Dahua Won't Say, But Anyone With Telnet Enabled Is At Risk

Author: Brian Karas, Published on Oct 05, 2016

Dahua has decided not to provide details they have about how hackers are exploiting their products. They explained:

A public statement about what technology is in place and which models have certain security features would serve as a beacon to hackers to attempt to infiltrate older-model Dahua products. We do not wish to put our customers at risk to such hackers.

Instead, Dahua's communication focuses on Dahua models running firmware releases prior to January 2015. Because of Dahua's fractured distribution / OEM model and historically poor firmware upgrade offering, many devices purchased after January 2015 are at risk.

In this note, we examine why telnet is critical to the Dahua hacks and what you should do about it.

***** *** ******* *** ** ******* ******* **** **** ***** how ******* *** ********** ***** ********. **** *********:

* ****** ********* ***** **** ********** ** ** ***** *** which ****** **** ******* ******** ******** ***** ***** ** * beacon ** ******* ** ******* ** ********** *****-***** ***** ********. We ** *** **** ** *** *** ********* ** **** to **** *******.

*******, *****'* ************* ******* ** ***** ****** ******* ******** ******** prior ** ******* ****. ******* ** *****'* ********* ************ / OEM ***** *** ************ **** ******** ******* ********, **** ******* purchased ***** ******* **** *** ** ****.

** **** ****, ** ******* *** ****** ** ******** ** the ***** ***** *** **** *** ****** ** ***** **.

[***************]

Three Core ******

*** **** **************** ** ****** ******* **** ***** *** **** ********* ****** to *** ******* *************.

** ******* ** ***** **** ******:

  • ****** ****** ** *** ******/********. ** ***** **** ******** ***** cameras *** ********* (*** ********** **** ** ***** ****) *** ****** permanently ******* *** ***** ***** *** ****** ****.
  • ******* ********* *** *********.
  • ********** ********* ****** ** *** ****** **** **** ******* ********* **** downloaded ** *********.

**** *** ***** ******** ***** ****** ** *** ******, ** installs *** ******** ********* ****. ***** *** ******* *** ***** two ******, ***** ** ******** *****, *** **** ** ******* over *** ***** ********** *** **** ********* ****** ** ***** devices. ****, ****** ******* ***** *** *******, *** ***** *** users ** ***** ******** ****** ** ******** ***** ********** ***** devices *** ********.

Three Steps ** ******** **** ********

***** *** ***** ******* ****** ***** *** ** ** ****** ***** risk ** ********* ** **** (*** *****) *******:

  • ******* ********
  • ****** ******* *********
  • ****** ****** ** ********

Upgrade ********

**** ** *** **** ******** *********, ******* ****** ****** ***** has ** ****** ** ******* ** *** ******. ** **** *** ***** firmware *** ******* ****** **********, ******* ***** ******** *** ****** ******* *** no ***** *** *** **** ** ******* **.

***** *** ********* ******** ********* ** ***** ******* ****, ***** ** ***** ********* **** **** ** ******* ******* Dahua ********* ** ***** ******. *** **** ** **** *** ***** number, ***** ****** ** ******* ** *** ******, ** ********* in *** *** ** ** **** ****** ** ***** ** find *** ****** ******** ********. *** ********* ********** ***** *** device **** *** * ***** ******, ********* ***** *** "***********" section ** *** *** ** ** *** ******, *** *** also *** *** ******** ***** **** ***** ** ***** ******* that ****** ** ********:

Change ******* *********

*** ***** ******* **** * ****-***** **** ** ********* *** passwords ** *** **** ********* *******. ***** *** ** ***** combinations, ********* ******* *****'* **** "*****/*****" *** "*****/********". ****** ********* are ***********, *** *********** ******** ***** **** * ****** ******* password ****** ******* ********* ** *** ******* *******.

Verify ****** ** ********

****** ****** ** ******** ***** ******** ** ******** ** * newer *******, *** ** ** **** ** ****** ** ** truly ********. *** *** ** ***** ***** ***** *** **** is ***** ****, ** * ******* **** ******, ***** ** **** ** *** ***** *****:

What ** ** ** *** *** *** ******* ********

***** ** ***** *** ********, ** ***** **** *** ****** to **** * ******** ****** *** ***** ****** ***** **** options ** ******* **********. ******** *** ******* ********* **** ******* attackers **** ******* ****** *** *****. ********* ****** (**** **) on ****** ****-********** ***** **** ******* *** ******* **** ********** to *** ****** ** *** ***** *****, ******** ****** **** if *** ********* *** **** ******* ********/******** ******.

Dahua ************* *****

***** *** ****** ******** **** ********* *****, ***** ********* ****** ****** *********** **** ******** *********, ***** strong *********, *** **** ********** ******** *****. ** **** *** specifically ******* ****** ** ********* ****** ******, ****** ** ******* users ** **** ******* ******** ***** ** **** ******* **** indirectly.

 

Comments (9)

*** ***** **** ***** ****** ** ****** ******. ***'* ****** in **** ***** ******* ** *** ******** ** *** ******** or ** **** ******* ********* **** *** *** ******?

****, ** *** ******** *********, ****'* ***** **** **** ***** known ********* *** ********* **** ******'* ** *******?

**** *** ****** ******** ** *** *** ******* **** ******'* be *******, *** **** ***** **** ** **** *******. ***** even ***** ****** *** *****?

