Dahua Backdoor Uncovered

[TVT73]

I would like to know how old the firmware must be for these hacks. It seems to bee rather old. Gen2 is closed for maybe more than a year, Gen3 i didn't know about it. I would like to try if it really works. At the moment i only find this one message about gen3 over md5 hashes. I need a confirmation to believe it. Has anyone here proven it?

All of you are now looking for outgoing traffic, and isn´t the ingoing one more interesting? And we should not look on Chinese only firmwares. Many ones are using them without knowing what they are doing.

 

[TVT73]

some firmware updates are found on cz ftp. Unfortunately no change log. Does someone knows more about it?
http://ftp.asm.cz/Dahua/kamerove_systemy/_Firmware/04IPC/IPC-HX5X3X-Rhea/DH/20170117/DH_IPC-HX5X3X-Rhea_Eng_P_Stream3_V2.460.0000.5.R.20170117.bin

 

[nayr]

Reduced Motion Blur; you can get firmware off dahua's international site now..

http://www1.dahuasecurity.com/download/firmware/encryption/20170314/DH_IPC-HX5X3X-Rhea_Eng_P_Stream3_V2.460.0000.5.R.20170117.pdf

 

[hmjgriffon]

Anyone know if there is an update for the SD59225U-HNI? Just curious.

 

[TVT73]

Reduced Motion Blur; you can get firmware off dahua's international site now..

http://www1.dahuasecurity.com/download/firmware/encryption/20170314/DH_IPC-HX5X3X-Rhea_Eng_P_Stream3_V2.460.0000.5.R.20170117.pdf

strange on the offical download side, I only find a pal Version with 2.460.0000.3.R
Firmware

 

[hmjgriffon]

I'll let other people be the guinea pigs.

 

[TVT73]

I had a very little hope on solving the auto focus issue, but it's still present, ugly
Firmware upgrade is no magic, and you can downgrade, so I like to play the guinea pig for you guys

 

[hmjgriffon]

I had a very little hope on solving the auto focus issue, but it's still present, ugly
Firmware upgrade is no magic, and you can downgrade, so I like to play the guinea pig for you guys

I worry more about the upgrade that bricks the camera

 

[nbstl68]

Is there an official list of Dahua cameras affected by this backdoor issue that is being actively maintained by the company or other party?
Is Andy still shut down from delivering some of the camera models?
I thouht I read in a post somewhere that a lot of his stock was being recalled and not able to send new stuff out for a while or something like that a little while back.

 

[Kitsap]

Here is the link to the Dahua US site for the list of affected models: http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php.

 

[EMPIRETECANDY]

Here is the link to the Dahua US site for the list of affected models: http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php.

The problem already sorted! Just few models have problem, now everything is back to normal. New firmware fix up this for those models.

 

[TVT73]

I worry more about the upgrade that bricks the camera

Never had a problem again with updating. Except a Chinese firmware, but this is my own fault. I also tried upgrade over SmartPSS 2.0 remote from outside my LAN without any problem. If you choose the right official firmware don't be afraid to upgrade, it's better than to have a backdoor or to be vulnerable.

 

[hmjgriffon]

Never had a problem again with updating. Except a Chinese firmware, but this is my own fault. I also tried upgrade over SmartPSS 2.0 remote from outside my LAN without any problem. If you choose the right official firmware don't be afraid to upgrade, it's better than to have a backdoor or to be vulnerable.

Yeah I still like to let a few other people go first, and my cams can't talk to anything so back doors are irrelevant lol.

 

[Zeddy]

I have a OEM'd dahua system that I support, I wish the security researcher would release his POC so I can test against my system and if vulnerable lean on the OEM for an update.

 

[hmjgriffon]

I have a OEM'd dahua system that I support, I wish the security researcher would release his POC so I can test against my system and if vulnerable lean on the OEM for an update.

for what purpose? are you forwarding ports from the internet directly to your cameras? backdoor or not, the standard best practice would make it a non issue.

The victims of this backdoor are people that don't know how to secure their cameras.

 

[nbstl68]

I thought the backdoor allowed the camera to call out \ aka phone home...so port FWD would not make a difference for that correct?
Or is the BD issue not what i'm thinking?

 

[hmjgriffon]

I thought the backdoor allowed the camera to call out \ aka phone home...so port FWD would not make a difference for that correct?
Or is the BD issue not what i'm thinking?

that's why you block the cameras from talking to the internet.

 

[nbstl68]

Can you do that and also use VPN so you can connect to them remotely?...Or is that by definition also talking to the internet?
Being able to see my cameras remotely (web or an app) is a must have.
I am not up on the whole VPN thing yet, which is why I ask what may be a dumb question there...but I'm reading up!

 

[hmjgriffon]

Can you do that and also use VPN so you can connect to them remotely?...Or is that by definition also talking to the internet?
Being able to see my cameras remotely (web or an app) is a must have.
I am not up on the whole VPN thing yet, which is why I ask what may be a dumb question there...but I'm reading up!

you block the cameras themselves, you don't block the NVR, you connect to the NVR through VPN remotely, if you get a backdoor in the NVR that's another story haha.

 

[nayr]

VPN Gives you full remote access to your NVR w/out any requirement that your NVR has internet connectivity, as long as your VPN Server does.