Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsGadgets, robotics, home automation, electronics (including wearables)Dahua devices password in public search cache


BDFL - Memuneh
61764 posts

Uber Geek
+1 received by user: 12426

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 239407 16-Jul-2018 15:03
Send private message

As per this article: "Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine"




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
4542 posts

Uber Geek
+1 received by user: 2512

Trusted

  Reply # 2057148 16-Jul-2018 15:13
Send private message

1. Never heard of Duhua before this thread.

 

2. I'd trust all these companies plugging the Internet of Things about as much as I trust Trump.

14447 posts

Uber Geek
+1 received by user: 1898


  Reply # 2057167 16-Jul-2018 15:42
Send private message

A company I just got a quote for a security system quoted on this brand of cameras and I always understood they were good. Maybe I just won't have it connected to the internet so it only stores data locally.

 
 
 
 


27268 posts

Uber Geek
+1 received by user: 6695

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2057172 16-Jul-2018 15:51
One person supports this post
Send private message

Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.

 

While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!

 

Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.

 

 

14447 posts

Uber Geek
+1 received by user: 1898


  Reply # 2057173 16-Jul-2018 15:53
Send private message

Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like. 

neb

732 posts

Ultimate Geek
+1 received by user: 128

Lifetime subscriber

  Reply # 2057174 16-Jul-2018 15:53
Send private message

DarthKermit:

1. Never heard of Duhua before this thread.

 

They make reasonably high-end security/surveillance/DVR/NVR gear, and also OEM for huge numbers of other vendors. I've got Dahua gear and I'm quite impressed by it, so far it's been better than anything else I've worked with, great-quality video, good low-light performance, doesn't crash or lock up every few weeks (how hard can it be to create a camera system where you don't have to unplug and re-plug in the cameras every few weeks?), good motion detection, etc.

neb

732 posts

Ultimate Geek
+1 received by user: 128

Lifetime subscriber

  Reply # 2057175 16-Jul-2018 15:55
Send private message

mattwnz:

Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like. 

 

 

They don't sell to end users, what you need to do is find an OEM and buy through them. I use Amcrest, they'll ship to NZ and you pay around the USD80-100 mark for a camera that'd cost you $700 wholesale in NZ if it had the Dahua name on it.

neb

732 posts

Ultimate Geek
+1 received by user: 128

Lifetime subscriber

  Reply # 2057178 16-Jul-2018 15:57
Send private message

sbiddle:

Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.

 

 

 

 

They also don't sell to, or deal with, end users in any form. The preponderance of dodgy grey-market Dahua gear is driven by this, unfortunately, if you want the real thing (Dahua-branded Dahua gear) you need to go through either ridiculously expensive Dahua-approved resellers/installers, or source it on the grey market.

27268 posts

Uber Geek
+1 received by user: 6695

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2057234 16-Jul-2018 16:09
Send private message

neb:
sbiddle:

 

Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.

 

 

 

They also don't sell to, or deal with, end users in any form. The preponderance of dodgy grey-market Dahua gear is driven by this, unfortunately, if you want the real thing (Dahua-branded Dahua gear) you need to go through either ridiculously expensive Dahua-approved resellers/installers, or source it on the grey market.

 

This isn't really any different to the business model of most big security companies.

 

The issue is also compounded by them selling non Dahua branded OEM gear which is exactly the same product but at a cheaper price.

 

 

 

 

Amanzi
895 posts

Ultimate Geek
+1 received by user: 97

Trusted
Subscriber

  Reply # 2057235 16-Jul-2018 16:11
One person supports this post
Send private message

sbiddle:

 

Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.

 

While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!

 

Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.

 

 

 

 

With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?

neb

732 posts

Ultimate Geek
+1 received by user: 128

Lifetime subscriber

  Reply # 2057242 16-Jul-2018 16:27
Send private message

amanzi:

With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?

 

 

That would make for an interesting security product, it fires up on your phone/PC/whatever, uses UPnP on the router to turn off UPnP on the router, and then shuts down again.

27268 posts

Uber Geek
+1 received by user: 6695

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2057245 16-Jul-2018 16:44
Send private message

amanzi:

 

sbiddle:

 

Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.

 

While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!

 

Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.

 

 

 

 

With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?

 

 

Yes and no. While Dahua supports UPnP it's not enabled so won't pose a risk even if the router has it enabled.

 

 

4305 posts

Uber Geek
+1 received by user: 85

Moderator
Trusted
Lifetime subscriber

  Reply # 2057305 16-Jul-2018 20:26
Send private message

mattwnz:

 

Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like. 

 

 

For Dahua the most popular seller appears to be Andy at Empire Technology. Aliexpress and Amazon (does not ship to NZ). He supplies them unbranded, or you can wait for branded products.

27268 posts

Uber Geek
+1 received by user: 6695

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2057309 16-Jul-2018 20:42
Send private message

Andy is a great guy. If you're wanting to go down the path of buying cameras from Aliexpress he's the only person I'd recommend. Genuine English Dahua or OEM products.

 

 

6362 posts

Uber Geek
+1 received by user: 317

Trusted
Subscriber

  Reply # 2057310 16-Jul-2018 20:43
One person supports this post
Send private message

Quote,
For example, we found nearly over 15,800 Dahua devices with a password of "admin", over 14,000 with a password of "123456," and over 600 with a password of "password".

These people should not be allowed to manage a toaster.

Cyril

134 posts

Master Geek
+1 received by user: 9


  Reply # 2057346 16-Jul-2018 21:49
Send private message

sbiddle:

 

Andy is a great guy. If you're wanting to go down the path of buying cameras from Aliexpress he's the only person I'd recommend. Genuine English Dahua or OEM products.

 

 

 

 

Does he supply new firmware version if camera's purchased from him? Or a case of using some google-fu. 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.