# Xiongmai사의 DVR/IP캠 소프트웨어에서 백도어 발견

> Clean Markdown view of GeekNews topic #1464. Use the original source for factual precision when an external source URL is present.

## Metadata

- GeekNews HTML: [https://news.hada.io/topic?id=1464](https://news.hada.io/topic?id=1464)
- GeekNews Markdown: [https://news.hada.io/topic/1464.md](https://news.hada.io/topic/1464.md)
- Type: news
- Author: [xguru](https://news.hada.io/@xguru)
- Published: 2020-02-07T10:39:46+09:00
- Updated: 2020-02-07T10:39:46+09:00
- Original source: [habr.com](https://habr.com/en/post/486856/)
- Points: 3
- Comments: 2

## Topic Body

공격자가 9530포트로 텔넷 침투해서 루트쉘 접근 가능.

Xiongmai가 OEM으로 공급한 100개 이상 업체의 디바이스가 해당.

## Comments



### Comment 1080

- Author: xguru
- Created: 2020-02-07T10:41:34+09:00
- Points: 1

처음엔 화웨이의 자회사인 HiSilicon칩이 문제라고 공개되었지만, 그 칩을 사용해서 소프트웨어를 만든 Xiongmai 제품만 문제라는것이 추가로 밝혀짐

화웨이는 이에 대해 공식 보도자료를 냄

Security Notice - Technical Analysis Report on the Suspected Security Issue of HiSilicon Video Surveillance Chips Reported by Some Media

https://www.huawei.com/en/psirt/security-notices/2020/huawei-sn-20200205-01-hisilicon-en

자신들이 만든 칩셋과 SDK의 문제가 아니라, 그 위에 OEM으로 작성된 펌웨어와 OS가 문제라고 밝힘

### Comment 1081

- Author: xguru
- Created: 2020-02-07T10:42:47+09:00
- Points: 1
- Parent comment: 1080
- Depth: 1

Xiongmai 가 납품한 제품이라는게 정작 제품에는 잘 안써져 있을수 있어서, 확인이 필요할듯

검색해보니 이런 회사들이 포함된다고.

https://sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/

9Trading, Abowone, AHWVSE, ANRAN, ASECAM, Autoeye, AZISHN, A-ZONE, BESDER/BESDERSEC, BESSKY, Bestmo, BFMore, BOAVISION, BULWARK, CANAVIS, CWH, DAGRO, datocctv, DEFEWAY, digoo, DiySecurityCameraWorld, DONPHIA, ENKLOV, ESAMACT, ESCAM, EVTEVISION, Fayele, FLOUREON , Funi, GADINAN, GARUNK, HAMROL, HAMROLTE, Highfly, Hiseeu, HISVISION, HMQC, IHOMEGUARD, ISSEUSEE, iTooner, JENNOV, Jooan, Jshida, JUESENWDM, JUFENG, JZTEK, KERUI, KKMOON, KONLEN, Kopda, Lenyes, LESHP, LEVCOECAM, LINGSEE, LOOSAFE, MIEBUL, MISECU, Nextrend, OEM, OLOEY, OUERTECH, QNTSQ, SACAM, SANNCE, SANSCO, SecTec, Shell film, Sifvision / sifsecurityvision, smar, SMTSEC, SSICON, SUNBA, Sunivision, Susikum, TECBOX, Techage, Techege, TianAnXun, TMEZON, TVPSii, Unique Vision, unitoptek, USAFEQLO, VOLDRELI, Westmile, Westshine, Wistino, Witrue, WNK Security Technology, WOFEA, WOSHIJIA, WUSONLUSAN, XIAO MA, XinAnX, xloongx, YiiSPO, YUCHENG, YUNSYE, zclever, zilnk, ZJUXIN, zmodo, ZRHUNTER