FLIR Responds to Dahua Backdoor

JH
John Honovich
Mar 10, 2017
IPVM
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure. Key excerpts: Certain FLIR and Lorex branded products that are produced by Dahua may be affected by ...

Read the full report here
Avatar
Chris Lanier
Mar 10, 2017

Thanks IPVM for including this important topic in your blog series. Industry awareness had definitely increased and clearer information is appreciated. OEM partnerships cut both ways- On one side, a trusted brand can get products to market quickly. On the other hand, it is evident a couple of high profile OEMs have emboldened themselves to poach their own customers.

To FLIR's customer care credit, they have included a hotline number and email enrollment for those needing immediate help or want to be first in the development loop: 877-757-6981 and www.flir.com/securityinfo

 

 

(4)
(3)
UD
Undisclosed Distributor #2
Mar 13, 2017

I want to know what the customer response is... When we first released a statement last time Dahua was involved in a hack and a major world-record-breaking DDOS attack NO ONE CARED.

Do we really think anyone will care now? I talked to some people who run businesses in our city's chamber of commerce meeting and no one cares about it. If they can see video on their phone they're pleased...

Until someone gets properly sued and there's a precedent for responsibility... no one will care.

(3)
JH
John Honovich
Mar 13, 2017
IPVM

I talked to some people who run businesses in our city's chamber of commerce meeting and no one cares about it.

I believe that and have seen similar. However, the larger the end user gets, the more likely they are to consider poor security vulnerabilities / recent backdoors to be a disqualification / deal breaker.

(3)
Avatar
Brian Karas
Mar 13, 2017
IPVM

I talked to some people who run businesses in our city's chamber of commerce meeting and no one cares about it. If they can see video on their phone they're pleased.

That does not surprise me. My personal feeling is that in many cases there is still a mentality of "well, *my* system is so small/inconsequential/boring that I won't be a target". Or similarly "what are the odds that *I* get attacked?".

I do not know the exact number, but I believe it will take 10 or 20 (or more) widespread cases like this before people realize that ALL unprotected internet-connected devices are at risk. The hackers don't care if your system is big or small, boring or exciting, they just know you as an IP address, found by scanning endless across all possibilities.

This is probably not the straw that will break the camel's back, but it is still a straw.

U
Undisclosed #1
Mar 13, 2017

 

(6)
GC
Greg Cortina
Oct 04, 2017

Our page has been updated. 

http://www.flir.com/securityinfo/

FLIR has been pushing updates to Cloud Connected models and users or dealers can accept these updates locally at the machine or  through the CMS software and App.

Please read the instructions carefully.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions