even if there is spyware, because it's illegal for them to do so. So even if you ask them they will always say "no".

      Things are somewhat different in the US - the government can make demands but it can also be challenged on those demands. (This is the primary difference between "Rule of Law" - where the law is supreme, and "Rule by Law" where someone can easily mold the law as they see fit (like what China does)).

      Doesn't mean there isn't a lot of shady stuff going on, but at least in the West, that stuff generally gets exposed. The Chinese Snowden was probably killed stepping out of their building. Fact is, the west has independent judicial systems, independent government, independent press, etc. While in China, it's all state controlled - from the courts to the press.

    4. Re:Maybe, but not likely. by thegarbz · · Score: 1

      There is zero reason to compromise a camera chip.

      You should count the number of chips in a camera. If you get at the number 1 then you'd realise what TFA is actually talking about here and why it's a big deal.

      The interface is just not suitable for any kind of attack against the main system

      The HiSilicon parts are the complete SoC which handles *EVERYTHING*. It's suitable for every kind of attack you can think on for an IoT device.

  4. Re:Dangerous chips by hackingbear · · Score: 1

    ... like they will send all Angela Merkel's nude images to the NSA [theguardian.com], trigger all WMDs in Iraq, and make you hyper paranoia if you are not already.

    The US is already in the state of paranoia.

  5. Huawei is not a problem by gweihir · · Score: 2

    Or rather it is, but only as a commercial competitor. Those that cannot compete in fair market will often try anything. Kind of funny to see this happening in the US where the "free market" is a huge fetish. The whole "spying" thing is a big fat smokescreen.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Huawei is not a problem by gweihir · · Score: 1

      True

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Not simple "camera" chips. Full SoCs. by WoTG · · Score: 2

    I bought a web security cam for $15 on sale over the holidays. I can't figure out how they can retail for so cheap. It has a HiSilicon "camera" SoC. From what I saw with a quick web search, this SoC does everything in the device. Basic image capture stuff, handles whatever API the vendor app to connect to it needs, full recording to the SD card, etc. Apparently if I felt like jerry-rigging a cable, I could telnet (or SSH?) and get a (busybox?) shell. I'm sure there's enough processing in it to handle all kinds of stuff..

  7. Printers were used to compramize nettworks by aberglas · · Score: 1

    Many here will remember how harmless looking printers were used to hack corporate networks.

    So yes, a camera chip is a pretty obscure place to hack, but it probably talks to the main system over an unsecured protocol that was never designed for a hostile chip at the other end.

    Everything is so complex now, with so much power, that many weird things can be done.

    1. Re:Printers were used to compramize nettworks by UnderCoverPenguin · · Score: 1

      Many printers are directly connected to a WiFi or LAN. Many printers targeted to the small office and home use markets rely on either OEM or third party servers to allow your mobile devices to use your printer.

      How many people are knowledgeable enough to block their printer's access to the Internet? How many even think of that? And, how many are actually willing to deny their mobile devices the ability to print to their printer?

      On the other hand, many cameras for small office and home use are WiFi connected. And, like the printers, also rely on OEM or third party servers to allow users to view the video on their mobile devices. Even if the camera chip is separate from the rest of the electronics, it could still exfiltrate data other than the expected video stream.

      What data could a camera chip get that you might not want sent? In many low end cameras, the only lens is the lens built in to the package of the camera chip. If that lens doesn't block infrared light, the chip could send out a second video stream showing what it sees in infrared.

      Also, think about that webcam sitting on your monitor or built in to your laptop - does the built in lens cover block infrared light? Even if the cover distorts the image, there are algorithms to correct for that. And, often, the distortion isn't enough to make the uncorrected stream useless.

      --
      Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
  8. Core networking makes sense. Cameras no by Harlequin80 · · Score: 2

    For core network devices the restriction on Huawei makes sense as there is the side band maintenance network that core network infrastructure has. It's not so much them reading the data passing through the network as it is the ability for them to bring the network down.

    That said you would be crazy to think the US doesn't have exactly the same capabilities in the Cisco and other US brand equipment that is installed around the world.

