Dahua Critical Cloud Vulnerabilities

By John Scanlan, Published May 12, 2020, 12:14pm EDT

Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt found a separate vulnerability.

IPVM Image

Dahua has had numerous vulnerabilities over the past few years including the 2019 critical vulnerabilities that Vogt's team found and the 2017 backdoor that Bashis found. The company is moreover banned for US federal use (NDAA) based on cybersecurity risks.

Inside this report:

  • A summary of the vulnerabilities
  • The vulnerabilities explained
  • A statement from Dahua
  • OEMs Impacted
  • Response from bashis
  • Analysis from Refirm Labs
  • Continued cybersecurity issues
  • IPVM recommendations

Long **** *************** *** *****

***** *** ****** **** confirmed **** ***** *** now (*********) ***** ***** issues, *******, **** ******* for * **** ****, indeed****** ***** ****** * warning ** **** ** IPVM ** ********:

IPVM Image

********, ****** *** **** to **** **** **** still ******* **** *** cloud ****:

****, **’* *** ** easy ** **** ****** cloud **** ** *** devices ****** *** *****, so **** **** **** for **** **** ***** ** *** ***** working ***.

****** **** ********* ***** potential *****:

******* ** **** ******* will ** ********* *** registered ** *** ***** by *** *******, **** if ****** *** ********** them ** ***** *** account.

**, **** ** *******,

*) ***** *** ****** to ******* – **** they ****** ***** **** that ***?

*) ****** **** ***** could **** ********* ** them *** ******** ** their ******* (******** **** I ***** ***** ***** sniffing).

*** ******** ********:

  • ***** *** ** ****, including ********* *** *******, using ***** ***** ******** were **********.
  • ***** ********* *** ***** keys/passwords *** *** **** (including ********* *** *******) then ******** *** **** in ** ********** **** was *********** ** ***.
  • ********* ***** *** ***** cloud **** ** ******* credentials ***** * ******* listening ****** ** ******* monitoring.
  • ***** **** ***/**** ** encrypt ********* / ***** security ********* ******* ** a ****** ******** **** TLS.
  • ***** *** ******* ****** of ******** *** ***** confirmed ***** ******.
  • ********* ***** **** **** access ** ********* *** cloud ****** ** ******* by ******* ** *** Dahua ********.

Dahua ***** ************* *********

****** ****** * ***** of ******* *** *** vulnerabilities. *****'* ***** ******** is **** *** ***** branded ********* ** **** as ** **** *** has ********* ***** **** stored ****** ** ********** that *** *********** ** users *** ********* *** download *** *** ***.

***** *************** ****** ********* to **** **** ****** to *** ********* *********.

*** ***** ************* ****** by *********** ***** ****** via *** ***** ******, which ********* *** ****** the ***** * ********** of *********. ***** *** two ******* *************** ********* this ******* **** ********* methods ** ******* *** data.

*** ***** ************* ** a ****-********** **** ** the ***** ******** **** IMOU ***** ********* ***** keys/password *** ***** ******* details *** ***** *** 22 ****.

Statement **** *****

********** ****** * ******** advisory ************** ** *** ***************, they *** *** ****** our ********* ***** *** they **** ** **** these ******* ***************. **** the *****, **** **** made ******* *******, ********* back ** ****, ***** the ********,******:

“************** **** ******* **** a ***** ****** ** disruption *** ***********, ********** and *********** *****-****,” ********* Ms. ******, **** ** Marketing, ***** *******, ***** Technology ***. “** ********* in *** *********** ** improved ************* *********** *** new ******* ******** **** higher ********** ** *****-*******, Dahua’s ******* **** **** to ****** ******* ***** customers ******* ***** ******* and **** ******* ****** protection *** *** ****** global ********* *********.”

OEM's ********

***** *** ** **** listed ******* ******** **** Panasonic *** *******. **** reached *** ** ********* for *******.

***** ** * ********** from *** *** ******* the ***** **** *** Panasonic, *******, *** ******:

IPVM Image

********* ********* ******* **** they **** ******** ** research **** *** ****** if ***** *** **** to ***** *********.

Refirm **** ********

************* ******* ****** ************ *** *************** *** comments ** **** *********:

*** *** **** ***** is ***** ** *** credentials *** ********* **** either *** ** **** then **** ** *** CLEAR. *** ****** *** Unix-like ******* *** *** password ** *** *** to ******** *** **** so *** ******** ****** be (******) ********. ***** is ***** ********* ***/**** keys ** ******* *** supplied ******** ** *** other ****. **** ** bad *** **** ******* but ********* ** ** attacker ***** *** ********* key *** *** ********* observe *** ******* ******* she ***** ** **** to ********* ******* *** credentials ** *** ****. The ******* ***** **** a ******* ********* ****** to ******* *** ******** but ******* ********** ***** also ****.

**** ** *** ***** that ***** *** ****. Dahua *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

** *** *** **** to *** ***** ***** then *** *** *********** remotely ******* *** ****** connected ** **.

**** ************ ***** **** of ***** ***** ******** best *********. *********** ****** always ** ********* ** an ******** ******** ****** protocol (*.*. ***), ********* keys ****** ***** ** used ** ******* ************** data, *** ** *** do *** ******** **** don't ******* **** *** in * ****** ********** that *** ******* ** the *****.

