Huawei Is Blocked in US, But Its Chips Power Cameras Everywhere (bloomberg.com) 49
An anonymous reader shares a report: Pelco, a California-based security camera maker, set lofty sales targets last year for a model with sharper video resolution and other cutting-edge features. That was until Congress derailed its plans. In August, updated legislation barred the U.S. military and government from buying tech gear from firms deemed too close to authorities in China. When the bill surfaced, Pelco scrapped any thought of providing its new GPC Professional 4K camera to the U.S. government and lowered its sales goals. The reason: The device uses parts from HiSilicon, the chip division of Huawei.
[...] Most of the focus is on Huawei telecom gear that helps run communications networks all over the world. But chips from the HiSilicon unit are also sparking concern because they power about 60 percent of surveillance cameras. That means Chinese chips process video from cameras that sit in places as varied as pizzerias, offices and banks across the U.S.
[...] Most of the focus is on Huawei telecom gear that helps run communications networks all over the world. But chips from the HiSilicon unit are also sparking concern because they power about 60 percent of surveillance cameras. That means Chinese chips process video from cameras that sit in places as varied as pizzerias, offices and banks across the U.S.
Ridiculous. Can we block the USA too? (Score:1, Insightful)
I mean yes, let's absolutely block ALL mnufacturers from China, because they spy sneakingly.
Following that same (valid) reasoning, since the USA has more than ten times the spying budget and we havd literal proof that they spy on ALL the people, including for corporate interests or sexual/love reasons, we should ban ALL US products ten times more.
Priorities, people!
It's the NSA/DHS/FBI/DEA/... that are the biggest threat, if you're US-American, since they have actual power over you.
Ban Huawei, if you are *C
Pizzarias? (Score:2)
But seriously, if you have an Internet of Things device, it is being used to spy on you. Doesn't matter who made the chips, doesn't matter what it is doing.
We can argue about whether that is a main or secondary purpose, but It is a spying device that you voluntarily install.
Re: (Score:2)
Someone needs to make a consumer router that has a special Internet of Shit wifi hotspot built in.
I've got one on my own network. It can't access the internet, can't access anything that isn't local in fact. I can get at it from the main LAN though. Device isolation is turned on as well, so devices can't even talk to each other.
I've got another one just for my smart meter. It is allowed to talk to the energy company server only, once a month, for five minutes. That appears to be adequate for them.
Re: (Score:2)
Someone needs to make a consumer router that has a special Internet of Shit wifi hotspot built in.
I've got one on my own network. It can't access the internet, can't access anything that isn't local in fact. I can get at it from the main LAN though. Device isolation is turned on as well, so devices can't even talk to each other.
I've got another one just for my smart meter. It is allowed to talk to the energy company server only, once a month, for five minutes. That appears to be adequate for them.
It's just a pity that we have to go to that level to keep these things from reporting home. Do you use Wireshark to check on them?
Does GB use direct to internet for smart meters? I've got one too, but it uses a Broadband over power line method of chatting with home. "Broadband" in the most lenient terms. Anyhow, I can't control it, but there isn't much it can glean on me.
Re: (Score:2)
I monitor the filewall so if they do attempt to connect out I see it. So far all devices stop when asked to. It's mostly cameras.
Some smart meters use the cellular network or powerline comms, the one I have uses wifi. It's supposed to be better because if you change supplier you don't have to change the meter, at least in theory. Since I change supplier every year or two (you have to or you bills shoot up) that's actually kinda useful.
Re: (Score:2)
I monitor the filewall so if they do attempt to connect out I see it. So far all devices stop when asked to. It's mostly cameras.
Some smart meters use the cellular network or powerline comms, the one I have uses wifi. It's supposed to be better because if you change supplier you don't have to change the meter, at least in theory. Since I change supplier every year or two (you have to or you bills shoot up) that's actually kinda useful.
Yep, the original BPL version of smartmeters is pretty inferior to the wifi version.
Re: (Score:2)
... like they will send all Angela Merkel's nude images to the NSA [theguardian.com], trigger all WMDs in Iraq, and make you hyper paranoia if you are not already.
The US is already in the state of paranoia.
Maybe, but not likely. (Score:2)
I'd partially question the reasoning behind this because it seems more political than science based. Although yes, a camera chip is a tad more complex than decades ago, I'm still willing to bet that if a manufacturing entity was crazy enough to insert spyware into such a chip that it would stand out like a sore thumb. You can't hide things entirely when you have scanning electron microscopes or X-ray technology. It's like asking the company constructing your house to build an actual secret passageway. A
Re: (Score:2)
There is zero reason to compromise a camera chip. The interface is just not suitable for any kind of attack against the main system. But the whole "spying" thing is a big, fat lie anyways, purely motivated by economic arguments. As the US falls more and more behind, it turns out that it only wants to compete in an open market as long as it is ahead.
Re:Maybe, but not likely. (Score:5, Interesting)
True, a camera chip is hard to compromise, but the threat is still very real. Because in China, by law (or really decree of Dictator Xi) every large company must have a Party member on board, and every company must obey the will of the Government. There are terrible consequences for not obeying. And speaking out is a sure way to get "disappeared".
For something like a camera, OK, maybe not so much. But for something like a network switch or core router or switchgear, things get a lot more interesting, because it will have access to sensitive traffic, and there's the rub. Huawei cannot come clean about any spyware it installed on behalf of the government or even if there is spyware, because it's illegal for them to do so. So even if you ask them they will always say "no".
Things are somewhat different in the US - the government can make demands but it can also be challenged on those demands. (This is the primary difference between "Rule of Law" - where the law is supreme, and "Rule by Law" where someone can easily mold the law as they see fit (like what China does)).
Doesn't mean there isn't a lot of shady stuff going on, but at least in the West, that stuff generally gets exposed. The Chinese Snowden was probably killed stepping out of their building. Fact is, the west has independent judicial systems, independent government, independent press, etc. While in China, it's all state controlled - from the courts to the press.
Printers were used to compramize nettworks (Score:2)
Many here will remember how harmless looking printers were used to hack corporate networks.
So yes, a camera chip is a pretty obscure place to hack, but it probably talks to the main system over an unsecured protocol that was never designed for a hostile chip at the other end.
Everything is so complex now, with so much power, that many weird things can be done.
Re: (Score:2)
Many printers are directly connected to a WiFi or LAN. Many printers targeted to the small office and home use markets rely on either OEM or third party servers to allow your mobile devices to use your printer.
How many people are knowledgeable enough to block their printer's access to the Internet? How many even think of that? And, how many are actually willing to deny their mobile devices the ability to print to their printer?
On the other hand, many cameras for small office and home use are WiFi connected.
Re: (Score:2)
There is zero reason to compromise a camera chip.
You should count the number of chips in a camera. If you get at the number 1 then you'd realise what TFA is actually talking about here and why it's a big deal.
The interface is just not suitable for any kind of attack against the main system
The HiSilicon parts are the complete SoC which handles *EVERYTHING*. It's suitable for every kind of attack you can think on for an IoT device.
Re: (Score:2)
Some voice prints too? Hows that new, low cost, fully imported IMSI-catcher working?
Thats every US worker, officer, walk in informant, undercover gov/mil.
Huawei is not a problem (Score:3)
Or rather it is, but only as a commercial competitor. Those that cannot compete in fair market will often try anything. Kind of funny to see this happening in the US where the "free market" is a huge fetish. The whole "spying" thing is a big fat smokescreen.
Re: (Score:2)
True
Not simple "camera" chips. Full SoCs. (Score:3)
I bought a web security cam for $15 on sale over the holidays. I can't figure out how they can retail for so cheap. It has a HiSilicon "camera" SoC. From what I saw with a quick web search, this SoC does everything in the device. Basic image capture stuff, handles whatever API the vendor app to connect to it needs, full recording to the SD card, etc. Apparently if I felt like jerry-rigging a cable, I could telnet (or SSH?) and get a (busybox?) shell. I'm sure there's enough processing in it to handle all kinds of stuff..
Core networking makes sense. Cameras no (Score:3)
For core network devices the restriction on Huawei makes sense as there is the side band maintenance network that core network infrastructure has. It's not so much them reading the data passing through the network as it is the ability for them to bring the network down.
That said you would be crazy to think the US doesn't have exactly the same capabilities in the Cisco and other US brand equipment that is installed around the world.
Re: (Score:2)
Re: (Score:2)
Please post the link to your completely unprotected feed from your in-house IP camera. If you don't want to then maybe re-assess why this restriction is in place.
Re: (Score:2)
As mentioned above - the 'camera' most likely has a CPU + network + operating system on it, all in the same chip. Plus it was probably sold at an impossibly low price (subsidised, perhaps?) so it would sell in decent quantity, and a few of them might end up in 'interesting' places.
Re: (Score:2)
The cameras should still be on their own network and firewalled from the outside world.
With core networking gear the concern is exploits through the control network which can't be firewalled.
Hikvision (Score:1)
We use enterprise level surveillance software provided by a Canadian vendor. Two years ago, the vendor issued a security advisory suggesting their customers stop using HIK Vision cameras.
The surveillance software is configured to manage video using dedicated servers on the customer's premises and nothing else. This isn't cloud-based software.
When I asked why the vendor issued the advisory, the company's president cited two cases involving different sites. In one case, the cameras were detected attemptin
Re: (Score:2)
Don't buy a Tesla car then.
You must be joking (Score:4, Interesting)
None of the 100+ registers had anything to do with networking. They weren't even directly connected to anything outside the 8-16 bit interface used to talk to them. I can't think of any way these sensors could be used for spying, unless they had a hidden, built in wireless link built in. Which I strongly doubt, as the prices between cameras was pennies per unit.
That said, if a single chip had a camera and network interface (which I never ran across) then there could be issues.
Re: (Score:2)
Re: (Score:2)
None of the 100+ registers had anything to do with networking.
The HiSilicon chips being discussed here are full SoCs that interface with the sensor. They among other things have everything to do with the networking.
Another slashdot demonising propaganda piece (Score:1)
J-ish sniper bullets (google 'one shot, two kills' to see the favourite T-shirt design of slashdot owners/editors) have been fired into Gaza in their tens of thousands, maiming and murdering an endless
... really? (Score:2)
This security camera maker used insecure parts, and had to lower targets when several governments said 'this cannot be trusted this way'
WHAT A VICTIM, BIG BAD AMERICANS
how short sighted y'all are
Real threat or industrial espionage? (Score:1)
Security cameras and their hub systems have been hacked like crazy, largely because the average user (homeowner, retail lackey, office lackey) doesn't even bother changing the default passwords, much less a firewall or any reasonable security measures. Here's a report of a website streaming over 70,000 hacked cameras [gizmodo.com], and here's a report of over a hundred police surveillance cameras being hacked to send spam right in DC [sophos.com]. They're plenty hackable, just a matter of whether the Chinese state thinks it's worth r