    1. Re: Core networking makes sense. Cameras no by edris90 · · Score: 1

      Your own government has vested interest in keeping you under control and so cannot be trusted at all. But a foreign government doesn't care about Small Potatoes like you because they have bigger agendas and so much less likely to do something with your information sends the feds knocking on your door. I would rather trust the Chinese equipment. there's less conflict of interest.

  9. Hikvision by Anonymous Coward · · Score: 1

    We use enterprise level surveillance software provided by a Canadian vendor. Two years ago, the vendor issued a security advisory suggesting their customers stop using HIK Vision cameras.

    The surveillance software is configured to manage video using dedicated servers on the customer's premises and nothing else. This isn't cloud-based software.

    When I asked why the vendor issued the advisory, the company's president cited two cases involving different sites. In one case, the cameras were detected attempting to reach servers in China despite being configured to serve video only to the customer's on-site servers.

    In another incident, HIKVision responded to a request for tech support on a camera by sending a sample shot to the customer. The customer was surprised to see that the sample had been taken from his own camera. Again, the video was supposed to stay on the customer's premises; there are no off site servers talking to the servers tasked with managing video.

    The vendor will no longer support HIKVision cameras unless the customer signs a hold harmless document specifically acknowledging the security risk the cameras pose.

     

    1. Re:Hikvision by cheesybagel · · Score: 1

      Don't buy a Tesla car then.

  10. You must be joking by Snotnose · · Score: 3, Interesting

    Before I retired a few years ago I wrote drivers for cameras that went into cellphones. These things were hideously complex, and a minor tweak to some obscure "sets the delta alpha gamma anion setting" could have dramatic effects on the picture quality.

    None of the 100+ registers had anything to do with networking. They weren't even directly connected to anything outside the 8-16 bit interface used to talk to them. I can't think of any way these sensors could be used for spying, unless they had a hidden, built in wireless link built in. Which I strongly doubt, as the prices between cameras was pennies per unit.

    That said, if a single chip had a camera and network interface (which I never ran across) then there could be issues.

    1. Re:You must be joking by stefanb · · Score: 1

      They are talking about the controller, not the sensor.

    2. Re:You must be joking by thegarbz · · Score: 1

      None of the 100+ registers had anything to do with networking.

      The HiSilicon chips being discussed here are full SoCs that interface with the sensor. They among other things have everything to do with the networking.

  11. Re:Core networking makes sense. Cameras no by thegarbz · · Score: 1

    Please post the link to your completely unprotected feed from your in-house IP camera. If you don't want to then maybe re-assess why this restriction is in place.

  12. Re:Core networking makes sense. Cameras no by coofercat · · Score: 1

    As mentioned above - the 'camera' most likely has a CPU + network + operating system on it, all in the same chip. Plus it was probably sold at an impossibly low price (subsidised, perhaps?) so it would sell in decent quantity, and a few of them might end up in 'interesting' places.

  13. Re:Core networking makes sense. Cameras no by Harlequin80 · · Score: 1

    The cameras should still be on their own network and firewalled from the outside world.

    With core networking gear the concern is exploits through the control network which can't be firewalled.

  14. ... really? by stonecypher · · Score: 1

    This security camera maker used insecure parts, and had to lower targets when several governments said 'this cannot be trusted this way'

    WHAT A VICTIM, BIG BAD AMERICANS

    how short sighted y'all are

    --
    StoneCypher is Full of BS
  15. Real threat or industrial espionage? by Zigakly · · Score: 1

    Security cameras and their hub systems have been hacked like crazy, largely because the average user (homeowner, retail lackey, office lackey) doesn't even bother changing the default passwords, much less a firewall or any reasonable security measures. Here's a report of a website streaming over 70,000 hacked cameras, and here's a report of over a hundred police surveillance cameras being hacked to send spam right in DC. They're plenty hackable, just a matter of whether the Chinese state thinks it's worth risking sanctions from the countries they're surveilling.

    But this could also easily be industrial espionage. In the US, anyone competing with Huawei could simply spend a few million lobbying to convince congress that it's happening. No proof is required, only that the capability is there, and that if China was doing it we might never know.