Dahua Critical Cloud Vulnerabilities

By John Scanlan, Published May 12, 2020, 12:14pm EDT

Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt found a separate vulnerability.

IPVM Image

Dahua has had numerous vulnerabilities over the past few years including the 2019 critical vulnerabilities that Vogt's team found and the 2017 backdoor that Bashis found. The company is moreover banned for US federal use (NDAA) based on cybersecurity risks.

Inside this report:

  • A summary of the vulnerabilities
  • The vulnerabilities explained
  • A statement from Dahua
  • OEMs Impacted
  • Response from bashis
  • Analysis from Refirm Labs
  • Continued cybersecurity issues
  • IPVM recommendations

Long **** *************** *** *****

***** *** ****** **** confirmed **** ***** *** now (*********) ***** ***** issues, *******, **** ******* for * **** ****, indeed****** ***** ****** * warning ** **** ** IPVM ** ********:

IPVM Image

********, ****** *** **** to **** **** **** still ******* **** *** cloud ****:

****, **’* *** ** easy ** **** ****** cloud **** ** *** devices ****** *** *****, so **** **** **** for **** **** ***** ** *** ***** working ***.

****** **** ********* ***** potential *****:

******* ** **** ******* will ** ********* *** registered ** *** ***** by *** *******, **** if ****** *** ********** them ** ***** *** account.

**, **** ** *******,

*) ***** *** ****** to ******* – **** they ****** ***** **** that ***?

*) ****** **** ***** could **** ********* ** them *** ******** ** their ******* (******** **** I ***** ***** ***** sniffing).

*** ******** ********:

  • ***** *** ** ****, including ********* *** *******, using ***** ***** ******** were **********.
  • ***** ********* *** ***** keys/passwords *** *** **** (including ********* *** *******) then ******** *** **** in ** ********** **** was *********** ** ***.
  • ********* ***** *** ***** cloud **** ** ******* credentials ***** * ******* listening ****** ** ******* monitoring.
  • ***** **** ***/**** ** encrypt ********* / ***** security ********* ******* ** a ****** ******** **** TLS.
  • ***** *** ******* ****** of ******** *** ***** confirmed ***** ******.
  • ********* ***** **** **** access ** ********* *** cloud ****** ** ******* by ******* ** *** Dahua ********.

Dahua ***** ************* *********

****** ****** * ***** of ******* *** *** vulnerabilities. *****'* ***** ******** is **** *** ***** branded ********* ** **** as ** **** *** has ********* ***** **** stored ****** ** ********** that *** *********** ** users *** ********* *** download *** *** ***.

***** *************** ****** ********* to **** **** ****** to *** ********* *********.

*** ***** ************* ****** by *********** ***** ****** via *** ***** ******, which ********* *** ****** the ***** * ********** of *********. ***** *** two ******* *************** ********* this ******* **** ********* methods ** ******* *** data.

*** ***** ************* ** a ****-********** **** ** the ***** ******** **** IMOU ***** ********* ***** keys/password *** ***** ******* details *** ***** *** 22 ****.

Statement **** *****

********** ****** * ******** advisory ************** ** *** ***************, they *** *** ****** our ********* ***** *** they **** ** **** these ******* ***************. **** the *****, **** **** made ******* *******, ********* back ** ****, ***** the ********,******:

“************** **** ******* **** a ***** ****** ** disruption *** ***********, ********** and *********** *****-****,” ********* Ms. ******, **** ** Marketing, ***** *******, ***** Technology ***. “** ********* in *** *********** ** improved ************* *********** *** new ******* ******** **** higher ********** ** *****-*******, Dahua’s ******* **** **** to ****** ******* ***** customers ******* ***** ******* and **** ******* ****** protection *** *** ****** global ********* *********.”

OEM's ********

***** *** ** **** listed ******* ******** **** Panasonic *** *******. **** reached *** ** ********* for *******.

***** ** * ********** from *** *** ******* the ***** **** *** Panasonic, *******, *** ******:

IPVM Image

********* ********* ******* **** they **** ******** ** research **** *** ****** if ***** *** **** to ***** *********.

Refirm **** ********

************* ******* ****** ************ *** *************** *** comments ** **** *********:

*** *** **** ***** is ***** ** *** credentials *** ********* **** either *** ** **** then **** ** *** CLEAR. *** ****** *** Unix-like ******* *** *** password ** *** *** to ******** *** **** so *** ******** ****** be (******) ********. ***** is ***** ********* ***/**** keys ** ******* *** supplied ******** ** *** other ****. **** ** bad *** **** ******* but ********* ** ** attacker ***** *** ********* key *** *** ********* observe *** ******* ******* she ***** ** **** to ********* ******* *** credentials ** *** ****. The ******* ***** **** a ******* ********* ****** to ******* *** ******** but ******* ********** ***** also ****.

**** ** *** ***** that ***** *** ****. Dahua *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

** *** *** **** to *** ***** ***** then *** *** *********** remotely ******* *** ****** connected ** **.

**** ************ ***** **** of ***** ***** ******** best *********. *********** ****** always ** ********* ** an ******** ******** ****** protocol (*.*. ***), ********* keys ****** ***** ** used ** ******* ************** data, *** ** *** do *** ******** **** don't ******* **** *** in * ****** ********** that *** ******* ** the *****.

Another ***** *** **** *************

***** *********** *** *************** above ** ************ ** *** ******* Dahua ************************* ****** ****:

IPVM Image

***** *** ****** ********* ******** ***** **** here, ******:

**** ***** ******** **** Session ** *********** ***************. During ****** **** ******, an ******** *** *** the ********* ******* ** to ********* * **** packet ** ****** *** device.

