Subscriber Discussion

The Latest Dahua Debacle

UD
Undisclosed Distributor #1
Jul 16, 2018

Just found this from BleepingComputer.com also linked to by Slashdot.  These are very large tech sites getting familiar with the name "Dahua", be prepared.

JH
Jay Hobdy
Jul 16, 2018
IPVMU Certified

Not sure this is really a new debacle as it is the same problem, just discovered more easily. I suspect those running the old firmware at this point just don't care.

(1)
UI
Undisclosed Integrator #2
Jul 16, 2018

Not much to say on this. The author is just reiterating the point that CVE-2013-6117 is still a critical issue that has yet been resolved. If your device is on sites like ZoomEye/Shodan with default credentials (or even complex passwords with old firmware) and has yet to be owned you should go buy some lotto tickets.

UD
Undisclosed Distributor #1
Jul 16, 2018

I do realize that they are reiterating older problems, but what I find interesting is that the Dahua name is now being recognized more and more as problem devices on some of the more "techy-oriented" websites.  This could lead to more notice by people who you really don't want to draw the interest of.

 

UI
Undisclosed Integrator #2
Jul 16, 2018

Most CCTV manufactures are classified as known security risks on enterprise level networks. The fact that HikVision/Dahua get classified as a level 10 risk while Axis/Bosch get classified as a level 9 risk is of little consequence from what I have seen. Most of the IT People I know tend to Buy American because that is what the CIO has instructed they have to purchase. 

The network administrators I know see CCTV as a necessary evil on their network and tolerate exactly as much as they have to.  They see CCTV as little more than IoT Pieces of S*** which have the purpose of adding physical security and most of them would remove all CCTV from their network in a heartbeat if they could get away with it. 

(2)
U
Undisclosed #3
Jul 16, 2018

The IoT NOC is making a comeback!

https://www.extrahop.com/platform/security/

 

UI
Undisclosed Integrator #4
Jul 16, 2018

Hey, did you see the latest bug report on PC DOS 6.1?

(1)
(3)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions