Dahua Critical Cloud Vulnerabilities

By: John Scanlan, Published on May 12, 2020

Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt found a separate vulnerability.

IPVM Image

Dahua has had numerous vulnerabilities over the past few years including the 2019 critical vulnerabilities that Vogt's team found and the 2017 backdoor that Bashis found. The company is moreover banned for US federal use (NDAA) based on cybersecurity risks.

Inside this report:

  • A summary of the vulnerabilities
  • The vulnerabilities explained
  • A statement from Dahua
  • OEMs Impacted
  • Response from bashis
  • Analysis from Refirm Labs
  • Continued cybersecurity issues
  • IPVM recommendations

***** *** ************ * series ** ***** *************** that ********** ****** **********. Additionally, *** **********, ********** Thomas **** ***** * separate *************.

IPVM Image

***** *** *** ******** vulnerabilities **** *** **** few ***** ************ **** ******** *************** that ****'* **** *********** **** ******** **** Bashis *****. *** ******* ** moreover****** *** ** ******* use (****)***** ** ************* *****.

****** **** ******:

  • * ******* ** *** vulnerabilities
  • *** *************** *********
  • * ********* **** *****
  • **** ********
  • ******** **** ******
  • ******** **** ****** ****
  • ********* ************* ******
  • **** ***************

[***************]

Long **** *************** *** *****

***** *** ****** **** confirmed **** ***** *** now (*********) ***** ***** issues, *******, **** ******* for * **** ****, indeed****** ***** ****** * warning ** **** ** IPVM ** ********:

IPVM Image

********, ****** *** **** to **** **** **** still ******* **** *** cloud ****:

****, **’* *** ** easy ** **** ****** cloud **** ** *** devices ****** *** *****, so **** **** **** for **** **** ***** ** *** ***** working ***.

****** **** ********* ***** potential *****:

******* ** **** ******* will ** ********* *** registered ** *** ***** by *** *******, **** if ****** *** ********** them ** ***** *** account.

**, **** ** *******,

*) ***** *** ****** to ******* – **** they ****** ***** **** that ***?

*) ****** **** ***** could **** ********* ** them *** ******** ** their ******* (******** **** I ***** ***** ***** sniffing).

*** ******** ********:

  • ***** *** ** ****, including ********* *** *******, using ***** ***** ******** were **********.
  • ***** ********* *** ***** keys/passwords *** *** **** (including ********* *** *******) then ******** *** **** in ** ********** **** was *********** ** ***.
  • ********* ***** *** ***** cloud **** ** ******* credentials ***** * ******* listening ****** ** ******* monitoring.
  • ***** **** ***/**** ** encrypt ********* / ***** security ********* ******* ** a ****** ******** **** TLS.
  • ***** *** ******* ****** of ******** *** ***** confirmed ***** ******.
  • ********* ***** **** **** access ** ********* *** cloud ****** ** ******* by ******* ** *** Dahua ********.

Dahua ***** ************* *********

****** ****** * ***** of ******* *** *** vulnerabilities. *****'* ***** ******** is **** *** ***** branded ********* ** **** as ** **** *** has ********* ***** **** stored ****** ** ********** that *** *********** ** users *** ********* *** download *** *** ***.

***** *************** ****** ********* to **** **** ****** to *** ********* *********.

*** ***** ************* ****** by *********** ***** ****** via *** ***** ******, which ********* *** ****** the ***** * ********** of *********. ***** *** two ******* *************** ********* this ******* **** ********* methods ** ******* *** data.

*** ***** ************* ** a ****-********** **** ** the ***** ******** **** IMOU ***** ********* ***** keys/password *** ***** ******* details *** ***** *** 22 ****.

Statement **** *****

********** ****** * ******** advisory ************** ** *** ***************, they *** *** ****** our ********* ***** *** they **** ** **** these ******* ***************. **** the *****, **** **** made ******* *******, ********* back ** ****, ***** the ********,******:

“************** **** ******* **** a ***** ****** ** disruption *** ***********, ********** and *********** *****-****,” ********* Ms. ******, **** ** Marketing, ***** *******, ***** Technology ***. “** ********* in *** *********** ** improved ************* *********** *** new ******* ******** **** higher ********** ** *****-*******, Dahua’s ******* **** **** to ****** ******* ***** customers ******* ***** ******* and **** ******* ****** protection *** *** ****** global ********* *********.”