Another ***** *** **** *************

***** *********** *** *************** above ** ************ ** *** ******* Dahua ************************* ****** ****:

IPVM Image

***** *** ****** ********* ******** ***** **** here, ******:

**** ***** ******** **** Session ** *********** ***************. During ****** **** ******, an ******** *** *** the ********* ******* ** to ********* * **** packet ** ****** *** device.

* ******* ** ****** and ******** ** ********, requiring ******** ** ********* the *************.

Continued ************* ******

***** *** **** *** most ****** ***************. ***** has * **** ******* of ************* *************** ***** led ** **** *********** *** *** **** the ** ********** *** US ********** ****** *********. ***** ****** *************** include *** *** *** limited ** *** **** below:

What ***** ******?

** ****** ****,***** *** ****** ********* that **** ***** ** "pepper-ed", ********* * *************, secure, *** ******** ***** firmware *** ****** ****** cloud ********. *** ******* plan **** **** *** to ***** **** **** which ** *********** ** the ************* ******** ** a ***** ** ******* and *** ************ ** IMOU. **** ********* ***** and ****** *** ** update. ******* ** ***** 9 ****** ***** *** press ******* ***** ** no ******** ** ***** of. ***** *** *** responded ** *** ******* and ****** ********* ****:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

IPVM ***************

** *** *** ***** Dahua ** ***** *** equipment *** ****** ***** to ****** **** ***** access ** ********. ***** enables **** ** *******, so **** ** *** are *** ******** ***** their ***** ******** ********* can ***** **** ****** to **** ********* ****** you ******* **. ** you *** ******** ***** the ***** ******** *** may ******** ****** ** a **** ************ ****** ****** **** VPN.

Poll / ****

Comments (10)

** ******* *** *** issue ******** ** ***** before ****** **********? * don't ********** *** *** cloud ***** ** ******* by ******* !?

**, ****** ****** * months ***** ** *** a **** ** *****. And **** *** ** top ** *** ***** it **** ** *** a ******** **** *****.

** ****... **** ** a **** **** **** from ***** :(

***** *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

**** ** *** **** insane ***** ** **. It's *** ***** ** their ***** **** *** prioritized ***** ****** **** updating *** ******* *** and **** ******* ********** which ** *** *** understandable, *** ********** *** encryption **** ** *** executable *** *** ***** customers *** ***** **** and ***** **** ** acceptable ** ***** ** security.

*****'* ***** ******** ** used *** ***** ******* equipment ** **** ** 22 **** *** *** hardcoded ***** **** ****** within ** ********** **** was *********** ** ***** and ********* *** ******** via *** ***.

** ***** ** *** if **** **** *********** the ********** **** *** keys ********** ** *****, but **'* * *********** that ***** *********** **** been *** ** *** public **** *** ********** keys.

****:** **** ********* ** that **** ** *** OEMs *** *** * requirement **** **** **** to *** * ********** key **** **** **** generated ********** ****** **** one **** *** ******** to ****. *'* ****** that ******* *** *** up *** ****** *** the **** ***** **** realized **** **** *** kind ** *******, ** maybe ***** *** ** the ***** ******** *** them?

* ***** ****** ** you *******, **** ***** simply *** ** *** cloud *** *** ****. Or ***** **** ***'* even *** ** *** it ** ******* ** the ******** *** **** they *********** **.

*** ****** *** *** lack ** ******** ** that ** ** ****. That ** *** *** of ***** ********* ** to ** ***.

*** ******, *** *** their *** ***** **** and ***** **/**** ** their *****. (** *** has **** ******* *****/**** IP/FQDN, * ***** ***'* IP/FQDN ** **** ********** too, *** ****'* **** it ********* ** ****** them ** *** *** description, *** ***** **** where ******)

**** ** ***** ** 3DES ********** ***** *** DVRIP *** *****, *** - **** ***** **** PSK.

****:

**** *** ********* *** are ****** *** ******, so ******** ******** **** the ***** ****** (*******/*******) share **** ***, ****** natural ***** *** **** needs ** ******* *** other **** **** ** decrypt - *** *** thing ** **** ***** credentials *** **** ** remote *** ********** *****/****** for *****/*****, *** *** only ***** ***** **** 3DES.

* *** ** ****** on ******* ***** ******* ********** **** ***** ** well, (******* */* ********** leaks), *** ** ***** you *** *** **** out ** *** ****.

*****'* **** *** **** and ****. ** *** nice ****** ***** ****** cameras **** ****, *** now **** ** *** them ** *** ******** it ** ***** ****** to *** ****. ** one **** *** ***** for *** ***** *****.

**** ** *******, *** please ***** **** *** vendor ********** *** ******** before *** ******. **** a ******* ******** ************ review *** ************** ****** you ** *******.

**** ******** *** ******** reasons. *** *** ***** Hik?

******: **** ****** *** been ******* ** ******* that,despite ** ***** * months ***** *** ***** release, ***** ** ** progress ** ***** ** with ******* ** *** Dahua / ****** ************. Dahua *** *** ********* to *** ******* *** Pepper ********* *******:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

*** **** ****** ****** STRONG ** *** **** above *** ***** ***** guys. **** ***** ***** would **** ****. *** honest ***** **** **** AVERAGE. 🤣

***, *** ******** ***** true.

Read this IPVM report for free.

This article is part of IPVM's 6,728 reports, 907 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports