Dahua Backdoor Uncovered

Roman said:
And I think you are "underestimating" this too much! I do not want my IP cams to be network devices across the net to distribute malware to me or anyone else or to have some peeping in on my cams!
Click to expand...

And all that is accomplished if you dont put your cameras on the internet and opt to use a secure VPN connection for remote access.. this is standard operating procedure; these things have never and will never be safe for direct exposure to the internet
 
  • Like
Reactions: Solar Deity
nayr said:
And all that is accomplished if you dont put your cameras on the internet and opt to use a secure VPN connection for remote access.. this is standard operating procedure; these things have never and will never be safe for direct exposure to the internet
Click to expand...

Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
 
Roman said:
Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
Click to expand...

there are different things you can do, I am currently blocking the cameras from talking to anything off the lan except for the interface they connect to on the firewall for NTP, DHCP, DNS, etc.

Block cameras talking to anything:
block drop in log on re0 from <ip_cams> to any

Allow cameras to hit the lan gateway interface:
pass in on re0 inet from <ip_cams> to 10.0.0.1 flags S/SA

just find similar in your device. :)
 
Roman said:
Trying to....learning as I go...not proficient in linux scripting and iptables and editors, etc.
Click to expand...
Roman said:
Yep, understand what your saying...although I fully understand that a VPN connection is a must and not to forward ports, use upnp, cloud crap, or anything else. What I am getting at is that even with all this done (VPN setup etc) that only blocks incoming connections to your cams not outgoing. So say you buy a "shady" cam from ali or ebay or somewhere else (which a lot of folks do) and the crappy firmware they put on the cam contains some kind of hidden menu or whatever else that can still make a connection outbound (out of your network) and connect back to a Chinese dude sitting behind a keyboard...that's what I have a concern about and really what I was getting at with all my posts. This is something I noticed last night looking at my connection logs on my router and now I need to take further action and attempt to block this via rules in my FW.
Click to expand...

Well said, same thing I am trying to convey. I am not concerned about the VPN/P2P right now, I'm more concerned about what this IP camera is sending out through firmware/software I am using.

I am using reolink right now and I am seeing this camera communicating with odd IPs in China... I have no way to block just an IP, if I block the software totally I cannot view the camera, it is has been a pain to try to setup BI so I quit trying with reolink and just use their software.

My router has no option to view connections or outbound/inbound, it is all done through my ISP, I can port-forward to setup a vpn but that is it.

I caught the IPs with firewall software but it does not allow to block just one IP, it can only block the entire software but then I cannot view the cameras.
 
Roman said:
And I think you are "underestimating" this too much! I do not want my IP cams to be network devices across the net to distribute malware to me or anyone else or to have some peeping in on my cams!
Click to expand...
You don't understand if it's on the net it will always have a risk .. if your that paranoid just unhook the cable from your house.. you think hackers can't get pass a firewall? It's just like your house,you can buy the worlds best locks, best security cameras, but if someone really wants in they will get in.
 
Most modern modem and router are pretty secured these days from outside attacks.

So hackers try to exploit a hole in firmware or trick customers to open/install a program such as "latest firmware" to install back door on their hardware to establish a connection to it.

A well written back door when once establish a connection can bypass most firewall, vpn etc.

If you don't want camera expose to network then put it on a local network that is isolated and not connected to internet. Also don't always grab whatever firmware you find on the net unless you know that the firmware is from a trusted source.

As for the back door left behind by firmware developers, nothing we can do about those until it get discovered by someone or the developers remembers about it and release a patch or update inmmediatiy to remedy their mistake.

It same with us buying everyday products, we never know if the foods we put in our mouth will be safe or there will be a recall on it because it was making other sick. There no real way to be sure until it is discovered.
 
  • Like
Reactions: Camit
TechBill said:
Most modern modem and router are pretty secured these days from outside attacks.

So hackers try to exploit a hole in firmware or trick customers to open/install a program such as "latest firmware" to install back door on their hardware to establish a connection to it.

A well written back door when once establish a connection can bypass most firewall, vpn etc.

If you don't want camera expose to network then put it on a local network that is isolated and not connected to internet. Also don't always grab whatever firmware you find on the net unless you know that the firmware is from a trusted source.

As for the back door left behind by firmware developers, nothing we can do about those until it get discovered by someone or the developers remembers about it and release a patch or update inmmediatiy to remedy their mistake.

It same with us buying everyday products, we never know if the foods we put in our mouth will be safe or there will be a recall on it because it was making other sick. There no real way to be sure until it is discovered.
Click to expand...

Explained perfectly ...
 
Great thread, but is there a way we can get a thread together to make a DIY/posts with suggestions how to secure your camera / block / search for IPs that could be sending information out from your camera?

It will go a long way as there are more newbies than experts.

My main concern is how to block and secure my IP camera on the home network due to my firewall picking up China IPs communicating with the reolink software, I cannot seem to block it without shutting down the software.
 
  • Like
Reactions: Arjun
TL1096r said:
Great thread, but is there a way we can get a thread together to make a DIY/posts with suggestions how to secure your camera / block / search for IPs that could be sending information out from your camera?

It will go a long way as there are more newbies than experts.

My main concern is how to block and secure my IP camera on the home network due to my firewall picking up China IPs communicating with the reolink software, I cannot seem to block it without shutting down the software.
Click to expand...


Simplest way to block cameras from communicating to outside network is to get a NVR with built in switch ports and connect all the cameras to it.

Some NVR offer a feature allowing outside network to access the cameras, just don't enable it or toggle it on.

The cameras should be completely blocked off unless someone was foolish enough to upload a untrusted firmware into their NVR
 
  • Like
Reactions: Hound Dog 911, Arjun and hmjgriffon
TechBill said:
Simplest way to block cameras from communicating to outside network is to get a NVR with built in switch ports and connect all the cameras to it.

Some NVR offer a feature allowing outside network to access the cameras, just don't enable it or toggle it on.

The cameras should be completely blocked off unless someone was foolish enough to upload a untrusted firmware into their NVR
Click to expand...

I'm using the reolink NVR... the issue is the software I have on my computers to view camera are communicating with the China IP, 20KB randomly, not always when it is loaded.
 
  • Like
Reactions: Arjun
TL1096r said:
I'm using the reolink NVR... the issue is the software I have on my computers to view camera are communicating with the China IP, 20KB randomly, not always when it is loaded.
Click to expand...

Log it using a packet sniffer and if it not encrypted, you may discover something from it
 
  • Like
Reactions: Arjun
You must log in or register to reply here.
Top Bottom