Hackers Add Backdoor To CCTV Security Pros / Dahua SmartPSS
Hackers have inserted a backdoor into downloads of Dahua's SmartPSS from OEM / relabeller's "CCTV Security Pros" website, allowing attackers full control of compromised computers.
In this report, we examine:
- Details of the backdoor
- The affected OEM and their feedback
- Details on the hacking group
- Potential for impact in surveillance
- Small OEM cybersecurity threats
Backdoor *******
*** ******** *** ************* ** ********, ** ********** ******** ********, ** a **** **** ******. ******* ********** downloads ** *****'* ******** **** ** OEM's *******, ******** *** ******** ********** with ********* ************* ********** ******* ***** ******** ****** installation ** * ******** (***** "*********").
********* **** *** **********, ****** *** remote ***********, *** **** *************, ****** PowerShell ******** ** ** ********, *** without **** *********. ******** ******** ********* using **** ******** ** ******* *** on * ****** *******, ****** **** full ******* *** ****-**** ******* ** user **********.
******** **** **** *** ****** ***** contacted **** ******* ******, *** ****** should ****** ** ***** *******.
Background **** ******** ****
**** ******** **** **************************.*********** *** ** * ********** ** NJ:
******** ****** ********:
******* *** ***** *** *** **** commonly ******** ******** ** **************** **** 3 ****** ******* *** ~**,*** ****** shipped ** ****, ** ****:
CCTV ******** **** ******* ******
***** *** ******** ****** **** *** name *** ******* ***** ****** *** Trojanized ******** ********, *** ****** * screenshot:
*** ** ********** **** **** **** matches *** ******** ****** ******** ****' ********* ****(* ********** ***) *** ******* *** ** *** company *** *******, *** ********* (*** comments, *****). **** ******** **** ** currently ******* ** *** ***** ******* was ***********.
DarkSide ********** *********
*** ******* *** *** ** *** DarkSide ********** *****'* ***** ***** **********, which ******** ****** ** *******. ******** is **** ***** *** ***** ********** ** *** ******* **' ******** Pipeline. ** ***, ***** **** **** no ******* ** ******* ********* ****** from ******* ** *** ******** ********.
Likely *** ********** / *********** ****** *** *******
**** ******** ******** ** ****** *** widespread. **** ******** **** ** *** well-known, **** ***** ***** ***** ****, so ** ** ******** **** * large ****** ** ***** ********** *** Trojanized **** ***** ** *** *********.
************, **** ******** **** ******* **** is *** * *** *** *** searches *** ********, ********* ** *** second ** ***** **** ** ****** results, ****** ** ******** **** ***** would **** **** ** ****** ******* for ********, *.*., ********* "******** ********" or ****** "********."
CCTV ******** **** ********
******** *** ** **** ******** **** for *******, ** ******** ** ** the ***** **** *** ***** ** this ************* (******* ******** ** ******* that **** *** ******* *** ** them) *** **** **** *** ******* the ******** ******** *** ******** **** new.
** * ********* ****** ** ******** cameras *** ******* *** ********* ******** and ******* ** * ******* *******. As **** ** ** *** **** report ** *********** **** ****** *** removed *** ****. ** ** **:**** 6/17/2021 *** **** *** **** ******** with * ********** *** *********.
***** ** **** **** ***** ** notify ** *** ******* ******** *********, they *********:
*** **** * *** ******* ** our ******** ** ********* ** **** report **** ** *** *********. ******* our ********* ******* **** ****** ** our ********.
*******, ***** ** **** *** *** idea *** *** ****** ******** *** hackers **** **** ** ****** *** compromised *******, **** *********:
*** ******** ***** *** ******** ** us ******** **** *** ************* ** the ********* ** ****. **********, ** will ** ************* *** *** **** was *********** *** **** *** ********* actions.
**** ******** **** ******** ** ******* further ******* ***** **** ********.
Old *** ******* / ********** ****** ** ****** *****
******** **** *** ***** "******** *****" are ******** ******** **** *** ************, at *** **** ********'* ****** *** released, **** ******** **** *** ******* their ********* ** ******* ******** ***** ** ******** **** ******* (V2.002.0000007.0.R.181023). ** ********, ***** ***** ***** downloads ** ***** *** ********, *** the***** ****.
Dahua ********
*****'* ******** *** *** ******* **** details ******** ** **** ****, *** reiterated ***** ******* ************* ******:
*. ** ********** *******’* **** ** exposing **** ***. ******** ******** ** this **** ***** ** ********* **** in *** ********* *** *** *************.*. Dahua *** ** ********* ******* *** set ** ********* *** *********** *** dealing **** ***************. *** ******** ** built ****** ************* ** ** **-***** process **** ******* ********** ******* *** improvement ** ********.*. ***** *** *********** protocols, ********** **** **** ******** ** the ********, *** ******** **** ***** newly ********** ******** ****** *** ******* for **** ** * ****** ******.*.***** takes *** ******** *********. ********** **** best ********, ** ****** ** ******* pen *******, **** **** ******** **********, and ******* ****** *********.
