Subscriber Discussion

Anyone Else Noticing New Dahua Hacks?

Avatar
David Delepine
Jul 26, 2018
Brivo • IPVMU Certified

Several of our newer installs have recently had hacks, similiar to the wave of hacks last year but minus the (hacked 1, hacked 2, etc).

Funny thing is: none of the systems use port forwarding, nor default passwords, and all are (to the best of my knowledge, as I didn’t personally install or configure most of the devices) not using the older vulnerable firmware.

Anyone else had anything similiar happen? Has IPVM heard anything about this happening else where or about new vulnerabilities? I am meeting my RSM from Dahua tomorrow but I wanted to check around before bringing it up.

(2)
JH
John Honovich
Jul 26, 2018
IPVM

David, thanks, we have not heard of this yet.

What are the signs the machines are hacked? Are they using Dahua's P2P cloud service or how do they have remote access set up?

Avatar
David Delepine
Jul 26, 2018
Brivo • IPVMU Certified
In reply to John Honovich

One nvr had all the camera addresses changed to .68 (+/- 20 cams on site, cameras themselves not altered just the address which the nvr was looking for). Another recorder (newer pentabrid) had the tell-tell “default” user added to it, though none of cams had names or anything else changed. We just received another call today saying their NVR is showing all the cameras offline (which is what prompted the first service call mentioned above with the .68 addresses).

I guess maybe just a series of weird mistakes and unrelated errors... but enough to make me wonder coincidence or hack?

*edit* forgot to answer: yes all of the units are using Dahua’s P2P

(2)
JH
John Honovich
Jul 26, 2018
IPVM
In reply to David Delepine

Thanks, I also forwarded this to Dahua's management to review.

(1)
RS
Robert Shih
Jul 26, 2018
Independent

Well, units that were previously hacked sometimes retain the "hacked" channel name if the unit isn't properly defaulted after the hack and a firmware update. Otherwise, I haven't gotten my usual groundswell of "oh ****" that usually hits the fan. Currently, surprisingly to say, there have not been any new hacks that have been brought to my attention in the last few... actually coming up on a year now! Can we get one of those cards that say, "No new hacks for X days!"? lol

(1)
(3)
Avatar
David Delepine
Jul 26, 2018
Brivo • IPVMU Certified
In reply to Robert Shih

Rofl Robert! If you guys do make one of those cards I will order a few from you. Have all the techs keep one in their truck as a reminder of what we strive for.

Avatar
David Delepine
Jul 28, 2018
Brivo • IPVMU Certified

UPDATE:

I have to say, never have I seen Dahua move so fast. Within minutes of John sending the email yesterday, had a sales engineer call me and dive right into troubleshooting and fact finding about our incidents. Literally got word around the globe, and back, in less time than it takes me to drive to the office.

Then today, when I met with my RSM we were joined by the Sales Engineer who had called yesterday. Glad to see how seriously Dahua is taking this. So far seems like this might just be a series of unfortunate events, but will keep everyone posted on what we find.

Wow, gotta say John, you really know how to get things handled. I have another issue I have been waiting on Dahua corp for months to take care of, maybe you could send another email in regards to the terrible voice on their intercoms ;) (only slightly kidding).

Also another selling point for an IPVM subscription, as if you needed more!

(4)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions