Dahua Won't Say, But Anyone With Telnet Enabled Is At Risk

Author: Brian Karas, Published on Oct 05, 2016

Dahua has decided not to provide details they have about how hackers are exploiting their products. They explained:

A public statement about what technology is in place and which models have certain security features would serve as a beacon to hackers to attempt to infiltrate older-model Dahua products. We do not wish to put our customers at risk to such hackers.

Instead, Dahua's communication focuses on Dahua models running firmware releases prior to January 2015. Because of Dahua's fractured distribution / OEM model and historically poor firmware upgrade offering, many devices purchased after January 2015 are at risk.

In this note, we examine why telnet is critical to the Dahua hacks and what you should do about it.

***** *** ******* *** ** ******* ******* **** **** ***** how ******* *** ********** ***** ********. **** *********:

* ****** ********* ***** **** ********** ** ** ***** *** which ****** **** ******* ******** ******** ***** ***** ** * beacon ** ******* ** ******* ** ********** *****-***** ***** ********. We ** *** **** ** *** *** ********* ** **** to **** *******.

*******, *****'* ************* ******* ** ***** ****** ******* ******** ******** prior ** ******* ****. ******* ** *****'* ********* ************ / OEM ***** *** ************ **** ******** ******* ********, **** ******* purchased ***** ******* **** *** ** ****.

** **** ****, ** ******* *** ****** ** ******** ** the ***** ***** *** **** *** ****** ** ***** **.

[***************]

Three Core ******

*** **** **************** ** ****** ******* **** ***** *** **** ********* ****** to *** ******* *************.

** ******* ** ***** **** ******:

  • ****** ****** ** *** ******/********. ** ***** **** ******** ***** cameras *** ********* (*** ********** **** ** ***** ****) *** ****** permanently ******* *** ***** ***** *** ****** ****.
  • ******* ********* *** *********.
  • ********** ********* ****** ** *** ****** **** **** ******* ********* **** downloaded ** *********.

**** *** ***** ******** ***** ****** ** *** ******, ** installs *** ******** ********* ****. ***** *** ******* *** ***** two ******, ***** ** ******** *****, *** **** ** ******* over *** ***** ********** *** **** ********* ****** ** ***** devices. ****, ****** ******* ***** *** *******, *** ***** *** users ** ***** ******** ****** ** ******** ***** ********** ***** devices *** ********.

Three Steps ** ******** **** ********

***** *** ***** ******* ****** ***** *** ** ** ****** ***** risk ** ********* ** **** (*** *****) *******:

  • ******* ********
  • ****** ******* *********
  • ****** ****** ** ********

Upgrade ********

**** ** *** **** ******** *********, ******* ****** ****** ***** has ** ****** ** ******* ** *** ******. ** **** *** ***** firmware *** ******* ****** **********, ******* ***** ******** *** ****** ******* *** no ***** *** *** **** ** ******* **.

***** *** ********* ******** ********* ** ***** ******* ****, ***** ** ***** ********* **** **** ** ******* ******* Dahua ********* ** ***** ******. *** **** ** **** *** ***** number, ***** ****** ** ******* ** *** ******, ** ********* in *** *** ** ** **** ****** ** ***** ** find *** ****** ******** ********. *** ********* ********** ***** *** device **** *** * ***** ******, ********* ***** *** "***********" section ** *** *** ** ** *** ******, *** *** also *** *** ******** ***** **** ***** ** ***** ******* that ****** ** ********:

Change ******* *********

*** ***** ******* **** * ****-***** **** ** ********* *** passwords ** *** **** ********* *******. ***** *** ** ***** combinations, ********* ******* *****'* **** "*****/*****" *** "*****/********". ****** ********* are ***********, *** *********** ******** ***** **** * ****** ******* password ****** ******* ********* ** *** ******* *******.

Verify ****** ** ********

****** ****** ** ******** ***** ******** ** ******** ** * newer *******, *** ** ** **** ** ****** ** ** truly ********. *** *** ** ***** ***** ***** *** **** is ***** ****, ** * ******* **** ******, ***** ** **** ** *** ***** *****:

What ** ** ** *** *** *** ******* ********

***** ** ***** *** ********, ** ***** **** *** ****** to **** * ******** ****** *** ***** ****** ***** **** options ** ******* **********. ******** *** ******* ********* **** ******* attackers **** ******* ****** *** *****. ********* ****** (**** **) on ****** ****-********** ***** **** ******* *** ******* **** ********** to *** ****** ** *** ***** *****, ******** ****** **** if *** ********* *** **** ******* ********/******** ******.

Dahua ************* *****

***** *** ****** ******** **** ********* *****, ***** ********* ****** ****** *********** **** ******** *********, ***** strong *********, *** **** ********** ******** *****. ** **** *** specifically ******* ****** ** ********* ****** ******, ****** ** ******* users ** **** ******* ******** ***** ** **** ******* **** indirectly.

 

Comments (9)

*** ***** **** ***** ****** ** ****** ******. ***'* ****** in **** ***** ******* ** *** ******** ** *** ******** or ** **** ******* ********* **** *** *** ******?

****, ** *** ******** *********, ****'* ***** **** **** ***** known ********* *** ********* **** ******'* ** *******?

**** *** ****** ******** ** *** *** ******* **** ******'* be *******, *** **** ***** **** ** **** *******. ***** even ***** ****** *** *****?

** ***** *** ****** **** ** ***** ****** ******** **** a *********** ***** ****, **** ******* ****** *** ** ******** is ********.