Small *** ************* ******
******** **** ************ ******** ************* ****** have ******* ** ***** *******, **** backdoor *********** *** ********* ****** ***** by ****** ******** ***** ****. **** of ***** ************* *** **** ***** and ***************, ******* *** **-***** ********* required ** ****** ***** ************** ******* this **** ** ******. ******* ** this, **** *** ** * ***** target *** *********, ********** *** **********-**** attacks, ***** *** ****** ** * single ****** ****** *** ****** ** potentially ***** *** **** *** ******* a ***** ********** ****.
** ***** ** ***** ** **** vulnerability ** *****'* ******** ******** **** allowed ** ** *** "**********", ***** this ****** ***** ** ******* ** almost *** ***** ******** *********.
* **** ** ***** **** **** F. ***** **** *******. ** ** not *****'* ************** ** ****** ***** party ***'* ********. ******* ***** ** impossible ****. **** **** ** ****** vector *** ******* *** * **** long ****. (** * ** *** a ***** ***, *** ** *** are ***** ********* **** ** ***** use *** ** *** *'*** **** can ** **** *********** ***.)
*** ***** **** ******** (****):
****** ******** *** ** *** "********" in ******** ** ***** **** ********* | *****
** *** *** ***** ********* ****
**'* * ******* *********** ** **** happened ********* ********* ********* **** *** OEM *** **** *****. ** *** read *** ****, ***** ** ***** being **********?
*** ***** **** ******** (****): ****** explains *** ** *** "********" ** hundreds ** ***** **** ********* | ZDNet
***, **** **** / ***** ******* with ***** ******* *** **** ******* as *** *****, ***** *** ******** is *** (** **** **** *****'* SmartPSS) ** * *** ******* ** the ******, ** ***** ******** ** Linux.
****'* **** ** *** ***** * am ****** ****. ** ** ****** easy ** **** ******** ***** ***** software *** * *** ** ****** don't ******** *** ****** ** **** they *** ***********.
'*********' *** **** **** * ****** harsh, *** **** *** ***** ** the ******* **** ******* *****/***** ****** that ***** ** ** *****. *** reality ** *** ********* ** **** CCTV ******** **** ******* ***** ** download * *********** ******* ** *****'* SmartPass ********.
*** ****** *****'* ***** *** ***** in *** ***** ******** *****, *** I ***'* *** *** ***** ***** have ********** *********/********* **** **** ** issue.
** ** ****** **** ** **** modified ***** ***** ********
******* *****/***** ****** **** ***** ** at *****
**** ******** **** ******* ***** ** download * *********** ******* ** *****'* SmartPass ********.
** **** ****, **** ******** **** is ** ********** ***** *******. **** what ** ***, *** *** ** reported ****, *** ****** ************** ** on **** ******** **** *** ***** has ********* ************** ** *** **** provide *** ********* ***** ******** ** distribute ********.
** *** *****'* *** ****** ******, they *** ********, *********:
- ***** ******** *********
- ***** *********** *************
- ***** ******** ***** ***************
- ***** *** ******** ************* ****
- ***** ****-***** *********** *************
*** **** *** ***********.
***** *** ********* ************** ** *** they ******* *** ********* ***** ******** to ********** ********.
**'* *** **********. ***** ******** **** not ***** ***** *** ***** ** control ********.
****, ***** *******, ****'* ********* ** Dahua.
**** ******** **** **************************.***** * **** ********** ** ** with * *** *********:
***** ** * *****-******* *********** **** tens ** ********* ** *********:
***** ***** **** ** * *** hours **** '**** ******** ****' ***** in * ****.
** ***** ** ** ******* ***** cybersecurity ** **** ***, ***** *** enforce ********** ***** **** **** ******** like '**** ******** ****'.
*****/********?
***** *** ******* ********** ***** **** tiny ********
** **** *** *** **** ** seriously *********** ******** ** ****** *********, sure. ***** **** **** ** **** broader ***** ***** *****'* ***** ** having ******** ***** ****.
**'* **** **** ** ****** ******* security. * ****, ** **** *** SolarWinds **** * ******* **** ******** a *** ** ***** *******. ** a ******* ** *** ** ********** can ** ****, *** *** *** know ** **** *** ******* ***'* going ** ** *** **** *****?
** *** *** * ********* **** you **** ** ** **** ****** serious ************* ** **** ********. *** is ***** ***** ** ** ****? With ** **** ********, ** **** have ** *** ** * *** department ********* ** ***** ******** ***********? Maybe **** ***** ******** ** *** to ******** ****** ********? **** **** I **** ******* **************., *** "** hey, ** ******* **** **** **** IP ******* *** **** ** ****..."
*** *** **** ******* **, *** small ********* ****** *** ** **** in *** ***** *****? "*** *** attackers *** ** *** *** **** I ****** *** ** * *** HTTP ****** *** ****** ******* ** Same **** - **** ** ***** words ****?" **** ** *** **** programmers *** *** ********** ******* *****, do *** **** ******* ** ***** who *** ***** ****** ******* ****** strong *********, ******** ********, ******* ********* and ******** *******, ***? *** *** protect **** *** ****** *****? ***** was * ********** ** *** ***** Wire *** ***** *** **** *** on *** **** **** ***** ********* generally ***'* **** *** ***** ** deal **** ********.
** **** *****'* ***********, **** *** you ***** ** **? *** * bunch ** ***** ** ** *********** that **** ********* **** ** **** partners? **'* **** ** *** ** being ********** ** ****. **'* ****** to **** **** *** *** *****.
*******, **** ********* ****** ** **** than **** *****. **** ******** **** is ********* ******** ******* **** *** an ***. *** ** *** ***-***, non-Dahua ******* *** ********* **** ** have * *** ******* *** ********* available *** ********* ** ********. ***** what? **** **** ** ** *** same ****. *** ** ***** ** a *** ******** ** * ******** engineered **** ******* *** *** ******** to **** **** *** ******* *** mess ** *** *********. (*** ***** interested, ** ** *****'* **** **** yet.) ***** ** *** ******* ***** know **** ** **** ******** * way ** ******** ***** ******? *'* not **** **** *** **** ** have * *******. **** ** *** download ****** ****** ** *** ****** website ******* ** * ******** ** our ******, ****** *** ***** ** could ****** **** ** ***** ** a ********* ********.
** *******, ******** ** ****, **** small ********** *** *** ** **, and * ****** ** *** *********.
** *** *** * ********* **** you **** ** ** **** ****** serious ************* ** **** ********. *** is ***** ***** ** ** ****?
**** *** ****** **** *****, *.*., Dahua ***** *** '*** ******** **** use ******** ***** **** ***** ******** website / *****.' * ***'* ***** it's * ****** ******* ******* *** everything.
****, *** ***** **** ** ****** every ******* ******* *** **** **** there's ** ******** ****, *** ******* that **** ***** ** *****'* ******** page (*** *** ****** * ********* above). *** **** ****, ** *** know **** **** ******** *** ******** the *********? **** ** *** ***** that **** **** **** ******** *** a **** ** * ****** ***** file?
*** *** *** **** ******** ** counter ********* ********, *.*. ***'* *** your ******* *** * ****** **** says:
** ****** "**** ****" ***** ******* customers.
*** ***** *******:
****, *** ***** **** ** ****** that ***** ******** **** *** **** your **** *****. *** **** ****, do *** **** ** ********* ***'* do ** **** **** *** ** the *** ****? **** ** **** do ** **** ** ******** *** looking? **** ** **** **** **** mama ***** **** ************ ********?
** ***** ** ****. * ******* can *** *** **** '*** ******** must *** ******** ***** **** *** official ******* / *****' *** *** penalties ** **. ******** *** ******* the **** *** **'* ***** **** it ** * **** **** ********* for ***** ******.
**, * *** **** ***'** ******. Sorry, **** *'* ** ****** **** I **** ** **** ** ** absolute **********.
*** **** ******** ***** ***** ********? 😉
* ***** **** ***. ******** **** - **** ***'* **** ** ** it. **** *** ** ********** *** their ******** ** **** **?
***** ******** **** *** ***** ***** the ***** ** ******* ********.
*** **** ************* ****** ** **** to ***** ********** ********* **** ***** subordinate **** ******* *********** ************. ****************************** *********************************. **** ************* *** ****** ** protect ***** *****.
***** ** ***/***** ***** **** ********* the ****** ** ***** **** *** involved ** ************ *** ********, *********** it, ******* **, ***. *** **** makes ** ****** *** ************* ** happen *** ** *********. * ****** that ***** ***** ******** ** ***** website *** *****'* **** **** ** other *** ********, ****** **** ** somewhat **** ******...??
** *** ****** *** ****** *** hash ** *** *****, **** ***** have ****** (** ******), ******** ***** to ****** **** *** ******** *** been *******.
** ***** ** **** **** ************* don't **** *** **** ******, *** most ****** ***'* ****** ********.
*****, **** ******** ********** ***** ********* with ******** ****** ****** ** ** with.
******* **** ****** ****** *******:
******* *** ***** *** *** **** commonly ******** ******** ** **************** **** 3 ****** ******* *** ~**,*** ****** shipped ** ****, ** ****:
* ***** **** *** ******* ***** serves **** *** ****** (*** ******** to *** ***) *** ***** ** security *** *** ******* *****. ** simply **** *** *** *** *******'* price ***** ********** ** ***** ****.
** ***** ***** ** ******* **** its ****** ****** ** ** ***** and *** *** **** ******** ** not ***** ** **** **** *** do **. *** *** ** ***** about *****’* ****** ******* **** *** Dahua’s ****** ******** ******** ****** ******** seriously.
*** *****’* **** * ****** *** wearing * ******?