Is this a bot or someone hacked this Dahua NVR?

karmadhi

Young grasshopper
Joined
Mar 11, 2015
Messages
36
Reaction score
9
Hello,

I found a strange thing in one of the Dahua NVRs, someone created an account and left a message there "change password". I'm wondering is this some sort of a bot, some virus, or someone figured out the ddns url and the used the default username/pass to access the system. The owner was using the default username/pass. Did this happened to anyone here?

Check the attached picture.

thank you.

 

Attachments

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Looks like someone found it..its very easy to do..they are doing you a favor by letting you know that you have to secure it...I would do a factory reset and reinstall the firmware to be sure its clean...
It is beyond me why someone would expose a device to the net without changing the password for ALL the accounts...
 

karmadhi

Young grasshopper
Joined
Mar 11, 2015
Messages
36
Reaction score
9
I talked with a friend of mine, and he said me he's seen this thing like 2-3 times and the message was exactly the same, that's why i thought maybe it's a bot. I did the reset anyway, and reflashed the firmware. And of course told him to change the default password.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
Yup, I once came across a search engine that indexes http headers and stuff like that. You would not believe how easy it is to find wide open routers in peoples homes with the default user name and password still in place. You could log into those things and change their WiFi SSIDs and passwords and blacklist their MAC addresses and change their router passwords and misconfigure their WAN settings on the way out, and do this to a dozen people an hour. And that is only the easy stuff.

Of course you'd have to be a grade A dick to do that.
 

Razer

Pulling my weight
Joined
Apr 1, 2014
Messages
322
Reaction score
162
Location
Midwest
Or you start a firmware upgrade on their router and half way through you shut off your wifi/internet connection.... Wait, never do this.
 

txcap

n3wb
Joined
Sep 22, 2014
Messages
7
Reaction score
1
I just had the same thing happen to me a couple of times. I have a QC-818 and have been having this issue for a while. I have been speaking off & on with Q-See, but they say its unlikely, but I beg to differ.

I reset the NVR to factory defaults, left only one account labeled ADMIN and changed the password to a random set of symbols, Letters (Upper & lower case) and numbers. I did notice that there is an account labeled "Default", and there is no way to change password on this account, that it is the account for the local NVR when no one is logged on (LOGGED OFF STATUS) (AS PER Q-SEE) and they say this is a normal thing..... Oooh-Kay.

I checked it this Am as I usually do for the hack and all good. Then today while looking over some video it unexpectedly resets. Wouldn't boot up for a while, then when it did I immediatly looked at the accounts and BAM!! a "SYSTEM" account and the memo "your_device_has_been_hacked_ple"

Looks like I'm looking for another brand of NVR immediately since they haven't helped!
 

stefaand

Young grasshopper
Joined
Aug 5, 2015
Messages
41
Reaction score
2
Looks like someone found it..its very easy to do..they are doing you a favor by letting you know that you have to secure it...I would do a factory reset and reinstall the firmware to be sure its clean...
It is beyond me why someone would expose a device to the net without changing the password for ALL the accounts...
Can someone please tell me how to do a factory reset of a Dahua NVR 4104-P ?
THere is nothing like a reset button....the battery cannot be removed .... ? How can I do a reset ?
 

a10hog

n3wb
Joined
Aug 2, 2015
Messages
12
Reaction score
0
hm.. I was going to buy a q-see.. but i guess I shouldn't now??
 

CCTVJosh

n3wb
Joined
Oct 12, 2015
Messages
1
Reaction score
0
Hello,

I found a strange thing in one of the Dahua NVRs, someone created an account and left a message there "change password". I'm wondering is this some sort of a bot, some virus, or someone figured out the ddns url and the used the default username/pass to access the system. The owner was using the default username/pass. Did this happened to anyone here?

Check the attached picture.

thank you.



I work in the CCTV industry and have seen this issue a ton of times, we delete the hacked account and change the customers default admin password. Which is recommended , do not use the default admin/admin account CHANGE it Day 1 and you wont have this issue.
 

asecsa

n3wb
Joined
Feb 22, 2016
Messages
1
Reaction score
0
I work in the CCTV industry and have seen this issue a ton of times, we delete the hacked account and change the customers default admin password. Which is recommended , do not use the default admin/admin account CHANGE it Day 1 and you wont have this issue.
Hi. I have a DVR Dahua and I often pass this problem.
I deleted users "888888", "666666" and have changed pasword the user "admin".
and the problem persists. Please help
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
take your fucking cameras off the internet... Dahua's have a hardcoded ONVIF password of admin/admin and you cannot change it.

Only fools think forwarding ports to there IPCamera/NVR is a good idea.. DONT BE A FOOL! Do it right and setup a VPN.
 

klasipca

Banned
Joined
Mar 27, 2014
Messages
3,146
Reaction score
750
ONVIF password of admin/admin
I googled this and it took me to another forum discussing this issue from 2013. Are you sure they haven't fixed this backdoor in 3 years?
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
yes, camera I bought last year has ONVIF of admin/admin, and all the ones before that and I fully expect the brand new model in the mail to have it too... they dont provide firmware updates so how exactly would they have fixed it?

and its not that big of a deal unless your stupid enough to put these things on the internet.. and its not just dahua's ive been programming against the API's of alot of cameras here recently and you'd be amazed what kinda information I can get and commands I can issue without anything ever asking me for a single credential.. most cameras seem to take ANY credentials for many ONVIF commands.. and Ive accidentally stumbled on other ways in through mangled authorization headers.

Any security on any IP Camera is an illuision, they are all designed to be installed by people who dont know about networks or security.. so these are not considered backdoors by the vendors, they are features they put in place so your stupid installer and/or end user dont completely lock him self out of the hardware.. never expose these things to untrusted networks and you'll be perfectly fine..

if you cant be bothered with securing your networks and expect your cameras to provide any level of protection your in for a big surprise.. network security does not operate in such ways, it takes enforcement at the transport layer and that is something IPCameras are not capable of performing.. its the job of your firewall to keep your IPCameras and the rest of your network devices safe from the internet.. so dont poke holes in it blindly without understanding the consequences...
Want to play games on your Xbox? Fine go ahead and forward ports if you have to.. I really doubt your XBox could be used against you in the same manner that your IPCameras could (ie, knowing when to burglarize you along the locations and capabilities of all your security.) Also the thing Xbox has going for it is they actually do implement security, not to keep you safe but to prevent the console from getting hacked open and resulting in massive piracy like the DreamCast.. Ironically your Xbox/PlayStations are 100x more secure than your network cameras.

Use this test for determining if something was designed to have direct internet access: If it was configured with a default password, did the device require you to change the default password before allowing you to do anything else? If the answer was No then nobody was thinking about internet security when they made that thing... if its not secure by default, you must presume its never secure.
 
Last edited by a moderator:

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I googled this and it took me to another forum discussing this issue from 2013. Are you sure they haven't fixed this backdoor in 3 years?
Even if they did fix it, that doesn't mean anyone's camera has the fix, or that there are not other vulnerabilities.
 

hook3m

Pulling my weight
Joined
Sep 8, 2015
Messages
395
Reaction score
229
Location
USA
"Is this a bot or someone hacked this Dahua NVR?" I would hardly classify this as a "hack" but an "unauthorized access".
 
Top