Why Surveillance Pros Rationally Won't Care About The Massive Dahua Attack

Author: Brian Karas, Published on Oct 05, 2016

The physical security industry has been fairly indifferent to cyber security (e.g., see the Cyber Security For Video Surveillance Study).

Here, we explain why most video surveillance integrators will not care about the massive Dahua attack, even if they understand it, and its effects.

We look at what led to the existence of Mirai, and why they would rationally be indifferent.

*** ******** ******** ******** *** **** ****** *********** ** ***** ******** (e.g., *** *** ***** ******** *** ***** ************ *****).

****, ** ******* *** **** ***** ************ *********** **** *** **** about *** ******* ***** ******, **** ** **** ********** **, and *** *******.

** **** ** **** *** ** *** ********* ** *****, *** why **** ***** ********** ** ***********.

[***************]

Mirai ****** *** ** ************ ********* *** **** *************

***** ******** *** ******* ********** ** ****** ** ***** ****** scenario. *** ***** ** ** *** **** ** *** ************, Dahua, ******** * ************* *** ******* ** ****** ****** ** their ******* **** ** *** *** *** **** ** ******* it. *** ****** ** ** *** **** ** ********** ******* default ********* *********, ****** ** ********** **** *** ********* ** gain ****** **** **** ******* ** ******.

A **** ******** **** *** **** *** ****

***** ** * ********, ***** *** ********* ** *** **** for *** *** ********, *** ** **** *** "****" *** host *** ****** ** **********. *******, ** ****** *** ****** relatively ********** ** *** *** ****, ***** ******** ** ** operate. **** ** *** **** ** *** ****** **** ** the ******** ******** **** *** **** **** ********* ***** *****, it **** *** ****** ***** ********.

Mirai Is *** ***** ***

**** ******* **** ***** ******** ****, ****** ****:

  • ****** *********
  • ****** **** ****
  • **** ******* ****
  • ****** ******** *******/********** ** ****
  • *** ****

***** ** *** ****** ** *** *** ** **** ***********, it **** ******** ******* ** ****** ******* ******* ***** ******** sites.

***** ******** ** ***** ** *** ****** *** ****** ******* or ******, **** ** *** ***** ****** *** ********* *** outrage *** *******, ***** *** ****** ***** ******** *** **** on ******* ******* ******* ** ** *********.

Fixes **** *****

******** ********* *** ********** *** ******** *** ***** **** *** (from *** ***** ***********) ******* **** **** ** ** ******* that *** *********** ***** **** ** ***, *** **** ***** customers *** ****** ** **** ** *** ***. ****, *** Mirai ****** ** ****** ** ******** ** ***** *** ******, or **** *****, ****** ***** ** **** ***** ****** **** causes ****** ** ******** ****** ********* ** *** **.

Why *** ****** ****

******** ******* ****** **** ****** *** ******** ***** **** *** installed, *** *** ************** *** ******* ******** (** ******) ** risk. ** ** ******** *** **** ** ****** ******* ******, and *** *** ****** ** ********* *****. **** *** **** ******** in *** **** **** ******* ******'* **** ******* ******** ** the ********, *** *** *****-******* ****** ******* ** ***** ** setting *** ******* *** **** ******* **********. ********* ******* ********** shutdown ** ***** *** ******* ***** ******** ****** ** ******** may ***** ***** *********** *** ********** * "******" ******.

Vote - ** *** ****?

Comments (18)

Undisclosed Integrator #1

10/05/16 02:22pm

** **** ********* ***** ********** *************** ** *** ****** ******* the ******* ** ***** **** ** ********** ******** **** ***** to **** ****. *** ***** ** ****** **** ****, ***#*, personal ***********, *** ***** ***** **** **** ******* ** *** past *** *****.

*** *** **** ** **** **** **** *** ***** *** radar *** ****** ********. ***** *****'* ** ******* *******, *** (or ** ***) **** ****** *** ****** ** ******* *** one.

