Why Surveillance Pros Rationally Won't Care About The Massive Dahua Mirai Attack

Author: Brian Karas, Published on Oct 05, 2016

The physical security industry has been fairly indifferent to cyber security (e.g., see the Cyber Security For Video Surveillance Study).

Here, we explain why most video surveillance integrators will not care about the massive Dahua attack, even if they understand it, and its effects.

We look at what led to the existence of Mirai, and why they would rationally be indifferent.

*** ******** ******** ******** *** **** ****** *********** ** ***** security (*.*., *** ******** ******** *** ***** ************ *****).

****, ** ******* *** **** ***** ************ *********** **** *** care ***** *** ******* ***** ******, **** ** **** ********** it, *** *** *******.

** **** ** **** *** ** *** ********* ** *****, and *** **** ***** ********** ** ***********.

[***************]

Mirai ****** *** ** ************ ********* *** **** *************

***** ******** *** ******* ********** ** ****** ** ***** ****** scenario. *** ***** ** ** *** **** ** *** ************, Dahua, ******** * ************* *** ******* ** ****** ****** ** their ******* **** ** *** *** *** **** ** ******* it. *** ****** ** ** *** **** ** ********** ******* default ********* *********, ****** ** ********** **** *** ********* ** gain ****** **** **** ******* ** ******.

A **** ******** **** *** **** *** ****

***** ** * ********, ***** *** ********* ** *** **** for *** *** ********, *** ** **** *** "****" *** host *** ****** ** **********. *******, ** ****** *** ****** relatively ********** ** *** *** ****, ***** ******** ** ** operate. **** ** *** **** ** *** ****** **** ** the ******** ******** **** *** **** **** ********* ***** *****, it **** *** ****** ***** ********.

Mirai ** *** ***** ***

**** ******* **** ***** ******** ****, ****** ****:

  • ****** *********
  • ****** **** ****
  • **** ******* ****
  • ****** ******** *******/********** ** ****
  • *** ****

***** ** *** ****** ** *** *** ** **** ***********, it **** ******** ******* ** ****** ******* ******* ***** ******** sites.

***** ******** ** ***** ** *** ****** *** ****** ******* or ******, **** ** *** ***** ****** *** ********* *** outrage *** *******, ***** *** ****** ***** ******** *** **** on ******* ******* ******* ** ** *********.

Fixes **** *****

******** ********* *** ********** *** ******** *** ***** **** *** (from *** ***** ***********) ******* **** **** ** ** ******* that *** *********** ***** **** ** ***, *** **** ***** customers *** ****** ** **** ** *** ***. ****, *** Mirai ****** ** ****** ** ******** ** ***** *** ******, or **** *****, ****** ***** ** **** ***** ****** **** causes ****** ** ******** ****** ********* ** *** **.

Why *** ****** ****

******** ******* ****** **** ****** *** ******** ***** **** *** installed, *** *** ************** *** ******* ******** (** ******) ** risk. ** ** ******** *** **** ** ****** ******* ******, and *** *** ****** ** ********* *****. **** *** **** proposed ** *** **** **** ******* ******'* **** ******* ******** on *** ********, *** *** *****-******* ****** ******* ** ***** is ******* *** ******* *** **** ******* **********. ********* ******* themselves ******** ** ***** *** ******* ***** ******** ****** ** infected *** ***** ***** *********** *** ********** * "******" ******.

Vote - ** *** ****?

Comments (18)

** **** ********* ***** ********** *************** ** *** ****** ******* the ******* ** ***** **** ** ********** ******** **** ***** to **** ****. *** ***** ** ****** **** ****, ***#*, personal ***********, *** ***** ***** **** **** ******* ** *** past *** *****.

*** *** **** ** **** **** **** *** ***** *** radar *** ****** ********. ***** *****'* ** ******* *******, *** (or ** ***) **** ****** *** ****** ** ******* *** one.

* ****** ** ******** ** *** ****** ****** **:

*. **** *** **** ***** ** ******* ** ****** ********?

*. **** *** ****** ******** ***** ***** *** ** ********?

*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ***********? *** ************ *** ******* new ******** *** **** *****'* ******** *** *** ***** ***** it's **** *********. *** *** ********** ** ***** * *** of ***** ** **** * ***** ** *** ***** *** upgrade *** ********.