OEM's ********

***** *** ** **** listed ******* ******** **** Panasonic *** *******. **** reached *** ** ********* for *******.

***** ** * ********** from *** *** ******* the ***** **** *** Panasonic, *******, *** ******:

IPVM Image

********* ********* ******* **** they **** ******** ** research **** *** ****** if ***** *** **** to ***** *********.

Refirm **** ********

************* ******* ****** ************ *** *************** *** comments ** **** *********:

*** *** **** ***** is ***** ** *** credentials *** ********* **** either *** ** **** then **** ** *** CLEAR. *** ****** *** Unix-like ******* *** *** password ** *** *** to ******** *** **** so *** ******** ****** be (******) ********. ***** is ***** ********* ***/**** keys ** ******* *** supplied ******** ** *** other ****. **** ** bad *** **** ******* but ********* ** ** attacker ***** *** ********* key *** *** ********* observe *** ******* ******* she ***** ** **** to ********* ******* *** credentials ** *** ****. The ******* ***** **** a ******* ********* ****** to ******* *** ******** but ******* ********** ***** also ****.

**** ** *** ***** that ***** *** ****. Dahua *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

** *** *** **** to *** ***** ***** then *** *** *********** remotely ******* *** ****** connected ** **.

**** ************ ***** **** of ***** ***** ******** best *********. *********** ****** always ** ********* ** an ******** ******** ****** protocol (*.*. ***), ********* keys ****** ***** ** used ** ******* ************** data, *** ** *** do *** ******** **** don't ******* **** *** in * ****** ********** that *** ******* ** the *****.

Another ***** *** **** *************

***** *********** *** *************** above ** ************ ** *** ******* Dahua ************************* ****** ****:

IPVM Image

***** *** ****** ********* ******** ***** **** here, ******:

**** ***** ******** **** Session ** *********** ***************. During ****** **** ******, an ******** *** *** the ********* ******* ** to ********* * **** packet ** ****** *** device.

* ******* ** ****** and ******** ** ********, requiring ******** ** ********* the *************.

Continued ************* ******

***** *** **** *** most ****** ***************. ***** has * **** ******* of ************* *************** ***** led ** **** *********** *** *** **** the ** ********** *** US ********** ****** *********. ***** ****** *************** include *** *** *** limited ** *** **** below:

What ***** ******?

** ****** ****,***** *** ****** ********* that **** ***** ** "pepper-ed", ********* * *************, secure, *** ******** ***** firmware *** ****** ****** cloud ********. *** ******* plan **** **** *** to ***** **** **** which ** *********** ** the ************* ******** ** a ***** ** ******* and *** ************ ** IMOU. **** ********* ***** and ****** *** ** update. ******* ** ***** 9 ****** ***** *** press ******* ***** ** no ******** ** ***** of. ***** *** *** responded ** *** ******* and ****** ********* ****:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

IPVM ***************

** *** *** ***** Dahua ** ***** *** equipment *** ****** ***** to ****** **** ***** access ** ********. ***** enables **** ** *******, so **** ** *** are *** ******** ***** their ***** ******** ********* can ***** **** ****** to **** ********* ****** you ******* **. ** you *** ******** ***** the ***** ******** *** may ******** ****** ** a **** ************ ****** ****** **** VPN.

Poll / ****

Comments (10)

** ******* *** *** issue ******** ** ***** before ****** **********? * don't ********** *** *** cloud ***** ** ******* by ******* !?

**, ****** ****** * months ***** ** *** a **** ** *****. And **** *** ** top ** *** ***** it **** ** *** a ******** **** *****.

** ****... **** ** a **** **** **** from ***** :(

***** *** ********** *** of ***** ***** **** "cloud" ***/**** **** ** their ********** **** *** being ***********. **** ********. At ***** *** *** OEMs ****** ***** *** password *** ****** ** themselves? * ****** ***** of * ********* ****** to ** ****.

**** ** *** **** insane ***** ** **. It's *** ***** ** their ***** **** *** prioritized ***** ****** **** updating *** ******* *** and **** ******* ********** which ** *** *** understandable, *** ********** *** encryption **** ** *** executable *** *** ***** customers *** ***** **** and ***** **** ** acceptable ** ***** ** security.

*****'* ***** ******** ** used *** ***** ******* equipment ** **** ** 22 **** *** *** hardcoded ***** **** ****** within ** ********** **** was *********** ** ***** and ********* *** ******** via *** ***.