*********, *** ****** ** ******** ***** ****** *** ********.

***, ***** ********, *** ***** ******* ***** ** ******** *** Telnet **** *****/*****, **** ** *** ******* *** ***** ******** to ********* ****. *** ******** ** *** ***** ******** **** restricted **** *** ******* ******. *** ***** ******** ***** ******* admin/admin ***********, ********* *****.

** **** ***** ** ***** **** *** **** **** *** here ** ** ****** *** ******** ******** ***** ** ******** through *** *** *** ****** ** ******* **.

** *** *** ***** ***** ***** *** ********, **** **** files **** ******* ****** **** ** ** *** ******. ********* hosts * ****** ** ******** ***** ********** *** ** *** need **** **** ******* ******** *******, ****** **** **** ** contact **. * *** ****** **** ***** *********** **** ***** number *** ******** **** ****** **** ********. **** **...** *** want *** ***** ***** *.* ******** **** * *** **** Dillabaugh...I ***** *** **** ** *** *** ******** ** ** released *** >.>

****'** ******* ** ********** **** *** **** *******. ** *** I ***** **'** **** ******** ************* *** ** ******* *** Smart *.***+!

**********, *'* **** ** ****!

***'* ****** ** **** ***** ******* ** *** ******** ** the ******** ** ** **** ******* ********* **** *** *** itself?

** **** *****, ***, ** ****** ** *******, *** ******* there *** ******** ** ********* ** ******* **** ** *** have ** *******.

*** ******* ****** *** ** **** ** ****** *** *** at ***, ** **** ** *** **** ** *** ***** source ****, *** **** **** ********* * ****** ** ******* to **** ************ ******** ***** **'*, *** ******* ***** ********:

****, ** *** ******** *********, ****'* ***** **** **** ***** known ********* *** ********* **** ******'* ** *******?

**** ***** ** **** *******. ** ***'*, ******** ******** *******, and ******** (*** ******** **** ****** *******) *** **** ** have ********* ********* ****.

* ***** **** ** ********** *** *** **** ***** *** product **** ~**** ******, *** ***** *** *****/***** ****-***** *** seemingly ************. ***** *** "********" ******** **** **** ******, *** so ***** ******** *** ****** ******** ** *******. * **** some ***** ********** ****** ******* ***** *** ****** ***** ******** changes **** *** *** ** ***** ********.

*** ** *** ***** ** **** ***** ** **** ********* for ***** ** **** ** **** *** ********. **** ** the ******* **** ** ******* ***** ******* ** * ***** camera *** ****. ***** ****** ****** *** ****** ******* ******** channels (***** ****) *** ** ** **** ****** **** **** people *** ****** ******* ***** *********.

*** *** *** ****** ***** *** ***********. * *** ** Security ***** *** *** ******** ******* ** ** ******* *** create ***************. **** ***** ******* ********* *** **** ***** ** firewalls **** *** *** ********.

* *** ** ******** ***** *** *** ******** ******* ** IP ******* *** ****** ***************.

*** ***** ***** ** ** ************* **** ** *** ************ closed ******? *** ** ** *** ** ** ****** ** something **** ** ******** ****** *** ** *** ***. ***/**?

******* ****** ****** ** ******** ***, *** **** ******* ** and **** ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...
Hikvision New Security Vulnerability on Mar 12, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...
FLIR Responds to Dahua Backdoor on Mar 10, 2017
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure: Certain FLIR and Lorex branded products that...
Hikvision Firmware Decrypted on Mar 09, 2017
A developer has decrypted Hikvision's firmware, allowing examination of Hikvision's device source code and contents. In this report, we overview...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...
Who Is Hacking Hikvision Devices? on Mar 06, 2017
Someone or organization is mass hacking Hikvision devices, actively and systematically running a script / program across the Internet that looks...
Hikvision Defaulted Devices Getting Hacked on Mar 02, 2017
Hikvision devices with default passwords and remote network access enabled (via DDNS, public IPs, etc.) have experienced wide spread hacking over...
Hikvision Barred From US City Housing Authority Bid on Feb 14, 2017
A US city's housing authority has barred Hikvision products from their bid, due to 'increasing security concerns.' In the past few...

Most Recent Industry Reports

IP Cameras Lose Buy America Protection on Mar 28, 2017
IP Cameras have lost the US government's 'Buy America' protection as the Security Industry Association (SIA) successfully lobbied the government to...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Anixter Favorability Results on Mar 28, 2017
Anixter's direct sales and integrator anger about it has been in the news recently: Anixter / Bosch Sells Direct to Amazon Anixter Touts...
Save $50 - IP Networking Course May 2017 on Mar 28, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Chinese Government Spies on Churches With Video Surveillance on Mar 27, 2017
The Chinese government is using video surveillance to spy on churches in China, reports UCANews, explaining: The [Chinese government]...
Hanwha Wisenet X Tested on Mar 27, 2017
Hanwha has released their latest generation, the Wisenet X series, powered by their new Wisenet 5 processor. This new series claims improvements...
Burglar Alarm Sirens Guide on Mar 27, 2017
Sirens are used to alert users to an alarm condition. In this note, we examine how to choose, locate, and install alarm sirens, including Siren...
Dahua Distributor Bad Breakup on Mar 27, 2017
A Dahua distributor in Europe claims that Dahua took over his top customers, revoked his distributorship status, and left him with a large amount...
Everbridge Mass Notification Service Examined on Mar 24, 2017
Everbridge is expanding in the security space. In January 2017 Everbridge acquired PSIM platform IDV, and have also begun integrating with other...
Hikvision Removing Auto 'Phone Home' on Mar 24, 2017
Facing pressure over their cameras auto phoning home and their Chinese government ownership, Hikvision has begun quietly removing automatic...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact