As per this article: "Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine"
As per this article: "Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine"
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
![]() ![]() ![]() |
|
1. Never heard of Duhua before this thread.
2. I'd trust all these companies plugging the Internet of Things about as much as I trust Trump.
A company I just got a quote for a security system quoted on this brand of cameras and I always understood they were good. Maybe I just won't have it connected to the internet so it only stores data locally.
Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.
While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!
Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.
Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like.
DarthKermit:1. Never heard of Duhua before this thread.
They make reasonably high-end security/surveillance/DVR/NVR gear, and also OEM for huge numbers of other vendors. I've got Dahua gear and I'm quite impressed by it, so far it's been better than anything else I've worked with, great-quality video, good low-light performance, doesn't crash or lock up every few weeks (how hard can it be to create a camera system where you don't have to unplug and re-plug in the cameras every few weeks?), good motion detection, etc.
mattwnz:Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like.
They don't sell to end users, what you need to do is find an OEM and buy through them. I use Amcrest, they'll ship to NZ and you pay around the USD80-100 mark for a camera that'd cost you $700 wholesale in NZ if it had the Dahua name on it.
sbiddle:Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.
They also don't sell to, or deal with, end users in any form. The preponderance of dodgy grey-market Dahua gear is driven by this, unfortunately, if you want the real thing (Dahua-branded Dahua gear) you need to go through either ridiculously expensive Dahua-approved resellers/installers, or source it on the grey market.
neb:sbiddle:They also don't sell to, or deal with, end users in any form. The preponderance of dodgy grey-market Dahua gear is driven by this, unfortunately, if you want the real thing (Dahua-branded Dahua gear) you need to go through either ridiculously expensive Dahua-approved resellers/installers, or source it on the grey market.
Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.
This isn't really any different to the business model of most big security companies.
The issue is also compounded by them selling non Dahua branded OEM gear which is exactly the same product but at a cheaper price.
sbiddle:
Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.
While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!
Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.
With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?
amanzi:With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?
That would make for an interesting security product, it fires up on your phone/PC/whatever, uses UPnP on the router to turn off UPnP on the router, and then shuts down again.
amanzi:
sbiddle:
Dahua is the second largest supplier of CCTV gear in the world. Like Hikvision (#1) they've faced security issues in part because of sloppiness, and in part simply because they have so many devices in use.
While some of these exploits are very bad, they're made worse by people who continue to leave devices accessible on the internet, and those who don't understand the risks of port forwards. IMHO you should have to complete a course and sign a waiver before you're allowed to get firmware to enable port forwards in a router!
Dahua make great gear, but many of their issues in part are the huge parallel supply chains of "hacked" firmware that exist. Because they sell different products in the Chinese market as well as International markets at different price points many Aliexpress sellers (as an example) sell Chinese hardware with dodgy 3rd party firmware that allows the Chinese hardware to have English menus. This hardware has no update path and can't have official Dahua firmware loaded on it.
With regards to port forwarding -- isn't there a bigger risk with routers having UPnP enabled by default?
Yes and no. While Dahua supports UPnP it's not enabled so won't pose a risk even if the router has it enabled.
mattwnz:
Where is the best place to source them from, as consumers don't know if NZ retailers are just buying them direct from China or the like.
For Dahua the most popular seller appears to be Andy at Empire Technology. Aliexpress and Amazon (does not ship to NZ). He supplies them unbranded, or you can wait for branded products.
Andy is a great guy. If you're wanting to go down the path of buying cameras from Aliexpress he's the only person I'd recommend. Genuine English Dahua or OEM products.
sbiddle:
Andy is a great guy. If you're wanting to go down the path of buying cameras from Aliexpress he's the only person I'd recommend. Genuine English Dahua or OEM products.
Does he supply new firmware version if camera's purchased from him? Or a case of using some google-fu.
|
![]() ![]() ![]() |