* ****** ** ******** ** *** ****** ****** **:

*. **** *** **** ***** ** ******* ** ****** ********?

*. **** *** ****** ******** ***** ***** *** ** ********?

Undisclosed Integrator #2

10/05/16 02:36pm

*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ***********? *** ************ *** ******* new ******** *** **** *****'* ******** *** *** ***** ***** it's **** *********. *** *** ********** ** ***** * *** of ***** ** **** * ***** ** *** ***** *** upgrade *** ********.

***** *** *** ***** ******* *** ** ***** ** **** for ************* ** ***** ******** *** **** *** ***** ******* to ******** *** ********* ******* ** **** **** **** ** integrator ***** ********** ******* *******.

Robert Shih

SavvyTech Security | In reply to Undisclosed Integrator #2 | 10/05/16 03:09pm

********, ******** ****** ******* *** **** ****** * ***** *** set ** ******** *****. ******* ***** **** ** ****** **** mechanism. ** ******* **** *** ******, ****'* *** ***** ********** then.

Undisclosed Integrator #2

In reply to Robert Shih | 10/05/16 04:13pm

**** ***** ** ****, *** ** **** ********* ** ****** for ****** ******** ****** ***** *** ** **** ****** **** term. ***** ***** **** ****** ******, *** ** **** ** the ***** *** ******* **** *** ****** ******* ****** *********** back ** *** ************ *******.

** ****** **** *** ** ** *********** ******** *** *********** to ****** *** ********* ** ************* ***** **** **** ***** with **.

** *** ************* ***'* **** *** ********* ** ** ****, then **** ****** **** **** ***** ***** ******** ******* ** create * ********.

*** **** ** ******** ******** ******** ** ******** ******* ** with ******** ****** **** *****'* **** ***** **** ****.

Robert Shih

SavvyTech Security | In reply to Undisclosed Integrator #2 | 10/05/16 04:39pm

***** **** *** ******* *** **** ***** ********, ******* ****'** had ******** ********* ***** ******** ******* ***** ****** ** ***-**** devices *** ****** ******** *******, **** ***'* **** **** ** with **** ****** ** ***** ** **.

***** ******* ** *** ** ****** *** ********; ************, **** could ****** ******* **** * ********* ********* ** *** *** point.

******* ** ***, ** *** ******** **** *** ***, *** in *** **** *****, ***** ** ** **** ******** **** can *** ********** *** ***** ******* **** ***** *** ***. I **** *** **** ** ****-******, ********* ****** *********** *** camera ********, *** * ***** *** **** ** *** ********* updates ****** **** ** ****** ************.

* ******** **** ****** **** ****** *** * ******* ********** sponsored ******* (******* ********* *******) ** *** **** ** * backdoor ** ********* *** ********* ** * *********** *****. ** any ******* ***** ******** ****** ****** **** *** ****, ********* will ********* *** **** ** ***** ********* *** ****** *** trend, ********** **** ** ** ** ********* *** *******.

** **** ******* * **.

Undisclosed Integrator #1

In reply to Robert Shih | 10/05/16 10:25pm

* *** *** **** ***** ** **** *******. ** ****** comes **** ** *** ********* *** *** ** *** ************ being **** ** ******** **** *******.

************ ****** ***** *********** ***** ****** *** ** *** ******* ** *** ******** pushes ***** *** ** * **** ****. ** ***** **** point * ***** **** **** ** *** * ***** ****. Brian ***** ****** *** ***** ** **** ****** **** ******* signing ***** **** ******* ****. ** ******* ** ******* **** would **** ****** **** ** ** *** ************ ******* *** update?