** ***** *** ****** **** ** ***** ****** ******** **** a *********** ***** ****, **** ******* ****** *** ** ******** is ********.

*********, *** ****** ** ******** ***** ****** *** ********.

***, ***** ********, *** ***** ******* ***** ** ******** *** Telnet **** *****/*****, **** ** *** ******* *** ***** ******** to ********* ****. *** ******** ** *** ***** ******** **** restricted **** *** ******* ******. *** ***** ******** ***** ******* admin/admin ***********, ********* *****.

** **** ***** ** ***** **** *** **** **** *** here ** ** ****** *** ******** ******** ***** ** ******** through *** *** *** ****** ** ******* **.

** *** *** ***** ***** ***** *** ********, **** **** files **** ******* ****** **** ** ** *** ******. ********* hosts * ****** ** ******** ***** ********** *** ** *** need **** **** ******* ******** *******, ****** **** **** ** contact **. * *** ****** **** ***** *********** **** ***** number *** ******** **** ****** **** ********. **** **...** *** want *** ***** ***** *.* ******** **** * *** **** Dillabaugh...I ***** *** **** ** *** *** ******** ** ** released *** >.>

****'** ******* ** ********** **** *** **** *******. ** *** I ***** **'** **** ******** ************* *** ** ******* *** Smart *.***+!

**********, *'* **** ** ****!

***'* ****** ** **** ***** ******* ** *** ******** ** the ******** ** ** **** ******* ********* **** *** *** itself?

** **** *****, ***, ** ****** ** *******, *** ******* there *** ******** ** ********* ** ******* **** ** *** have ** *******.

*** ******* ****** *** ** **** ** ****** *** *** at ***, ** **** ** *** **** ** *** ***** source ****, *** **** **** ********* * ****** ** ******* to **** ************ ******** ***** **'*, *** ******* ***** ********:

****, ** *** ******** *********, ****'* ***** **** **** ***** known ********* *** ********* **** ******'* ** *******?

**** ***** ** **** *******. ** ***'*, ******** ******** *******, and ******** (*** ******** **** ****** *******) *** **** ** have ********* ********* ****.

* ***** **** ** ********** *** *** **** ***** *** product **** ~**** ******, *** ***** *** *****/***** ****-***** *** seemingly ************. ***** *** "********" ******** **** **** ******, *** so ***** ******** *** ****** ******** ** *******. * **** some ***** ********** ****** ******* ***** *** ****** ***** ******** changes **** *** *** ** ***** ********.

*** ** *** ***** ** **** ***** ** **** ********* for ***** ** **** ** **** *** ********. **** ** the ******* **** ** ******* ***** ******* ** * ***** camera *** ****. ***** ****** ****** *** ****** ******* ******** channels (***** ****) *** ** ** **** ****** **** **** people *** ****** ******* ***** *********.

*** *** *** ****** ***** *** ***********. * *** ** Security ***** *** *** ******** ******* ** ** ******* *** create ***************. **** ***** ******* ********* *** **** ***** ** firewalls **** *** *** ********.

* *** ** ******** ***** *** *** ******** ******* ** IP ******* *** ****** ***************.

*** ***** ***** ** ** ************* **** ** *** ************ closed ******? *** ** ** *** ** ** ****** ** something **** ** ******** ****** *** ** *** ***. ***/**?

******* ****** ****** ** ******** ***, *** **** ******* ** and **** ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Cisco: Hikvision Hired Us on May 16, 2017
The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a...
Hikvision Blaming Backdoor On Others, Cannot Hide From DHS on May 11, 2017
Numerous Hikvision employees are blaming their backdoor on others but Hikvision cannot hide from the US Department of Homeland Security. Blaming...
Hikvision Backdoor Confirmed on May 08, 2017
The US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory for...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...
Chinese 'Attacking Us From Every Direction', Says US FBI on Apr 25, 2017
"Chinese eating our lunch. Attacking us from every direction" said the US FBI's Deputy Director Andrew McCabe at the ASIS 2017 CSO Summit. .@FBI...
Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...

Most Recent Industry Reports

Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...
Aura's 'Invisible Ripple' Next Gen Intrusion Detection Tested on May 22, 2017
Aura Home is a startup intrusion detection system, but it claims new, high-tech sensing that monitors the 'invisible ripples' movement creates,...
Pelco Shutting Down Clovis Line, Laying Off 200 on May 22, 2017
Pelco's Clovis facility once turned out some of the industry's most popular products. Now, the facility is mostly building "obsolete" equipment,...
IP Camera - 15 Year Shootout on May 22, 2017
How far have IP cameras come? We bought and tested 4 cameras across the past 15 years to understand how much and where performance has...
Remote Video Monitoring Providers Directory on May 19, 2017
Remote video monitoring can help integrators generate RMR plus end users lower their security costs and/or improve response to critical...
Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Forget The Backdoor, "ALL HIKVISION PRODUCTS" On Sale on May 18, 2017
Less than 2 weeks after the Hikvision Backdoor was confirmed, Hikvision has launched a sale "ON ALL HIKVISION PRODUCTS". In this note, we examine...
Amazon Techs Installing IP Cameras Tested on May 18, 2017
In 2015, Amazon started offering video surveillance installation. Now, Amazon has made it a lot easier, with automatic add-on options and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact