Dahua ESM: "No One Can Prove" Our Backdoor Is Intentional

The Tyco specifier backdoor defense has been joined, this time by a Dahua enterprise sales manager:

A few counters:

  • The Dahua 8888888 account is definitely intentional. Whether Dahua intentionally allowed remote access to that or was just incompetent, only Dahua knows. But putting in that 88888888 account was intentional and was dangerous.
  • The Hikvision ?auth=YWRtaW46MTEK magic string was hidden to the public but someone intentionally programmed that in.
  • Dahua's response to their devices ongoing hacks has been terrible. If I was a Dahua sales person, I would quit I would not want to draw attention to this.
  • These 'unintentional' mistakes are so basic that even if you believe they are unintentional, it raises very significant concerns about the competency of these organizations.

Instead of these excuses, prove that your companies can do better. Can you?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

***** ****** ****** *** these ***** ** ********* by ******* **** *********** educated ** ******* **** as **** ****** ****** themselves *** ***** ******* look ******* (** *****). "we *** ****** ** calling *** ******* **** a ******** ** ****" - **** ** *** realize **** * ******** is * ****** ** intrusion *** *** ** act ** ******?

***** '*************' ******** *** so ***** **** **** if *** ******* **** are *************, ** ****** very *********** ******** ***** the ********** ** ***** organizations.

***** **********.

***-********* ***********.

**** ***. ** ***** one.

*******...*** ***??

**** *********** **********.

* *** ******* ** ******* ****** **** ** ****** ***** days. *****.

** ******

****** *******

# -[ **** *********** ]-
#
# *) ************ ****** access ** ******* **** structures, *** **** **** some ** ****** *** .js ** **** '************' and '***********'
# *) ****** *** indirect **-***** ** ****** possible, ******* **** *** hash '******** ************' ** Generation *
# *) ********* ***** for ********** ***** ** simply ******* **** ****** device *** *******, ** need ** ***** *** bruteforce ********
# *) ********** **** range ** ******** *** firmware ******** **** ***** same ******** ****** ******, to ** '**** ** vulnerability'
# - **** ************* over * **** ***** products *** ******** ******** have ****** **** ********** anomalies, ***** ** ********

*** ** ******* *** and *** * ****** and ***** *** ********* this ** ** *********** backdoor, *** ** ********* style.

**** * ***** *** how ** ******** *** clear **** **** ******** with ***** *** ****** passwords, * *** ******* convinced ** *** ****** a ***.

**** * **** *** looking ** *** ******** hashes ** **** * noticed *** **** ***** 48bit ******, ********** *** .js ******* *'** **** thru *******, ** ** was *** *******.

**** * ******* *** same **** ** **** I *** ** *** another **** ** ****, back ** .** ** that ****** *** ***** the *** *********.

*** ******** "*** * use ***** ****** ** login?", ******* ** ** some ***** *** **** coding *** *** ******, and ** ****... ****, worked **** **** ***

* *** ** ******** was ****** ** ****** out *** *** ****** MD5 *** *******, **** Burp ***** ** *** how ** ****** **** for ** ********** *****.

*** ****** ***** ** Python ** *** ***, with **** *** ** I ***** ******** **** result, ******** **** ***'* be **** ****, *** when * *** - I ******* *** **** - **** ********** ** the ******, * ***** not ******* **** *'** just ********...

***** ** **** ** two * ***** ** put **** ******** ** my ***** *** **** code, **** *** ******** and ********** **** *** back ** *** ******, worked ******.

******, *** ***** **** is: ***** *** ***** a ***** ****** *** your ********* ******* (******/*******/**/********) that ****** **;

*. ******** *** ***** text **** ********

*. ******* ******** *** hashes

*. *** *** ******* needed ** **** *** encryption ****, ****** *** and *** ****** ***** from ****** ******

*. ****** ***** **** passing **** *** ***** hash, ** ******* *** random *** ****

*. **** ***** ****** granted, *** ****** ***'* even **** ** **** a ******.

*'* *** **** *** who ******** *********** ********? Or ***** ***** ****** do ****** ******?

** *** *** **, I ** ******* ******* complete *** ***** **** of *************** ** *** cause, ******* ** *** intentional ********. ***** *** a **** ***** ****** of ******, **********, ****** products. **** ****, **** not ****** * ***** Royce **** *** *** Dahua. ***’** ****** * Jiangnan.

***, ****'* ***** **** intentional ********, ** **** means **** ****** ** proper ******.

*'** **** *** ****...

***, ****'* ***** **** intentional ********, ** **** means **** ****** ** proper ******.

**** ** * ********* person **** ******** :)

*** ** *** ******* are

  1. ***'* ** ******* ** do ****** ******
  2. ***'* ** ******* ******

#* *** ** ********, but **** *** *** do **** #*?

***, ****** ***** ** **** **** ** *** ********: "*** they **** ** **** ********** ***********?" *** ***** ** *****?

*********** ** ********* *** worse, ** *** ***'* even **** **** ******* code ** *********** ************ way **. *** ********.

********* ****** +* (*****)

******, *** ********** ********** the *** ** *** hack ** *********.

*******, ** * *** ask, **** *** **** been ** ******, *** to ***, ** *** trenches, ******* *** ****, programmer?

*******, ** * *** ask, **** *** **** been ** ******, *** to ***, ** *** trenches, ******* *** ****, programmer?

** ***** *** **** and ***** *** *****'*, but ** *** *****'* consider ****:

*** **** *** **** a ****** ** ******* that **** *** ******** in * **** *** blow **** **** *** engineer(s) *** ***** *** software ***** *************. ***** piece ** **** ** viewed ** *** ****** as ** *** ******** was ******* ** ************ to ****** *** ******.

*** ******'* *** ****** see **** **** * lens? ***** ***, *** day ******** ** ******* but ******* *** *************** in ********** ****.***'* ******** ********* ***** their *** ******** ** nothing *** *** ** outwit *** ******?

************* **, **** **** other ******** ** ****. For ******** **** **** have **:

  1. ***** **** **** **** something ** *****
  2. ***** **** **** ** modular *** **********
  3. ***** **** **** ** extendable *** ************
  4. ***** **** **** ******** adaquately **** **** ******* resources.

* ******* ******* **** can ** ****** ** a *********. *** * non-working ******* **** ***'* be ****** ** *******.

*********** ****** ********* *** other *********** ** ******* of ******* **********, *** necessarily **** ********* ******.

***, **** **** ** do *** ****** ** security; ******* *** **** haven't **** ******** ** yet. ******* ******* *** incentive.

***** *** *** ****** Days ** ****** ******* for ****. ***** **** while **** ****!

***, * **** **** in **** ******, *** I **** *** ***** to "*******".

***'* **** ****** ** there, *** *** ** another, *** ***** *** R&D **** *** *** production, *** **** ** the ********* *** ***** problem ***** (*** **** not) *** ** *** issue.

******* ******** ***** *** "Golden ****", **** - I ***** **** **, but *** **** ** would **** ****** *** everybody ******* ****.

****** *** *** ********.

******* ******** ***** *** "Golden ****", **** - I ***** **** **, but *** **** ** would **** ****** *** everybody ******* ****.

****'* * **** *** somber *********.

***, ***** ***'** ***** frank, **** **, **** you *** ******* *** a ************* *** **** Voila! * **** *** appears, *** *** *** happy ** **** **?

******* *** *** ******* vulnerabilities ** *** *****, and **** **** ****** the ********* ** *** find *** ********* "******", but ******* *&* ****/********/...******** you **** ** **** it, ** * ** not ***** ** *** to **** ** - I ***** **** ** much ****** ******* **.

************, ** *** ********* find, *** ****** ** be ********, *** *** I ******** ** *** way * *** ** well ********** **** *****.