* ******* ** ****** and ******** ** ********, requiring ******** ** ********* the *************.

Continued ************* ******

***** *** **** *** most ****** ***************. ***** has * **** ******* of ************* *************** ***** led ** **** *********** *** *** **** the ** ********** *** US ********** ****** *********. ***** ****** *************** include *** *** *** limited ** *** **** below:

What ***** ******?

** ****** ****,***** *** ****** ********* that **** ***** ** "pepper-ed", ********* * *************, secure, *** ******** ***** firmware *** ****** ****** cloud ********. *** ******* plan **** **** *** to ***** **** **** which ** *********** ** the ************* ******** ** a ***** ** ******* and *** ************ ** IMOU. **** ********* ***** and ****** *** ** update. ******* ** ***** 9 ****** ***** *** press ******* ***** ** no ******** ** ***** of. ***** *** *** responded ** *** ******* and ****** ********* ****:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

IPVM ***************

** *** *** ***** Dahua ** ***** *** equipment *** ****** ***** to ****** **** ***** access ** ********. ***** enables **** ** *******, so **** ** *** are *** ******** ***** their ***** ******** ********* can ***** **** ****** to **** ********* ****** you ******* **. ** you *** ******** ***** the ***** ******** *** may ******** ****** ** a **** ************ ****** ****** **** VPN.

Poll / ****

Comments (10)

** ******* *** *** issue ******** ** ***** before ****** **********? * don't ********** *** *** cloud ***** ** ******* by ******* !?

Agree
Disagree
Informative
Unhelpful
Funny

**, ****** ****** * months ***** ** *** a **** ** *****. And **** *** ** top ** *** ***** it **** ** *** a ******** **** *****.

Agree
Disagree
Informative: 2
Unhelpful
Funny

** ****... **** ** a **** **** **** from ***** :(

Agree
Disagree
Informative
Unhelpful
Funny

***** *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

**** ** *** **** insane ***** ** **. It's *** ***** ** their ***** **** *** prioritized ***** ****** **** updating *** ******* *** and **** ******* ********** which ** *** *** understandable, *** ********** *** encryption **** ** *** executable *** *** ***** customers *** ***** **** and ***** **** ** acceptable ** ***** ** security.

*****'* ***** ******** ** used *** ***** ******* equipment ** **** ** 22 **** *** *** hardcoded ***** **** ****** within ** ********** **** was *********** ** ***** and ********* *** ******** via *** ***.

** ***** ** *** if **** **** *********** the ********** **** *** keys ********** ** *****, but **'* * *********** that ***** *********** **** been *** ** *** public **** *** ********** keys.

****:** **** ********* ** that **** ** *** OEMs *** *** * requirement **** **** **** to *** * ********** key **** **** **** generated ********** ****** **** one **** *** ******** to ****. *'* ****** that ******* *** *** up *** ****** *** the **** ***** **** realized **** **** *** kind ** *******, ** maybe ***** *** ** the ***** ******** *** them?

Agree
Disagree
Informative
Unhelpful
Funny

* ***** ****** ** you *******, **** ***** simply *** ** *** cloud *** *** ****. Or ***** **** ***'* even *** ** *** it ** ******* ** the ******** *** **** they *********** **.

*** ****** *** *** lack ** ******** ** that ** ** ****. That ** *** *** of ***** ********* ** to ** ***.

Agree: 1
Disagree
Informative
Unhelpful
Funny

*** ******, *** *** their *** ***** **** and ***** **/**** ** their *****. (** *** has **** ******* *****/**** IP/FQDN, * ***** ***'* IP/FQDN ** **** ********** too, *** ****'* **** it ********* ** ****** them ** *** *** description, *** ***** **** where ******)

**** ** ***** ** 3DES ********** ***** *** DVRIP *** *****, *** - **** ***** **** PSK.

****:

**** *** ********* *** are ****** *** ******, so ******** ******** **** the ***** ****** (*******/*******) share **** ***, ****** natural ***** *** **** needs ** ******* *** other **** **** ** decrypt - *** *** thing ** **** ***** credentials *** **** ** remote *** ********** *****/****** for *****/*****, *** *** only ***** ***** **** 3DES.

* *** ** ****** on ******* ***** ******* ********** **** ***** ** well, (******* */* ********** leaks), *** ** ***** you *** *** **** out ** *** ****.

Agree
Disagree
Informative: 2
Unhelpful
Funny

*****'* **** *** **** and ****. ** *** nice ****** ***** ****** cameras **** ****, *** now **** ** *** them ** *** ******** it ** ***** ****** to *** ****. ** one **** *** ***** for *** ***** *****.

**** ** *******, *** please ***** **** *** vendor ********** *** ******** before *** ******. **** a ******* ******** ************ review *** ************** ****** you ** *******.

**** ******** *** ******** reasons. *** *** ***** Hik?

Agree
Disagree
Informative
Unhelpful
Funny

******: **** ****** *** been ******* ** ******* that,despite ** ***** * months ***** *** ***** release, ***** ** ** progress ** ***** ** with ******* ** *** Dahua / ****** ************. Dahua *** *** ********* to *** ******* *** Pepper ********* *******:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

Agree
Disagree
Informative
Unhelpful
Funny

*** **** ****** ****** STRONG ** *** **** above *** ***** ***** guys. **** ***** ***** would **** ****. *** honest ***** **** **** AVERAGE. 🤣

Agree
Disagree
Informative
Unhelpful
Funny

***, *** ******** ***** true.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,205 reports and 959 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports