Why Surveillance Pros Rationally Won't Care About The Massive Dahua Mirai Attack

Author: Brian Karas, Published on Oct 05, 2016

The physical security industry has been fairly indifferent to cyber security (e.g., see the Cyber Security For Video Surveillance Study).

Here, we explain why most video surveillance integrators will not care about the massive Dahua attack, even if they understand it, and its effects.

We look at what led to the existence of Mirai, and why they would rationally be indifferent.

*** ******** ******** ******** *** **** ****** *********** ** ***** security (*.*., *** ******** ******** *** ***** ************ *****).

****, ** ******* *** **** ***** ************ *********** **** *** care ***** *** ******* ***** ******, **** ** **** ********** it, *** *** *******.

** **** ** **** *** ** *** ********* ** *****, and *** **** ***** ********** ** ***********.

[***************]

Mirai ****** *** ** ************ ********* *** **** *************

***** ******** *** ******* ********** ** ****** ** ***** ****** scenario. *** ***** ** ** *** **** ** *** ************, Dahua, ******** * ************* *** ******* ** ****** ****** ** their ******* **** ** *** *** *** **** ** ******* it. *** ****** ** ** *** **** ** ********** ******* default ********* *********, ****** ** ********** **** *** ********* ** gain ****** **** **** ******* ** ******.

A **** ******** **** *** **** *** ****

***** ** * ********, ***** *** ********* ** *** **** for *** *** ********, *** ** **** *** "****" *** host *** ****** ** **********. *******, ** ****** *** ****** relatively ********** ** *** *** ****, ***** ******** ** ** operate. **** ** *** **** ** *** ****** **** ** the ******** ******** **** *** **** **** ********* ***** *****, it **** *** ****** ***** ********.

Mirai ** *** ***** ***

**** ******* **** ***** ******** ****, ****** ****:

  • ****** *********
  • ****** **** ****
  • **** ******* ****
  • ****** ******** *******/********** ** ****
  • *** ****

***** ** *** ****** ** *** *** ** **** ***********, it **** ******** ******* ** ****** ******* ******* ***** ******** sites.

***** ******** ** ***** ** *** ****** *** ****** ******* or ******, **** ** *** ***** ****** *** ********* *** outrage *** *******, ***** *** ****** ***** ******** *** **** on ******* ******* ******* ** ** *********.

Fixes **** *****

******** ********* *** ********** *** ******** *** ***** **** *** (from *** ***** ***********) ******* **** **** ** ** ******* that *** *********** ***** **** ** ***, *** **** ***** customers *** ****** ** **** ** *** ***. ****, *** Mirai ****** ** ****** ** ******** ** ***** *** ******, or **** *****, ****** ***** ** **** ***** ****** **** causes ****** ** ******** ****** ********* ** *** **.

Why *** ****** ****

******** ******* ****** **** ****** *** ******** ***** **** *** installed, *** *** ************** *** ******* ******** (** ******) ** risk. ** ** ******** *** **** ** ****** ******* ******, and *** *** ****** ** ********* *****. **** *** **** proposed ** *** **** **** ******* ******'* **** ******* ******** on *** ********, *** *** *****-******* ****** ******* ** ***** is ******* *** ******* *** **** ******* **********. ********* ******* themselves ******** ** ***** *** ******* ***** ******** ****** ** infected *** ***** ***** *********** *** ********** * "******" ******.

Vote - ** *** ****?

Comments (18)

Undisclosed Integrator #1

10/05/16 02:22pm

** **** ********* ***** ********** *************** ** *** ****** ******* the ******* ** ***** **** ** ********** ******** **** ***** to **** ****. *** ***** ** ****** **** ****, ***#*, personal ***********, *** ***** ***** **** **** ******* ** *** past *** *****.

*** *** **** ** **** **** **** *** ***** *** radar *** ****** ********. ***** *****'* ** ******* *******, *** (or ** ***) **** ****** *** ****** ** ******* *** one.

* ****** ** ******** ** *** ****** ****** **:

*. **** *** **** ***** ** ******* ** ****** ********?

*. **** *** ****** ******** ***** ***** *** ** ********?

Undisclosed Integrator #2

10/05/16 02:36pm

*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ***********? *** ************ *** ******* new ******** *** **** *****'* ******** *** *** ***** ***** it's **** *********. *** *** ********** ** ***** * *** of ***** ** **** * ***** ** *** ***** *** upgrade *** ********.

***** *** *** ***** ******* *** ** ***** ** **** for ************* ** ***** ******** *** **** *** ***** ******* to ******** *** ********* ******* ** **** **** **** ** integrator ***** ********** ******* *******.

