Dahua Backdoor Uncovered

Arjun · Mar 12, 2017

A lot of networking equipment companies (i.e. TrendNet and D-Link) were in trouble by the FTC several years due to security vulnerabilities because these companies failed to promptly issue the necessary firmware updates to patch the holes.

Good thing is that Netgear recently identified its own set of security vulnerabilities and promptly issued patches over the last couple of months.

If it wasn't for DIY'ers and Cyber Security specialists it'd be hard to convey the message, leaving multiple devices exposed, lol

TL1096r · Mar 13, 2017

Are any of these companies on hackerone?

nbstl68 · Mar 13, 2017

Think this backdoor will be found to be on all their devices even the newer ones discussed here like the 5321 turret? I do not see new firmware for that yet but I guess that does not mean the issue does not exist. I'm not a programmer or hacker so is there an easy way to confirm the issue exists on any of one's own cameras if not listed?

hmjgriffon · Mar 13, 2017

nbstl68 said:
Think this backdoor will be found to be on all their devices even the newer ones discussed here like the 5321 turret? I do not see new firmware for that yet but I guess that does not mean the issue does not exist. I'm not a programmer or hacker so is there an easy way to confirm the issue exists on any of one's own cameras if not listed?

look on the router/firewall for the camera's IP making connections to remote IP addresses.

TL1096r · Mar 13, 2017

hmjgriffon said:
look on the router/firewall for the camera's IP making connections to remote IP addresses.

This is what I found on mine, anything to be concerned about?

nbstl68 · Mar 13, 2017

With all these security flaws and backdoor issues and such my googling for more information has apparerntly triggered ads popping up for
"consumer firewall devices" such as these:

The CUJO Smart Firewall or the WatchGuard Firebox

A lot of these also have monthly\yearly subscription fees, (to \ for what?).
I really do not get what these would do for me vs. my computer's firewall or using a VPN, (which I have not yet had the time to figure out how to implement but am reading through some of the tutorial threads here.)

Are these devices something that takes care of all of this in one solution or is this a totally different issue?

hmjgriffon · Mar 13, 2017

nbstl68 said:
With all these security flaws and backdoor issues and such my googling for more information has apparerntly triggered ads popping up for
"consumer firewall devices" such as these:

The CUJO Smart Firewall or the WatchGuard Firebox

A lot of these also have monthly\yearly subscription fees, (to \ for what?).
I really do not get what these would do for me vs. my computer's firewall or using a VPN, (which I have not yet had the time to figure out how to implement but am reading through some of the tutorial threads here.)

Are these devices something that takes care of all of this in one solution or is this a totally different issue?

They are a ripoff to take your money lol

nbstl68 · Mar 13, 2017

Guess that's all the "technical data" I need to know on those!
Thanks

EMPIRETECANDY · Mar 15, 2017

Tomorrow should have some news, for those models any guys bought on the list(11 models), I can help you for the firmware updating. Dahua pull all device stock back, i think more models effected than they listed.

nbstl68 · Mar 15, 2017

Wish I knew how to hack so I could test my own cameras before Dahua and other mfgs finally figure out and then get around to telling us which ones are affected before they get hacked and used for a DOS or something.
...Or I could get around to learning how to do the VPN thing I guess....but having (white hat) hacking skills would be cool.

hmjgriffon · Mar 15, 2017

nbstl68 said:
Wish I knew how to hack so I could test my own cameras before Dahua and other mfgs finally figure out and then get around to telling us which ones are affected before they get hacked and used for a DOS or something.
...Or I could get around to learning how to do the VPN thing I guess....but having (white hat) hacking skills would be cool.

your home router may already have vpn built in then all you have to do is pretty much turn it on.

nbstl68 · Mar 15, 2017

I think it may...So if I just have to turn it on, that would cut off communication to my BI phone app to view then, right? I need to find some instruction on hoe to connect remotely to the cams via my app or web site with the VPN turned on.
I thought I needed another VPN app on the phone.

I've gone through the VPN for Noobs thread but it seems it has gone beyond noob discussion IMO before getting to the simple how-tos.
Of course, I know how Google works so I really just need to explore more on my own and figure it out.

japjoe7 · Mar 15, 2017

nbstl68 said:
I think it may...So if I just have to turn it on, that would cut off communication to my BI phone app to view then, right? I need to find some instruction on hoe to connect remotely to the cams via my app or web site with the VPN turned on.
I thought I needed another VPN app on the phone.

I've gone through the VPN for Noobs thread but it seems it has gone beyond noob discussion IMO before getting to the simple how-tos.
Of course, I know how Google works so I really just need to explore more on my own and figure it out.

Best thing would be to Google the shit out of it and watch a bunch of videos on youtube. Nayr does a great job on that VPN for noobs thread but for more simple understanding and how to set it up do the Google/youtube thing.

For an example I user my Asus router as a VPN and the VPN through my iPhone.

Arjun · Mar 15, 2017

It's pretty straightforward depending on the router connected to your gateway. I was able to configure it last night.
Now I want to configure VLAN as well once the switches arrive.

japjoe7 said:
Best thing would be to Google the shit out of it and watch a bunch of videos on youtube. Nayr does a great job on that VPN for noobs thread but for more simple understanding and how to set it up do the Google/youtube thing.

For an example I user my Asus router as a VPN and the VPN through my iPhone.

TL1096r · Mar 15, 2017

nbstl68 said:
Wish I knew how to hack so I could test my own cameras before Dahua and other mfgs finally figure out and then get around to telling us which ones are affected before they get hacked and used for a DOS or something.
...Or I could get around to learning how to do the VPN thing I guess....but having (white hat) hacking skills would be cool.

Same here, would be best to be able to troubleshoot a problem for ourselves.

Same with VPN, they do a great job explaining but you have to use google/youtube to find a lot of information.

When I installed my Reolink it was sending information to China it seemed, I turned off some settings and I have not seen the IP popup any longer.

I wonder if Dahua has a backdoor how many others have it but not yet discovered? I feel reolink would have this issue.

I know nayr is all protected from one of his post but wondering if he can look into his models and if he can find out any issues.

nayr · Mar 15, 2017

one must always assume there are security issues and plan accordingly.

TL1096r · Mar 15, 2017

nayr said:
one must always assume there are security issues and plan accordingly.

Exactly, it is the same reason why I have insurance. I just wish there was a better way to create this security. Besides the VPN what else can you do on your home network to avoid this backdoor issue? When I first installed reolink it was sending info to China and a US IP? I turned off UPnP and UID and it seemed to stop doing this.

hmjgriffon · Mar 15, 2017

TL1096r said:
Exactly, it is the same reason why I have insurance. I just wish there was a better way to create this security. Besides the VPN what else can you do on your home network to avoid this backdoor issue? When I first installed reolink it was sending info to China and a US IP? I turned off UPnP and UID and it seemed to stop doing this.

firewall rules to block all traffic from the camera's IP in or out of the network. Then it don't matter what it tries to do.

TL1096r · Mar 15, 2017

hmjgriffon said:
firewall rules to block all traffic from the camera's IP in or out of the network. Then it don't matter what it tries to do.

Yes, what firewall are you using? Can this be done through router?

I did change rules but still see IP going out to China/US and Italy. only 20KB but who knows what that information holds.

nayr · Mar 15, 2017

im using a Ubiquiti Edgerouter, yes you want to do it on your router.

Search

Dahua Backdoor Uncovered

Arjun

Known around here

TL1096r

nbstl68

Getting comfortable

hmjgriffon

Known around here

TL1096r

nbstl68

Getting comfortable

hmjgriffon

Known around here

nbstl68

Getting comfortable

EMPIRETECANDY

IPCT Vendor

nbstl68

Getting comfortable

hmjgriffon

Known around here

nbstl68

Getting comfortable

japjoe7

Getting the hang of it

Arjun

Known around here

TL1096r

nayr

TL1096r

hmjgriffon

Known around here

TL1096r

nayr