The title is misleading. HiSilicon is responsible for the SoC, but the backdoor is part of the Linux-based device firmware made by another company called Hangzhou Xiongmai Technology Co. There is no clear connection between Huawei and Xiongmai.
You can find the clarification about the firmware maker (Xiongmai) towards the end of the article.
> There is no clear connection between Huawei and Xiongmai.
If Xiongmai firmware runs on HiSilicon SoCs, there must be some kind of connection, even if just via a third party that paid HiSilicon for the hardware and Xiongmai to write the firmware for it. Unfortunately, the writeup doesn't clearly identify who that could be.
This argument proves too much. By this reasoning, "Qualcomm-owned Cisco" is "injecting backdoors" into their chips as well.[1]
The real title of the article is "0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras" and the word Huawei doesn't even appear in it.
If OP wants to claim that Huawei are involved, maybe they should write their own article. :/
CISCO has not only a long history of creating backdoors, but have also been marketing them as features. They even wrote an IETF proposal (RFC 2804) for a LI backdoor:
Edit: Schneier wrote in 2018: "We don't know if this is error or deliberate action, but five backdoors have been discovered [in CISCO] already this year." and linking to this article: https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a... (the final count went up to 7 actual backdoors discovered in 2018.
For those struggling to read this comment, HiSilicon is Huawei.
Xiongmai is well known to do this sort of thing with firmware, at this point I tend to think that they have probably been asked to do this sort of thing.
Any competent person who installs their software on a device knows that they are installing CCP spyware (whether Xiongmai intends it that way or otherwise).
The article title is clickbait though, at least as far as I'm aware. Huawei does not own Xiongmai...
I am definatley "struggling to read this comment." Is there some way authorative source that I can use to verify which company owns which?
Is this somehow presumed to be common knowledge? Because if I accept every claim like this that is conveyed by slapping a new title on someone else's article, I'm going to believe a lot of incorrect, if not crazy, stuff. I mean, I have no love for any of these companies, but is it too much to ask that if we go around accusing people of things we show our work?
"Is there some way authorative source that I can use to verify which company owns which?"
What do you mean by 'owns'? When answering, please keep into account that this is about Chinese companies, where 'corporate ownership' means something else than in the West (this is not China-bashing, I think it's established fact that cultural norms about what is "ownership" in pretty much every context are different between cultures).
Also I'm not not claiming one way or the other - I'm just asking, for your specific question, what sort of information would convince you of the veracity of the facts you're looking for?
How about we start with _any_? I won't believe an inflammatory claim based on heresay alone.
The claim in discussion was HiSilicon is "Huawei-owned", not "HiSilicon is Chineese." If the claimant meant something by "owned" other than it's dictionary denotation, he didn't say that. If the meaning of corporate ownership is undefined in China, the claim is not true because it is also undefined.
Edit: Ok, look. I think heinously insecure imported IoT stuff, which could possibly be meddled with by a foreign state is a very serious concern. If that's what you're driving at, I agree with you. But if we want people to take us seriously we need to be careful not to say stuff that isn't true, or go around accusing people of things if we can't back it up with evidence. This would undermine our goals.
I don't think it is inflammatory in isolation. I just wanted a citation for it. My objection had to do with the entire title, but that has now been changed to the actual article title. This conversation is confusing because it's happening between so many people, and the title changed.
With respect to the ownership of HiSilicon, I was looking for a citation. I accept that Huawei owns HiSilicon. Thank you.
You can find the clarification about the firmware maker (Xiongmai) towards the end of the article.