The Tyco specifier backdoor defense has been joined, this time by a Dahua enterprise sales manager:
A few counters:
- The Dahua 8888888 account is definitely intentional. Whether Dahua intentionally allowed remote access to that or was just incompetent, only Dahua knows. But putting in that 88888888 account was intentional and was dangerous.
- The Hikvision ?auth=YWRtaW46MTEK magic string was hidden to the public but someone intentionally programmed that in.
- Dahua's response to their devices ongoing hacks has been terrible. If I was a Dahua sales person, I would quit I would not want to draw attention to this.
- These 'unintentional' mistakes are so basic that even if you believe they are unintentional, it raises very significant concerns about the competency of these organizations.
Instead of these excuses, prove that your companies can do better. Can you?