Robert Shih

SavvyTech Security | In reply to Undisclosed Integrator #2 | 10/05/16 03:09pm

********, ******** ****** ******* *** **** ****** * ***** *** set ** ******** *****. ******* ***** **** ** ****** **** mechanism. ** ******* **** *** ******, ****'* *** ***** ********** then.

Undisclosed Integrator #2

In reply to Robert Shih | 10/05/16 04:13pm

**** ***** ** ****, *** ** **** ********* ** ****** for ****** ******** ****** ***** *** ** **** ****** **** term. ***** ***** **** ****** ******, *** ** **** ** the ***** *** ******* **** *** ****** ******* ****** *********** back ** *** ************ *******.

** ****** **** *** ** ** *********** ******** *** *********** to ****** *** ********* ** ************* ***** **** **** ***** with **.

** *** ************* ***'* **** *** ********* ** ** ****, then **** ****** **** **** ***** ***** ******** ******* ** create * ********.

*** **** ** ******** ******** ******** ** ******** ******* ** with ******** ****** **** *****'* **** ***** **** ****.

Robert Shih

SavvyTech Security | In reply to Undisclosed Integrator #2 | 10/05/16 04:39pm

***** **** *** ******* *** **** ***** ********, ******* ****'** had ******** ********* ***** ******** ******* ***** ****** ** ***-**** devices *** ****** ******** *******, **** ***'* **** **** ** with **** ****** ** ***** ** **.

***** ******* ** *** ** ****** *** ********; ************, **** could ****** ******* **** * ********* ********* ** *** *** point.

******* ** ***, ** *** ******** **** *** ***, *** in *** **** *****, ***** ** ** **** ******** **** can *** ********** *** ***** ******* **** ***** *** ***. I **** *** **** ** ****-******, ********* ****** *********** *** camera ********, *** * ***** *** **** ** *** ********* updates ****** **** ** ****** ************.

* ******** **** ****** **** ****** *** * ******* ********** sponsored ******* (******* ********* *******) ** *** **** ** * backdoor ** ********* *** ********* ** * *********** *****. ** any ******* ***** ******** ****** ****** **** *** ****, ********* will ********* *** **** ** ***** ********* *** ****** *** trend, ********** **** ** ** ** ********* *** *******.

** **** ******* * **.

Undisclosed Integrator #1

In reply to Robert Shih | 10/05/16 10:25pm

* *** *** **** ***** ** **** *******. ** ****** comes **** ** *** ********* *** *** ** *** ************ being **** ** ******** **** *******.

************ ****** ***** *********** ***** ****** *** ** *** ******* ** *** ******** pushes ***** *** ** * **** ****. ** ***** **** point * ***** **** **** ** *** * ***** ****. Brian ***** ****** *** ***** ** **** ****** **** ******* signing ***** **** ******* ****. ** ******* ** ******* **** would **** ****** **** ** ** *** ************ ******* *** update?

******* ******* ** ********** ****** ******* **** ******* * *** ** ******* ******* ** ****** **** ******* ********** ****** ***** ** startup.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 10/05/16 11:05pm

******* ******* ******* (** **** ********) **** *** ******** ********** from *** ************, *** *** *** **** ******** **** ** altered. ** **** *** ******* ** ***** ***** *** ******** is ********* ******** ** *** ************ (****** ************ ** ************). In *******, *** **** ** **** ******** ***** ** *** manufacturer *****.

Thumbnail brk1

Brian Karas

IPVM | In reply to Robert Shih | 10/05/16 05:03pm

*** *** ** ******** **** ** **** ******/********* ********, ***** is ** ******** **** *** **** ****** *** ***** * while (****** *** **** ****** ** ******** *******).

Robert Shih

SavvyTech Security | In reply to Brian Karas | 10/05/16 06:15pm

***** *** **** **** ** *** **** ** **** ****** if ** *** *** ***** ** **, *** *** ******** holds ****. ** ****** *** **** ** *** ** ****** this, ***** *** ***** *** ***** **** *** **** ********* of **** ** *** ******* ****** ****** ***** ****** *************.

*** ** ******, *'** *********, ******* ********** + *********.

Andrew Hogendijk

In reply to Robert Shih | 10/18/16 12:56am

*** ***** ** ***** ** ******* ** *** **** ** security, **** *** ****-***** *** ***** ******. ***** ** **** source ** **** ******** **** ********** *** ********* ******* (*** the **) **** ******** **** ** *** *******, *** **** not ******** ** **** ***** ** ***** *** ***** ** a ***** ******** ******** ** *** ************* ********.