******* ******* ** ********** ****** ******* **** ******* * *** ** ******* ******* ** ****** **** ******* ********** ****** ***** ** startup.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 10/05/16 11:05pm

******* ******* ******* (** **** ********) **** *** ******** ********** from *** ************, *** *** *** **** ******** **** ** altered. ** **** *** ******* ** ***** ***** *** ******** is ********* ******** ** *** ************ (****** ************ ** ************). In *******, *** **** ** **** ******** ***** ** *** manufacturer *****.

Thumbnail brk1

Brian Karas

IPVM | In reply to Robert Shih | 10/05/16 05:03pm

*** *** ** ******** **** ** **** ******/********* ********, ***** is ** ******** **** *** **** ****** *** ***** * while (****** *** **** ****** ** ******** *******).

Robert Shih

SavvyTech Security | In reply to Brian Karas | 10/05/16 06:15pm

***** *** **** **** ** *** **** ** **** ****** if ** *** *** ***** ** **, *** *** ******** holds ****. ** ****** *** **** ** *** ** ****** this, ***** *** ***** *** ***** **** *** **** ********* of **** ** *** ******* ****** ****** ***** ****** *************.

*** ** ******, *'** *********, ******* ********** + *********.

Andrew Hogendijk

In reply to Robert Shih | 10/18/16 12:56am

*** ***** ** ***** ** ******* ** *** **** ** security, **** *** ****-***** *** ***** ******. ***** ** **** source ** **** ******** **** ********** *** ********* ******* (*** the **) **** ******** **** ** *** *******, *** **** not ******** ** **** ***** ** ***** *** ***** ** a ***** ******** ******** ** *** ************* ********.

*** *******, ********* *** ******** ***** ** *** ********* ** computer. *** *** *** ******** ***** ************ *** **** **** on ** ** *** *** *********** **** **** **** ** thing, ***, *** **** ** *** **** ********* ***, *** cannot **** *** ** **** ******* * ******** ****** **** provided ** *** ** *** **** *************. ** ***** *** OS ***** ** **** ******, *** *** ***** **** **** is ** **** ****** **** - **** ******** **** ** actually *******? **** ** **** * ********? *** ** **** tell? **** ***** * '*******' ******* **** ********* ****** ********?

** ***** *** ****** *** ***** ** **** **** * hardware ***** ** **** - *** ********** ** *** *** features, *** **** *** ****** ******** **** **** ***** *** particular ****** ****. ****** *** *** ***** *** ************ *** are ******* ***** *** ***** ** ** *** ****** ****.

** ** ** **** ** ******** ***** ******* *** ******* both **-**-**** *** *********** ******* ******** ************** ******** * *******-**-***** approach. **** ** *** ********* **** *** ********** ******** ******** has ********* ******* ** *** ** ******** *** ** * separate *** *********** ********. ***** ** ** '*****-***' ** ****** bullet ** ****** **** *************.

*** **** ***** *** * *** ***** ** ** ****** an ** ***** ****** ****** ** ** **** ** ********* entirely **** *** ******** *** ******** ****. *** **** ****** it ** ** ** ******** ** **** ***.

** ** *** *** *** ******* ** ****** **** **** firmware *****. *** * ***** ***** ********** *******, ****** ******* and **** **********. **** *** ****** ** ******** - *** far ** *** ** ** ********** ******** ****?

Undisclosed #3

In reply to Andrew Hogendijk | 10/18/16 01:03am

...*** *** ***** **** ***** **** ****** ****...

*** ******* * *** ** ******.

*******:*** ********* *************

Andrew Hogendijk

In reply to Undisclosed #3 | 10/18/16 01:44am

*******! ** **** ***** *** ***** ** ******** *** ********* and ** ****** ** ***** *** ******* *********** *********.

Undisclosed Integrator #1

In reply to Undisclosed Integrator #2 | 10/05/16 10:16pm

"*** ****** ** *********** *** ****** *** ***** *****? *** customer, *** **********, ** *** ************?"

**** ** *** **** ********. ***** ***, *** ****** ***** to ** "******". **'* **** ** *** ***, ***** *** points **** ***** ** ****** **** **** ****.