***** *** *** ***** ******* *** ** ***** ** **** for ************* ** ***** ******** *** **** *** ***** ******* to ******** *** ********* ******* ** **** **** **** ** integrator ***** ********** ******* *******.

********, ******** ****** ******* *** **** ****** * ***** *** set ** ******** *****. ******* ***** **** ** ****** **** mechanism. ** ******* **** *** ******, ****'* *** ***** ********** then.

**** ***** ** ****, *** ** **** ********* ** ****** for ****** ******** ****** ***** *** ** **** ****** **** term. ***** ***** **** ****** ******, *** ** **** ** the ***** *** ******* **** *** ****** ******* ****** *********** back ** *** ************ *******.

** ****** **** *** ** ** *********** ******** *** *********** to ****** *** ********* ** ************* ***** **** **** ***** with **.

** *** ************* ***'* **** *** ********* ** ** ****, then **** ****** **** **** ***** ***** ******** ******* ** create * ********.

*** **** ** ******** ******** ******** ** ******** ******* ** with ******** ****** **** *****'* **** ***** **** ****.

***** **** *** ******* *** **** ***** ********, ******* ****'** had ******** ********* ***** ******** ******* ***** ****** ** ***-**** devices *** ****** ******** *******, **** ***'* **** **** ** with **** ****** ** ***** ** **.

***** ******* ** *** ** ****** *** ********; ************, **** could ****** ******* **** * ********* ********* ** *** *** point.

******* ** ***, ** *** ******** **** *** ***, *** in *** **** *****, ***** ** ** **** ******** **** can *** ********** *** ***** ******* **** ***** *** ***. I **** *** **** ** ****-******, ********* ****** *********** *** camera ********, *** * ***** *** **** ** *** ********* updates ****** **** ** ****** ************.

* ******** **** ****** **** ****** *** * ******* ********** sponsored ******* (******* ********* *******) ** *** **** ** * backdoor ** ********* *** ********* ** * *********** *****. ** any ******* ***** ******** ****** ****** **** *** ****, ********* will ********* *** **** ** ***** ********* *** ****** *** trend, ********** **** ** ** ** ********* *** *******.

** **** ******* * **.

* *** *** **** ***** ** **** *******. ** ****** comes **** ** *** ********* *** *** ** *** ************ being **** ** ******** **** *******.

************ ****** ***** *********** ***** ****** *** ** *** ******* ** *** ******** pushes ***** *** ** * **** ****. ** ***** **** point * ***** **** **** ** *** * ***** ****. Brian ***** ****** *** ***** ** **** ****** **** ******* signing ***** **** ******* ****. ** ******* ** ******* **** would **** ****** **** ** ** *** ************ ******* *** update?

******* ******* ** ********** ****** ******* **** ******* * *** ** ******* ******* ** ****** **** ******* ********** ****** ***** ** startup.

******* ******* ******* (** **** ********) **** *** ******** ********** from *** ************, *** *** *** **** ******** **** ** altered. ** **** *** ******* ** ***** ***** *** ******** is ********* ******** ** *** ************ (****** ************ ** ************). In *******, *** **** ** **** ******** ***** ** *** manufacturer *****.

*** *** ** ******** **** ** **** ******/********* ********, ***** is ** ******** **** *** **** ****** *** ***** * while (****** *** **** ****** ** ******** *******).

***** *** **** **** ** *** **** ** **** ****** if ** *** *** ***** ** **, *** *** ******** holds ****. ** ****** *** **** ** *** ** ****** this, ***** *** ***** *** ***** **** *** **** ********* of **** ** *** ******* ****** ****** ***** ****** *************.

*** ** ******, *'** *********, ******* ********** + *********.

*** ***** ** ***** ** ******* ** *** **** ** security, **** *** ****-***** *** ***** ******. ***** ** **** source ** **** ******** **** ********** *** ********* ******* (*** the **) **** ******** **** ** *** *******, *** **** not ******** ** **** ***** ** ***** *** ***** ** a ***** ******** ******** ** *** ************* ********.

*** *******, ********* *** ******** ***** ** *** ********* ** computer. *** *** *** ******** ***** ************ *** **** **** on ** ** *** *** *********** **** **** **** ** thing, ***, *** **** ** *** **** ********* ***, *** cannot **** *** ** **** ******* * ******** ****** **** provided ** *** ** *** **** *************. ** ***** *** OS ***** ** **** ******, *** *** ***** **** **** is ** **** ****** **** - **** ******** **** ** actually *******? **** ** **** * ********? *** ** **** tell? **** ***** * '*******' ******* **** ********* ****** ********?