** ***** ** *** if **** **** *********** the ********** **** *** keys ********** ** *****, but **'* * *********** that ***** *********** **** been *** ** *** public **** *** ********** keys.

****:** **** ********* ** that **** ** *** OEMs *** *** * requirement **** **** **** to *** * ********** key **** **** **** generated ********** ****** **** one **** *** ******** to ****. *'* ****** that ******* *** *** up *** ****** *** the **** ***** **** realized **** **** *** kind ** *******, ** maybe ***** *** ** the ***** ******** *** them?

* ***** ****** ** you *******, **** ***** simply *** ** *** cloud *** *** ****. Or ***** **** ***'* even *** ** *** it ** ******* ** the ******** *** **** they *********** **.

*** ****** *** *** lack ** ******** ** that ** ** ****. That ** *** *** of ***** ********* ** to ** ***.

*** ******, *** *** their *** ***** **** and ***** **/**** ** their *****. (** *** has **** ******* *****/**** IP/FQDN, * ***** ***'* IP/FQDN ** **** ********** too, *** ****'* **** it ********* ** ****** them ** *** *** description, *** ***** **** where ******)

**** ** ***** ** 3DES ********** ***** *** DVRIP *** *****, *** - **** ***** **** PSK.

****:

**** *** ********* *** are ****** *** ******, so ******** ******** **** the ***** ****** (*******/*******) share **** ***, ****** natural ***** *** **** needs ** ******* *** other **** **** ** decrypt - *** *** thing ** **** ***** credentials *** **** ** remote *** ********** *****/****** for *****/*****, *** *** only ***** ***** **** 3DES.

* *** ** ****** on ******* ***** ******* ********** **** ***** ** well, (******* */* ********** leaks), *** ** ***** you *** *** **** out ** *** ****.

*****'* **** *** **** and ****. ** *** nice ****** ***** ****** cameras **** ****, *** now **** ** *** them ** *** ******** it ** ***** ****** to *** ****. ** one **** *** ***** for *** ***** *****.

**** ** *******, *** please ***** **** *** vendor ********** *** ******** before *** ******. **** a ******* ******** ************ review *** ************** ****** you ** *******.

**** ******** *** ******** reasons. *** *** ***** Hik?

******: **** ****** *** been ******* ** ******* that,despite ** ***** * months ***** *** ***** release, ***** ** ** progress ** ***** ** with ******* ** *** Dahua / ****** ************. Dahua *** *** ********* to *** ******* *** Pepper ********* *******:

***** ******** **********, ** do *** **** ******* on *** **** ******* to ***** ** **** time.

*** **** ****** ****** STRONG ** *** **** above *** ***** ***** guys. **** ***** ***** would **** ****. *** honest ***** **** **** AVERAGE. 🤣

***, *** ******** ***** true.

Login to read this IPVM report.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
Verkada Falsely Claims "First Native Cloud-based Access Control and Video Security Solution" on Jun 18, 2020
Verkada's false claims continue, this time to be the first native cloud-based...
White House Proposes Blacklist of Dahua, Hikvision Users on Feb 04, 2020
The White House is proposing to blacklist Hikvision and Dahua users from...
Dahua Buenos Aires Bus Screening Violates IEC Standards and Dahua's Own Instructions on Jun 30, 2020
Dahua has promoted Buenos Aires bus deployments as "solutions that facilitate...
The Insecure Verkada Access Control System on Jun 25, 2020
While Verkada touts the security of its system and that how their new door...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI,...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an...
Anyvision Layoffs on Mar 19, 2020
Anyvision has conducted a layoff, citing the impact of coronavirus, joining a...
China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop,...
Genetec Security Center 5.9 Release Examined on Feb 06, 2020
Genetec released the next major version of Security Center, less than a year...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...

Recent Reports

Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
"Grand Slam" For Pelco's PE Firm, A Risk For Motorola on Aug 07, 2020
The word "Pelco" and "grand slam" have not been said together for many years....
FLIR Stock Falls, Admits 'Decelerating' Demand For Temperature Screening on Aug 07, 2020
Is the boom going to bust for temperature screening? FLIR disappointed...
VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
ADT Slides Back, Disappointing Results, Poor Commercial Performance on Aug 06, 2020
While ADT had an incredible start to the week, driven by the Google...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...