I just watched the short video at and while checking my IP camera's user list I realized that the default admin user on Dahuas was really rather poorly protected, and I can't really do much about it, at least not as much as I can with other users.
We know that one half of an account is the username and the other half is the password. Then you can additionally protect accounts by editing their Restricted login (Authority) parameters and locking them to a specific IP or validity period / time range. I sometimes obfuscate the usernames by adding something like _200 at the end, to avoid dictionary attacks (for example John_200 ).
But with the default 'admin' account, you can't edit the username. It is fixed at 'admin' which every hacker will try. So essentially 50% of the account is already known. You also can't edit any Authority parameters for admin, locking it to a specific IP. You can't even disable it. I added a separate 'admin_200' account to serve as admin, but couldn't remove the default 'admin' one, nor could I make it any safer or harder to access. I kinda find it pointless to try to secure any of the other accounts when I know that hackers will by default logically only try to hack 'admin' since they know its username and they know it 100% exists since I can't change or disable it. I also can't IP block it. So if the camera is on the Internet, I can't do anything to make it more difficult for the hackers to hack this account. All I can basically do it set a really long and complex password. But still, it feels like a weak link in the whole chain.
Am I right here or did I miss something ?
We know that one half of an account is the username and the other half is the password. Then you can additionally protect accounts by editing their Restricted login (Authority) parameters and locking them to a specific IP or validity period / time range. I sometimes obfuscate the usernames by adding something like _200 at the end, to avoid dictionary attacks (for example John_200 ).
But with the default 'admin' account, you can't edit the username. It is fixed at 'admin' which every hacker will try. So essentially 50% of the account is already known. You also can't edit any Authority parameters for admin, locking it to a specific IP. You can't even disable it. I added a separate 'admin_200' account to serve as admin, but couldn't remove the default 'admin' one, nor could I make it any safer or harder to access. I kinda find it pointless to try to secure any of the other accounts when I know that hackers will by default logically only try to hack 'admin' since they know its username and they know it 100% exists since I can't change or disable it. I also can't IP block it. So if the camera is on the Internet, I can't do anything to make it more difficult for the hackers to hack this account. All I can basically do it set a really long and complex password. But still, it feels like a weak link in the whole chain.
Am I right here or did I miss something ?
