Dahua Cameras hacked

hdtvjeff · 2024-09-29T10:56:38-0400

I guess this link and screen cap from web interface says it

The channel title is populated with garbage text that shows up on BI too in addition to web interface
Factory reset camera made a really secure PW and still comes back
Any solution
Mainly 6 mp and 3mp IPC cameras some not with firmware purgeable like ipc a35 ad the 4631 models

Any help deeply appreciated

I do use port forwarding on my router as I don't know how to do it any other way

I did disable channel title box but later on it comes back enable with the junk text in it

TY

Jeff

https://www.securityweek.com/vulnerability-allows-hackers-to-remotely-tamper-with-dahua-security-cameras/#:~:text=A%20vulnerability%20affecting%20Dahua%20cameras,order%20to%20exploit%20the%20vulnerability

.

bp2008 · 2024-09-29T11:24:56-0400

Most likely the camera(s) are getting hacked because one or more of them is directly accessible from the internet via port forwarding.

The good news is, because you use Blue Iris, all your remote access should be handled by Blue Iris's web server. You do not need to have any cameras port forwarded in order to do remote access. So you should do these three things:

1. In your router, delete all port forwarding rules where the target is one of your cameras.
2. In your router, find the UPnP feature and turn it off (this is an automatic port forwarding feature which cameras try to use). Depending on the router it may then be a good idea to reboot the router in case the router is buggy and does not clear the appropriate states right away when turning off UPnP.
3. Once #1 and #2 are done, factory reset all cameras once again.

Most likely whatever was done to the cameras is not sophisticated enough to survive through a factory reset. But as an extra precaution, you could take steps to prevent the cameras from having internet access. That would require more education but there are guides on this forum for how to accomplish it via the use of a second network adapter in the Blue Iris machine. That is one of the most foolproof methods to prevent cameras from being hacked and furthermore to prevent them from accomplishing their malicious deeds if they do happen to have persistent malware on them.

hdtvjeff · 2024-09-29T11:32:09-0400

bp2008 said:
Most likely the camera(s) are getting hacked because one or more of them is directly accessible from the internet via port forwarding.

The good news is, because you use Blue Iris, all your remote access should be handled by Blue Iris's web server. You do not need to have any cameras port forwarded in order to do remote access. So you should do these three things:

1. In your router, delete all port forwarding rules where the target is one of your cameras.
2. In your router, find the UPnP feature and turn it off (this is an automatic port forwarding feature which cameras try to use). Depending on the router it may then be a good idea to reboot the router in case the router is buggy and does not clear the appropriate states right away when turning off UPnP.
3. Once #1 and #2 are done, factory reset all cameras once again.

Most likely whatever was done to the cameras is not sophisticated enough to survive through a factory reset. But as an extra precaution, you could take steps to prevent the cameras from having internet access. That would require more education but there are guides on this forum for how to accomplish it via the use of a second network adapter in the Blue Iris machine. That is one of the most foolproof methods to prevent cameras from being hacked and furthermore to prevent them from accomplishing their malicious deeds if they do happen to have persistent malware on them.

I think I am so misinformed it's pathetic

I have used port forwarding alone with local PC with PC not on.

I think you are alluding to letting BI being always on doing the work

BI has for each camera its WAN address and ports used on router

I was always afraid that without port forwarding and BI using LAN ips I wouldn't be able to view cameras at a different location running BI or on my smartphone

I hope this makes sense and thank you

Newer 8mp cameras were not affected only international variants like the 4631 and ipc a35

jeff

bp2008 · 2024-09-29T11:51:00-0400

Yes, Blue Iris is meant to be run 24/7 and provide all of the remote access to the cameras through itself.

Oh, so Blue Iris is not on-site with all the cameras? That does complicate things. The optimal solution in that case is probably to use site-to-site VPNs for remote access to the cameras (instead of port forwarding). That is not usually easy to set up though. Having all Ubiquiti Unifi routers would make it easier as you could use the "Site Magic" VPN feature to link them together without really needing to know how to configure a VPN.

Otherwise if your routers port forwarding features allow you to specify a source IP address or IP range in the port forwarding rules, you could use that to make sure the entire internet is not allowed to use your port forwards to access the cameras. That capability is often not available in ISP-provided routers.

hdtvjeff · 2024-09-29T11:56:14-0400

bp2008 said:
Yes, Blue Iris is meant to be run 24/7 and provide all of the remote access to the cameras through itself.

Oh, so Blue Iris is not on-site with all the cameras? That does complicate things. The optimal solution in that case is probably to use site-to-site VPNs for remote access to the cameras (instead of port forwarding). That is not usually easy to set up though. Having all Ubiquiti Unifi routers would make it easier as you could use the "Site Magic" VPN feature to link them together without really needing to know how to configure a VPN.

Otherwise if your routers port forwarding features allow you to specify a source IP address or IP range in the port forwarding rules, you could use that to make sure the entire internet is not allowed to use your port forwards to access the cameras. That capability is often not available in ISP-provided routers.

Netgear nighthawk router not ISP provided

I have BI on site when my PC is on. Just don't have the skillset to enable the cameras by lan or make them viewable elsewhere

Again thanks, might just chuck the cams with 7 year old firmware and replace with dahu new ones with 2024 software, would that solve issue?

bigredfish · 2024-09-29T12:50:43-0400

looney2ns · 2024-09-29T16:07:25-0400

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

hdtvjeff · 2024-09-29T18:23:54-0400

looney2ns said:
How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

Thank you, 3 physical locations one one location attacked

Now to learn an entirely new skillset

Again, thanks

flynreelow · 2024-09-29T22:58:28-0400

port fwd in 2024

damn, what a time to be alive

hdtvjeff · 2024-09-29T23:01:18-0400

flynreelow said:
port fwd in 2024

damn, what a time to be alive

Actually I disable upnp in the router and reported to other ports.
I don't have the skillset to do what is advised but I bought time

tangent · 2024-09-29T23:38:56-0400

hdtvjeff said:
I have BI on site when my PC is on.

You really need to pick up a cheap refurbished desktop that can be on all the time and record your cameras. Aim for an 8th gen intel core i5 or newer.

looktall · 2024-09-29T23:53:35-0400

hdtvjeff said:
I don't have the skillset to do what is advised

You could do as suggested below, but it will come at some expense.

bp2008 said:
Having all Ubiquiti Unifi routers would make it easier as you could use the "Site Magic" VPN feature to link them together without really needing to know how to configure a VPN.

Search

Dahua Cameras hacked

hdtvjeff

Getting the hang of it

Attachments

bp2008

hdtvjeff

Getting the hang of it

bp2008

hdtvjeff

Getting the hang of it

bigredfish

Known around here

looney2ns

hdtvjeff

Getting the hang of it

flynreelow

Known around here

hdtvjeff

Getting the hang of it

tangent

looktall

Getting comfortable