** ***** *** ****** *** ***** ** **** **** * hardware ***** ** **** - *** ********** ** *** *** features, *** **** *** ****** ******** **** **** ***** *** particular ****** ****. ****** *** *** ***** *** ************ *** are ******* ***** *** ***** ** ** *** ****** ****.

** ** ** **** ** ******** ***** ******* *** ******* both **-**-**** *** *********** ******* ******** ************** ******** * *******-**-***** approach. **** ** *** ********* **** *** ********** ******** ******** has ********* ******* ** *** ** ******** *** ** * separate *** *********** ********. ***** ** ** '*****-***' ** ****** bullet ** ****** **** *************.

*** **** ***** *** * *** ***** ** ** ****** an ** ***** ****** ****** ** ** **** ** ********* entirely **** *** ******** *** ******** ****. *** **** ****** it ** ** ** ******** ** **** ***.

** ** *** *** *** ******* ** ****** **** **** firmware *****. *** * ***** ***** ********** *******, ****** ******* and **** **********. **** *** ****** ** ******** - *** far ** *** ** ** ********** ******** ****?

...*** *** ***** **** ***** **** ****** ****...

*** ******* * *** ** ******.

*******:*** ********* *************

*******! ** **** ***** *** ***** ** ******** *** ********* and ** ****** ** ***** *** ******* *********** *********.

"*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ************?"

**** ** *** **** ********. ***** ***, *** ****** ***** to ** "******". **'* **** ** *** ***, ***** *** points **** ***** ** ****** **** **** ****.

** ** **********: * **** *** ************ ****** ****** ****** in ******* *** ******** ** ***** ********. ******* ****, **** should ****** ** ***** ********** *** *** ** **** ** fix **.

** ** ************: ** ***'* ***** ***** ******** ****. *** integrator ****** ****** ***** ******* ** ******* ******** ********** **** creating ** ****** ******. ** *** **** ** ** *** part.

** ** *** ****: *** ****'* *** ********** ********* * purchase * ********* ******* **** **** ******** ********? *** *** I *** ***** * **** *********** ** *** ********** ** lieu ** ******* ********** ******* ***** *?

*'* ******* ** ** *** ***** *** ***** *** ***** no *** **** *** ******** **? **** *******.

******* ********, ******* ** ***** ********** **** ******** ******* ** all **** *** ***** *** ** ****** ********** ******, *** in *** *** **** **** ***** **** ******* ** ************* needing ******* ******** *** ******* ********** **** ***** ******** ********, the ********** **** ** **** **** ******* *** ****** ** well.

******* ********** *** ****** *** *** ** ******** *** ******** that *** *** ***** ** *** *****. ************* *** **** release **** **** *******, *** ************** ** *** ***. ********** about **** ****** ****** ** ********** ****** ********* **********. ***** took *** **** *** *** **** ***** ********* ** ******* ease ** *****, **************, *** ***. **** ***** ***** ******** were *** ****** ***** ** ***** ** ***** ********. *** the ******* *** ******* ** ***** ********* ** ********* ** all ******.

*** *******, **** ********** ***** *** **'* ***** *** ** actively ***** *** ******** ******* ** ******* *** ************ ************, but **'* *** ***** ****** ** **** ** ************* *** his ***** ******** ********. ** *****'* **** ***** ** ** anyone **** ******* *** ****. ** ***** **** *** ******* that *** ******* *** ** ** *******. *** **** **** he ****** ****** ** *** **** *** ******** ******* ** wanted **** ***** ******** ** *** ******.

*********, *** ***, **'* ******** ** ***** *** ***'* *** the *** **** **. ***** *** ******.

***, * ***** ***, *** * ***** ********** **.

****, *** **** *'** **** **** * ***** **** ** Software *********** * *** ** *** ****, ******* ****** ***'* care **** ***** ******** ** ** *** ******** *********** ***** they *** *** ** * *** ********.

*** ** **** **** **** **** **** **** *****, ***** the ******* ***** ****** *** *** *********** ********, ** ** disaster *** *** ****** ** *** ******. *** ******* **** go **** ** **** ** ****** ******* **** ********* ****, until **** *** ****** ** *** **** **** ******.

*** ***'* ** **** * ***** ********** ****** *** ** manage ********* ******'* *** ***** ******** *******? *'* ******** * system **** ** ** ****** ** **** *** ******* **** Aerohove, **** ********, *** ***

*** *** ****** ** **** ****** ********* ** ** ** it ******** ** *** **** *** ******* **'* *** ***** time ** ** **.

**** * ****** ** **** **** **** *********** ** ****** new ******** *** ** **** *************

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Change Orders - Sometimes Necessary, Sometimes Unethical on Feb 19, 2018
Change orders are a common element in project sales. Sometimes they are a necessity and appropriate ways to deal with arising issues, but sometimes...
16:9 vs 4:3 Video Aspect Ratio Statistics on Feb 16, 2018
What aspect ratio do security integrators prefer? The 'standard' 4:3 or the 'wide' 16:9 one? 100+ integrators told us what they preferred, with...
Top Problems For Integrator Project Management on Feb 13, 2018
Security projects routinely encounter issues that jeopardize deadlines, create confusion, and shrink profits. Unfortunately, there are common...
ADT / ASG 'Merger' on Feb 12, 2018
ADT, the $4 billion annual revenue security giant, recently publicly traded again, has merged with security integrator Aronson Security...
Favorite NVR / VMS Manufacturers 2018 on Feb 12, 2018
There is a new integrator favorite VMS. In 2016, 2 VMSes were effectively tied for top choice. One of those VMSes favorability was stable while...
IP Cameras Default Passwords Directory on Feb 09, 2018
Below is a directory of 50+ manufacturer's default passwords. Note: Change Default Passwords Leaving default passwords is dangerous and makes it...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....
Convergint Damage Control on Feb 07, 2018
Convergint needs you to understand. When Convergint acquires companies, as they continuously do, it is an acquisition, e.g.: But when...
Favorite Software For Remotely Supporting Video Surveillance Systems on Feb 07, 2018
Being able to remotely support video surveillance systems is important both to reduce costs (eliminating truck rolls) and for...
Geovision Unprecedented Security Vulnerabilities And Backdoor on Feb 06, 2018
Cybersecurity vulnerabilities have plagued the video surveillance market. Now, Bashis, discover of the Dahua backdoor, has discovered 15...

Most Recent Industry Reports

Why 3VR Failed on Feb 16, 2018
3VR destroyed transformed ~$65 million in VC funding into a $6.9 million exit. The reason they failed is simple. They bet on analytics. They...
"Fear Mongering": Hikvision USA Cybersecurity Director Dismisses Chinese Government Ownership Concerns on Feb 16, 2018
The facts are: The Chinese government created Hikvision and is Hikvision's controlling shareholder. Hikvision's Chairman, a Communist Party...
16:9 vs 4:3 Video Aspect Ratio Statistics on Feb 16, 2018
What aspect ratio do security integrators prefer? The 'standard' 4:3 or the 'wide' 16:9 one? 100+ integrators told us what they preferred, with...
Mercury Releases New Series 3 Redboard Access Panels on Feb 15, 2018
Mercury Security has their first major product release post-HID buyout, and things literally look different. The Series 3 SIO boards now are red...
Last Chance February 2018 Camera Course on Feb 15, 2018
This is the last chance to get into the Winter camera course, starts next Tuesday. Register now. IPVM provides the best education, live online...
Hikvision DeepInMind Tested Terribly on Feb 15, 2018
While Hikvision is heavily marketing deep learning and 'AI' as their next big thing, new IPVM test results of their DeepInMind NVR shows their deep...
Genetec CEO: You Cannot Buy Trust on Feb 14, 2018
Genetec's CEO, Pierre Racz, delivered a direct message at their channel partner conference: Racz has become a focal point in the industry debate...
Assa's Lowest Power Draw Maglock: Securitron M680E Examined on Feb 14, 2018
Securitron produces some of the most extreme maglocks on the market, including massively strong maglocks and even ones with integrated CCTV cams...
Hanwha Wisenet X 5MP Camera Tested (XNV-8080R) on Feb 13, 2018
Wisenet X is Hanwha's high-end camera line. We tested their Wisenet X 1080p camera last year. Now Hanwha is offering 5MP cameras listing super low...
Top Problems For Integrator Project Management on Feb 13, 2018
Security projects routinely encounter issues that jeopardize deadlines, create confusion, and shrink profits. Unfortunately, there are common...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact