Subscriber Discussion

One Big Cluster F%#$ And The Worst Part Is, We Saw This Coming

Avatar
Jon Dillabaugh
Mar 14, 2017
Pro Focus LLC

The issue I have is that I don't necessarily know what the part number of the affected units I have are. They were OEM and purchased before Dahua USA opened shop.

You also have Dahua USA with different part numbers than China. Which model number, if I could figure out what I have, do they want?

One big cluster f%#$ and the worst part is, we saw this coming. I just dealt with getting updates for the RTSP issue late last year, and now we are on the witch hunt again trying to track down what should be simple firmware updates.

NOTICE: This comment was moved from an existing discussion: Dahua Backdoor Uncovered

(2)
JH
John Honovich
Mar 14, 2017
IPVM

Two issues:

1. The average Dahua customer does not care about cyber security so not a priority.

2. That is the risk of buying low cost product.

I am certainly not defending Dahua but those are the challenges in dealing with such an organization.

(3)
(1)
Avatar
Jon Dillabaugh
Mar 14, 2017
Pro Focus LLC

I am fully aware of the risks involved and that is a good reason why we have started leaning towards Hikvision for IP based systems.

And just to be clear here, the damage Dahua has inflicted upon themselves isn't that someone found a flaw. That is to be expected these days in IoT devices. I can forgive them for having a flaw.

The real damage is being done now. Being slow to respond fixing the issues. Having many different part numbers for the same product, but they make it hard to find. If it weren't for a great OEM partner, I am unsure that I could even get assistance from Dahua. Robert @ Savvy works his ass off trying his best to correct these huge shortcomings of Dahua, but should they have to? Seems like a lot of work.

(2)
(1)
UM
Undisclosed Manufacturer #2
Mar 15, 2017

I am fully aware of the risks involved and that is a good reason why we have started leaning towards Hikvision for IP based systems.

You really find Hikvision's record to be that much better?

(2)
(2)
(1)
Avatar
Jon Dillabaugh
Mar 15, 2017
Pro Focus LLC

You would have to have blinding hatred to not see a huge difference between Dahua and Hikvision. 

(2)
(1)
JH
John Honovich
Mar 15, 2017
IPVM

#2 may simply not have that much experience with either company.

In my experience, Hikvision is much better organized than Dahua, whether its firmware upgrades, communication, product releases, etc. There are obviously other factors but Jon, as he has regularly explained, is not concerned about them.

(3)
(1)
UM
Undisclosed Manufacturer #2
Mar 16, 2017

I didn't have experience. Thought I'd ask. Thanks.

(1)
UI
Undisclosed Integrator #1
Mar 15, 2017

Dahua had some mass update and discovery tools.  Have you tried them. Savvy might be able to get them, I have used them in the past but don't have them anymore or a way to get them. 

Avatar
Jon Dillabaugh
Mar 15, 2017
Pro Focus LLC

ConfigTool? Yes, of course. 

(2)
Avatar
Campbell Chang
Mar 15, 2017
Avatar
Jon Dillabaugh
Mar 15, 2017
Pro Focus LLC

That doesn't find the matching firmware to the appropriate camera and download it for me. I am very well versed in ConfigTool. 

(1)
Avatar
Campbell Chang
Mar 15, 2017

I was replying to UM1

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions