Here we go again, another dahua exploit.

c hris527

Known around here
Joined
Oct 12, 2015
Messages
1,782
Reaction score
2,067
Location
NY
Its only going to get worse as time go on and researchers are peeling back the onion and finding these exploits. I can only wonder what they will find in all the smart appliances like refrigerators.
 

EMPIRETECANDY

IPCT Vendor
Joined
Nov 8, 2016
Messages
8,262
Reaction score
23,727
Location
HONGKONG
@fenderman thanks for your sharing here, for the using of dahua devices, do you have any idea for protecting the system not been hacked? Dahua right now has a team for this part, so they can release a new firmware to upgrade. So i ask dahua to make a firmware lists for the old models, if any guys want to update, i can do some support no matter where they buy, but Chinese hacked ones, i can't help~
 

EMPIRETECANDY

IPCT Vendor
Joined
Nov 8, 2016
Messages
8,262
Reaction score
23,727
Location
HONGKONG
Its only going to get worse as time go on and researchers are peeling back the onion and finding these exploits. I can only wonder what they will find in all the smart appliances like refrigerators.
so maybe the cheap models on amazon will be more dangerous???
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
From the ipvm.com report:
Dahua Response Improving

Dahua's response to this vulnerability report has been handled better than similar vulnerabilities in the past. They have been responsive to questions from IPVM for details, and have updated their Security Notification as they have progressed through evaluating the vulnerability. To their credit, this also happened fairly quickly after the vulnerability was published, as ReFirm only notified Dahua 2 days in advance of their release, unlike some disclosures where vendors are given 30-45 days advance notice of publication to prepare a response.
That's encouraging, and oddly will enhance their reputation.
Hikvision please note.
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,521
Reaction score
22,657
Location
Evansville, In. USA
It's obvious, Dahua needs to step it up big time doing Quality Control on firmware, period.
Don't break things, when fixing others for example.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
It's obvious, Dahua needs to step it up big time doing Quality Control on firmware, period.
Don't break things, when fixing others for example.
Realistically, never gonna happen to any reliable degree. Nature of the beast. The only practical response is to lock them all down to the extent that you can and not trust anything about any of these and other similar devices. Between most having a near full OS and lots of potential connectivity, they're inherently vulnerable. Just a matter of time before there's another and that just becomes more likely as things become more complex and connected.
 

cor35vet

IPCT Contributor
Joined
Jun 23, 2016
Messages
337
Reaction score
246
upgraded isn't even running on any of the newer cameras / firmware.
Has to be manually started through telnet and that is also not available on newer cams / firmware ¯\_(ツ)_/¯
I'm happy for them to fix these issues but they've made the cameras less interesting for me since they added firmware signing where you have to flash them through the bootloader ...
 

beingaware

Pulling my weight
Joined
Mar 16, 2017
Messages
217
Reaction score
179
Location
Australia
Not a surprise really considering how much they like to call home.

Placing the cameras on a another subnet/vlan, blocking that subnet from all Internet access and most other devices on the LAN is the only sure fire way to keep them secure.

VPN for remote access.

IOT have no good reason being forwarded to the Internet...
 
Top