*** *******, ********* *** ******** ***** ** *** ********* ** computer. *** *** *** ******** ***** ************ *** **** **** on ** ** *** *** *********** **** **** **** ** thing, ***, *** **** ** *** **** ********* ***, *** cannot **** *** ** **** ******* * ******** ****** **** provided ** *** ** *** **** *************. ** ***** *** OS ***** ** **** ******, *** *** ***** **** **** is ** **** ****** **** - **** ******** **** ** actually *******? **** ** **** * ********? *** ** **** tell? **** ***** * '*******' ******* **** ********* ****** ********?

** ***** *** ****** *** ***** ** **** **** * hardware ***** ** **** - *** ********** ** *** *** features, *** **** *** ****** ******** **** **** ***** *** particular ****** ****. ****** *** *** ***** *** ************ *** are ******* ***** *** ***** ** ** *** ****** ****.

** ** ** **** ** ******** ***** ******* *** ******* both **-**-**** *** *********** ******* ******** ************** ******** * *******-**-***** approach. **** ** *** ********* **** *** ********** ******** ******** has ********* ******* ** *** ** ******** *** ** * separate *** *********** ********. ***** ** ** '*****-***' ** ****** bullet ** ****** **** *************.

*** **** ***** *** * *** ***** ** ** ****** an ** ***** ****** ****** ** ** **** ** ********* entirely **** *** ******** *** ******** ****. *** **** ****** it ** ** ** ******** ** **** ***.

** ** *** *** *** ******* ** ****** **** **** firmware *****. *** * ***** ***** ********** *******, ****** ******* and **** **********. **** *** ****** ** ******** - *** far ** *** ** ** ********** ******** ****?

Undisclosed #3

In reply to Andrew Hogendijk | 10/18/16 01:03am

...*** *** ***** **** ***** **** ****** ****...

*** ******* * *** ** ******.

*******:*** ********* *************

Andrew Hogendijk

In reply to Undisclosed #3 | 10/18/16 01:44am

*******! ** **** ***** *** ***** ** ******** *** ********* and ** ****** ** ***** *** ******* *********** *********.

Undisclosed Integrator #1

In reply to Undisclosed Integrator #2 | 10/05/16 10:16pm

"*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ************?"

**** ** *** **** ********. ***** ***, *** ****** ***** to ** "******". **'* **** ** *** ***, ***** *** points **** ***** ** ****** **** **** ****.

** ** **********: * **** *** ************ ****** ****** ****** in ******* *** ******** ** ***** ********. ******* ****, **** should ****** ** ***** ********** *** *** ** **** ** fix **.

** ** ************: ** ***'* ***** ***** ******** ****. *** integrator ****** ****** ***** ******* ** ******* ******** ********** **** creating ** ****** ******. ** *** **** ** ** *** part.

** ** *** ****: *** ****'* *** ********** ********* * purchase * ********* ******* **** **** ******** ********? *** *** I *** ***** * **** *********** ** *** ********** ** lieu ** ******* ********** ******* ***** *?

Thumbnail images

Marco Sanchez

10/05/16 04:32pm

*'* ******* ** ** *** ***** *** ***** *** ***** no *** **** *** ******** **? **** *******.

Robert Shih

SavvyTech Security | In reply to Marco Sanchez | 10/05/16 06:29pm

******* ********, ******* ** ***** ********** **** ******** ******* ** all **** *** ***** *** ** ****** ********** ******, *** in *** *** **** **** ***** **** ******* ** ************* needing ******* ******** *** ******* ********** **** ***** ******** ********, the ********** **** ** **** **** ******* *** ****** ** well.

******* ********** *** ****** *** *** ** ******** *** ******** that *** *** ***** ** *** *****. ************* *** **** release **** **** *******, *** ************** ** *** ***. ********** about **** ****** ****** ** ********** ****** ********* **********. ***** took *** **** *** *** **** ***** ********* ** ******* ease ** *****, **************, *** ***. **** ***** ***** ******** were *** ****** ***** ** ***** ** ***** ********. *** the ******* *** ******* ** ***** ********* ** ********* ** all ******.

*** *******, **** ********** ***** *** **'* ***** *** ** actively ***** *** ******** ******* ** ******* *** ************ ************, but **'* *** ***** ****** ** **** ** ************* *** his ***** ******** ********. ** *****'* **** ***** ** ** anyone **** ******* *** ****. ** ***** **** *** ******* that *** ******* *** ** ** *******. *** **** **** he ****** ****** ** *** **** *** ******** ******* ** wanted **** ***** ******** ** *** ******.