** ** **********: * **** *** ************ ****** ****** ****** in ******* *** ******** ** ***** ********. ******* ****, **** should ****** ** ***** ********** *** *** ** **** ** fix **.

** ** ************: ** ***'* ***** ***** ******** ****. *** integrator ****** ****** ***** ******* ** ******* ******** ********** **** creating ** ****** ******. ** *** **** ** ** *** part.

** ** *** ****: *** ****'* *** ********** ********* * purchase * ********* ******* **** **** ******** ********? *** *** I *** ***** * **** *********** ** *** ********** ** lieu ** ******* ********** ******* ***** *?

Thumbnail images

Marco Sanchez

10/05/16 04:32pm

*'* ******* ** ** *** ***** *** ***** *** ***** no *** **** *** ******** **? **** *******.

Robert Shih

SavvyTech Security | In reply to Marco Sanchez | 10/05/16 06:29pm

******* ********, ******* ** ***** ********** **** ******** ******* ** all **** *** ***** *** ** ****** ********** ******, *** in *** *** **** **** ***** **** ******* ** ************* needing ******* ******** *** ******* ********** **** ***** ******** ********, the ********** **** ** **** **** ******* *** ****** ** well.

******* ********** *** ****** *** *** ** ******** *** ******** that *** *** ***** ** *** *****. ************* *** **** release **** **** *******, *** ************** ** *** ***. ********** about **** ****** ****** ** ********** ****** ********* **********. ***** took *** **** *** *** **** ***** ********* ** ******* ease ** *****, **************, *** ***. **** ***** ***** ******** were *** ****** ***** ** ***** ** ***** ********. *** the ******* *** ******* ** ***** ********* ** ********* ** all ******.

*** *******, **** ********** ***** *** **'* ***** *** ** actively ***** *** ******** ******* ** ******* *** ************ ************, but **'* *** ***** ****** ** **** ** ************* *** his ***** ******** ********. ** *****'* **** ***** ** ** anyone **** ******* *** ****. ** ***** **** *** ******* that *** ******* *** ** ** *******. *** **** **** he ****** ****** ** *** **** *** ******** ******* ** wanted **** ***** ******** ** *** ******.

*********, *** ***, **'* ******** ** ***** *** ***'* *** the *** **** **. ***** *** ******.

***, * ***** ***, *** * ***** ********** **.

Thumbnail 395fbc4

Ricardo Souza

IndigoVision Ltd | IPVMU Certified | 10/13/16 07:27pm

****, *** **** *'** **** **** * ***** **** ** Software *********** * *** ** *** ****, ******* ****** ***'* care **** ***** ******** ** ** *** ******** *********** ***** they *** *** ** * *** ********.

Undisclosed #3

In reply to Ricardo Souza | 10/14/16 03:33am

*** ** **** **** **** **** **** **** *****, ***** the ******* ***** ****** *** *** *********** ********, ** ** disaster *** *** ****** ** *** ******. *** ******* **** go **** ** **** ** ****** ******* **** ********* ****, until **** *** ****** ** *** **** **** ******.

Thumbnail inpicture gert molkens k2

Gert Molkens

IPVMU Certified | 10/14/16 05:11am

*** ***'* ** **** * ***** ********** ****** *** ** manage ********* ******'* *** ***** ******** *******? *'* ******** * system **** ** ** ****** ** **** *** ******* **** Aerohove, **** ********, *** ***

