algorithm in the software development library provided by Huawei for its HiSilicon SOC, on which the camera is based.[1]
These and other incidents indicate that Chinese agencies may mandate backdoor access to devices shipped into China to aid their internal surveillance activities. Because of the nature of software development environments, it is difficult to maintain separate sets of code bases with some code options only compiled and installed on devices shipped to specific destinations. When those devices are shipped outside of China, those backdoors can still be used to exfiltrate information.
We can only speculate whether or not the spread of these security vulnerabilities is intentional or inadvertent. However, if Chinese policy does require backdoor access embedded in devices sold in China for internal security purposes, this compromised code applied to such a large market increases the risk that these vulnerabilities will spill over into the rest of the world. If China dominates the market for 5G devices, both as a manufacturer and as a large and attractive market of users, then this potential for vulnerabilities will only continue to spread and put the larger 5G ecosystem at risk.
- ↑ “Millions of XIONGMAI Video Surveillance Devices Can Be Hacked Via Cloud Feature,” SEC Consult, accessed March 31, 2019, https://sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/.