*********, *** ***, **'* ******** ** ***** *** ***'* *** the *** **** **. ***** *** ******.

***, * ***** ***, *** * ***** ********** **.

Thumbnail 395fbc4

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | 10/13/16 07:27pm

****, *** **** *'** **** **** * ***** **** ** Software *********** * *** ** *** ****, ******* ****** ***'* care **** ***** ******** ** ** *** ******** *********** ***** they *** *** ** * *** ********.

Undisclosed #3

In reply to Ricardo Souza | 10/14/16 03:33am

*** ** **** **** **** **** **** **** *****, ***** the ******* ***** ****** *** *** *********** ********, ** ** disaster *** *** ****** ** *** ******. *** ******* **** go **** ** **** ** ****** ******* **** ********* ****, until **** *** ****** ** *** **** **** ******.

Thumbnail inpicture gert molkens k2

Gert Molkens

IPVMU Certified | 10/14/16 05:11am

*** ***'* ** **** * ***** ********** ****** *** ** manage ********* ******'* *** ***** ******** *******? *'* ******** * system **** ** ** ****** ** **** *** ******* **** Aerohove, **** ********, *** ***

*** *** ****** ** **** ****** ********* ** ** ** it ******** ** *** **** *** ******* **'* *** ***** time ** ** **.

**** * ****** ** **** **** **** *********** ** ****** new ******** *** ** **** *************

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Exacq Improving Technical Support, Responding To Integrator Complaints on May 21, 2018
Exacq had been a long-term favorite of integrators, but since their 2014 Tyco acquisition, Exacq has fallen in IPVM integrator studies (though...
Best Manufacturer Technical Support 2018 on May 21, 2018
While 5 manufacturers made the worst technical support 2018 list, only 3 stood out as providing the best technical support to 190+ integrators in...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Worst Manufacturer Technical Support 2018 on May 16, 2018
5 manufacturers stood out as providing the worst technical support to 190+ integrators in new IPVM results. These integrators answered: In the...
Top Benefits Of Attending Trade Shows (Statistics) on May 15, 2018
150 integrators told IPVM: What are the top benefits of going to trade shows? The clear top 2 responses in order: (1) Networking (2) New...
Hikvision Source Code Transparency Center Examined on May 14, 2018
Following criticism of Hikvision's Chinese government ownership and Hikvision's IP camera backdoor, the company has responded with a series of...
Integrator Technician Field Software Usage (Statistics) on May 07, 2018
Maintaining accurate notes and documentation from field technicans is a difficult and important task for a security integrator operation. Keeping...
Integrators Divided On Website Importance to Business (Statistics) on May 04, 2018
Are websites important? Still quite a number of integrators have no websites.  New IPVM statistics show that nearly half of all integrators find a...
Genetec Wins Panama Canal With Direct Low-Bid on Apr 30, 2018
Genetec and low price are not two terms frequently found together. However, in a surprising and controversial move, Genetec has won a Panama Canal...
Favorite Access Control Manufacturers 2018 on Apr 26, 2018
150+ Integrators told IPVM "What is your favorite access control management software/system? Why? Unlike the 2016 access favorites where a group...

Most Recent Industry Reports

Software Only VMS vs NVR Appliances on May 23, 2018
Should you buy your own PC/server and load VMS software on it or get a turnkey appliance (both hardware and software, e.g., NVR, Hybrid DVR) from a...
Buy Arecont: Top Bid $10 Million Cash on May 22, 2018
Last year, Arecont had a deal for a purchase price of $170 million (see Failed Arecont China Acquisition). This year, Arecont has a deal for a...
Installing Box Cameras Indoors Tutorial on May 22, 2018
This tutorial starts our physical installation for video surveillance series, starting with Box Cameras, one of the oldest and most basic types....
The Hikvision Smart Classroom Behavior Management System on May 22, 2018
Hikvision's rapidly growing offering of analytics, which we most recently examined with Hikvision's ethnic minority analytics, is now going into...
Dahua Intrusion Analytics And VMD Tested on May 21, 2018
Dahua ships basic analytics on practically all their cameras, ranging from low cost to high end. To see how these analytics work in real world...
Exacq Improving Technical Support, Responding To Integrator Complaints on May 21, 2018
Exacq had been a long-term favorite of integrators, but since their 2014 Tyco acquisition, Exacq has fallen in IPVM integrator studies (though...
Best Manufacturer Technical Support 2018 on May 21, 2018
While 5 manufacturers made the worst technical support 2018 list, only 3 stood out as providing the best technical support to 190+ integrators in...
Stealth / UCIT - Remote Video Monitoring Provider Profile on May 18, 2018
Can 2 remote video monitoring companies, Stealth Monitoring from the US and UCIT from Canada combine to impact the market and compete in a changing...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact