This, among other security concerns, is something the U.S. government has been worried about for years. While Yarmak's claim seemed believable at first, it was in fact the security camera manufacturer using Huawei's product that had, likely mistakenly, included this breachable security hole.
In this case the security camera that was accessible via a remote access software allowed the creation of a session key that would let in telnet connections to the camera with default administrator logins.
Yarmak blamed HiSilicon, Huawei's chip manufacturing arm, of the faulty system-on-chip. However, HiSilicon did their own research and determined that it was the software, not the hardware, component that allowed this backdoor access.
Yarmak has since acknowledged his mistake.
Fortunately the software error isn't widely spread since it was only found in security camera by two manufacturers, both fairly insignificant. However, if you happen to own cameras by Hangzhou Xiongmai Technology or XMtech, you might want to look into possible patches.
As you might imagine, after harsh relations with especially the U.S., Huawei takes accusations like this seriously. They are under a microscope, and no major problems have surfaced lately, which should make Huawei users feel a little more secure.
Written by: Matti Robinson @ 7 Feb 2020 12:19