# -[ ** **** Disclosure ****** ]-
#
# ****** **************: * collect ****** *********** ***** my ******** *** ****** to ****** *** ****** to **** *********** **********
# *********: **/**** **** are ********, *** ******* wants ** ****/**** **** (of ******), **** ***** you *******? ****** *** vendor ** **** **********?
# ***** ** *****: Screenshots ** **** ******* video ***** *** ***** anything, ** *** ***** couldn't ** ****** ******* real **** **** *****
# - ************* ****** the **** ******** ****** to ****, *** *** only ***** * **** were **** ** ****, was ** ****, *** therefore *** ***** **** was **** *****.

*************** ** ******* **** are ******** ** **** things **** *** **** worthy ** ******* ********, and * ******* **** efforts, ******. ** *** certainly ** * ******** to **** **** ********* and ******* ** **** of *** *** ********* risks ** ***** ******* while *** ****** ****** else ** **** ***** them. *********** **** ****** care *** **** ** them *** ****.

******** **'* *** *** hassle ** **** **** companies, * ***** **** several ***** *** ******** doing * **** **** job **** ** ***** this **** ** ********* of ******** ***************.

********* ** ** * very *** ******, **** offering "******* **** ***", some ** ***** *********, some ******* *** ******** until **** ****** ** beyond ******* **** ***** of **** **********, ** some ******* *** ******** at ***.

* ******* **** *** something ** ** **** their ********** **** ** comes ** **** **** of ********, **** ** mature *** ** *** some *** ***.

**** **** ********** ****** up.

********* ** ** * very *** ******, **** offering "******* **** ***"...

* **** *** *** unmotivated ** **** *******, but *** **** *********** "rewards **** ***" ** what **** *** ********** in, ******** *** "*******" are **********, ** * right?

**** **** ********** ****** up.

*********** ** ****-***? *** vendor?

* *** * ***** of ******* ********** ****** the **** *****. ****** our ****, **** ***** ask ** ***** ********* on *** ** ** basic *****. ***** * while * *** **** of ********* *********, **** I **** "******, ****** your ******** *** ***** the ***** ****! ****!"... then * ******** **** he *** ** ****** to ******... **** *** enlightening *** ** ** understand *** **** ** so **** ****** ********.

***** **** **** **** no ****/***** ****** ** up ** **** ************. While *** **** ** the ***** *** ****** ask ****** ** **** some ***** ** *** art ****** *********, *****, discussions ** **** ****** projects, ***** ******* **** are *** *** **** of ***********, ******* *** information ** *** ******* by ******* ****** *******.

************ **** ******* ********** I ******* ** ****, do *** **** ******** language. **** **** ** translations... ** ** ** information *** *** **********, then ** **** *** exist.

***** ***** ***** * believe ** ********** *** these ****** ****** ******. So ** **** ** short: **** ***'* **** it ******, ***** ****** are ***** **** ***** behind *** ***** ** the ***.

**'* ***** *********** ** you *** **** ** encrypt * ******* *********** and **** **** ******* come ** **** ******... /facepalm

****** **** ******** *** click *** ***** ****!

***, *** *** **** a **** ** ***** the "*'* ******* *****" button :)

****, ****** *** *** hint, *** * *** the ******* *** ** my ******** ** **% of ** ********, **** I **** *** ********** click :)

******* *** ****** ** time **** *** ********* developers ***** **** **** way... * ***** **** up ** **** ****!

**** ** *****:

* **** **** ***** VPN *********** ** ****** governmental ************ ** ***** common ** *****, *** the ********** * ******* to **** **** *** it ** ******* **********, not *** ***** ********* work. ***** **** *** supervisor *** * *** account, ** *** **** have ** *** *** if **** *** *** it... **** ** * big *******.

**** *** ******'* ***** written *** **** **.

***** ********* ** ****** that ***** ** ********** explained ** *********.

**** **** ***** *** *********** *** **** *** ****** ** Tyco ***, *** ***** ** ****.

* *** *********** **** ** ** ****** ** **** ******'* razor, ***** ******, "***** ********* ** ****** **** ***** ** adequately ********* ** *********."