*** *** ****** ** **** ****** ********* ** ** ** it ******** ** *** **** *** ******* **'* *** ***** time ** ** **.

**** * ****** ** **** **** **** *********** ** ****** new ******** *** ** **** *************

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Importance of Sales To Integrators - Statistics on Jun 23, 2017
One of the top trends in the industry over the past few years has been the rise of across-the-board sales (e.g.: Hikvision Sales, Dahua Sale,...
45 Drives 'Lowest Cost' Enterprise Storage Company Profile on Jun 21, 2017
45 Drives claims the "lowest cost per Hard Drive Slot in the industry." But who or what is '45 Drives'? What started as a product design to...
No Hack, Still Liable, Court Finds ADT on Jun 20, 2017
Recently, ADT has been in the news for a $16 million settlement for a cyber security vulnerability class action suit. One of the most important...
VMS UI - Light vs Dark Preferences on Jun 16, 2017
Several VMS manufacturers have the ability to choose a user interface with either a light or dark color theme. 150+ integrators told us which they...
ESX 2017 Final Show Report on Jun 16, 2017
The ESX (Electronic Security Expo) day 3 / Thursday is done and the exhibits are over. IPVM was in Nashville covering it in-depth. Below covers...
Bluebeam Revu Security Floorplan Estimation App Test on Jun 15, 2017
Bluebeam Revu is a construction design markup tool that claims it is "used by 94% of top US contractors", but what role does it have for physical...
Non-Competes Divide Integrators on Jun 12, 2017
Non-competes are controversial legal agreements that prohibit parties (typically employees) from working in a similar role or trade of their...
Panoramic: Fisheye vs Multi-Imager Usage on Jun 09, 2017
Panoramic cameras are a growing trend within video surveillance. The two main options are fisheye cameras using a single imager with an ultra-wide...
RMR Integrator Importance Statistics on Jun 08, 2017
How do integrators feel about offering RMR / recurring revenue services? For many, their business revolves around RMR, while others see no...
Milestone New "+" Claims To "Conquer The Mid-Market" on Jun 07, 2017
Milestone has declared they are going to "Conquer The Mid-Market" with new "+" releases. Will they? In this report, we examine Milestone's "+"...

Most Recent Industry Reports

Importance of Sales To Integrators - Statistics on Jun 23, 2017
One of the top trends in the industry over the past few years has been the rise of across-the-board sales (e.g.: Hikvision Sales, Dahua Sale,...
Deep Learning Surveillance Startups Deep Problem on Jun 23, 2017
The undeniably good news for the video surveillance market is that we are seeing the rise of more startups than in many years. The cause of this...
Avigilon Announces RADAR-Based Presence Detector on Jun 22, 2017
RADAR is gaining momentum within physical security. Two months after Axis announced a network radar detector, Avigilon has announced a RADAR-Based...
Covert Cloud Camera Service Launching (KJB) on Jun 22, 2017
Cloud IP cameras, for consumers, has become increasingly commonplace. However, covert cameras, lag there, with few options. Now, North America's...
Manufacturers Shipping Unlicensed H.265 Products on Jun 22, 2017
While H.265 support in video surveillance is growing, IPVM's research shows that most surveillance manufacturers are shipping H.265 products with...
Uniview Low-Cost Bullet PTZ Tested on Jun 21, 2017
Uniview is offering a HD zoom bullet camera, the IPC742SR9-PZ30-32G, with an integrated pan / tilt positioner, for the price of a low-cost...
QSR Video Surveillance Best Practices on Jun 21, 2017
Fast food restaurants or QSRs (quick service restaurants), are frequent victims of crime and fraud. Because they are open late, deal with cash, and...
45 Drives 'Lowest Cost' Enterprise Storage Company Profile on Jun 21, 2017
45 Drives claims the "lowest cost per Hard Drive Slot in the industry." But who or what is '45 Drives'? What started as a product design to...
No Hack, Still Liable, Court Finds ADT on Jun 20, 2017
Recently, ADT has been in the news for a $16 million settlement for a cyber security vulnerability class action suit. One of the most important...
Resolver / PPM 2000 Incident Management Platform Profile on Jun 20, 2017
You might have seen the company whose employees wear hockey jerseys at trade shows and wondered "what do they do?" PPM 2000 has been active in...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact