IoT Security

The new Zero-day exploit

The new Zero-day exploit

Full disclosure: 0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below. Previous work and historical context HiSilicon has a long track record of implementing backdoor access on their devices.Earliest known versions of it had telnet access enabled with a static root password which...

Read more →

Port Digger MIPS Technology