So is there really a back door on these cameras?
Limiting my response to personal experience with a couple of Dahua VTOs and one Dahua VTH. I studied the traffic from these recently purchased Dahua devices. No evidence of foul play whatsoever BUT I did notice that they implement proprietary signaling using the ARP protocol. This was unexpected.
These Dahua
doorbell cameras encode proprietary source MAC addresses and target IP addresses into a frame that only other Dahua doorbell cameras would be able to handle. It could be that standards include a new behavior that I don't understand. Don't believe so.
This demonstrates that Dahua uses standard ARP queries in a non-standard way. There are lots of legitimate proprietary reasons to do this. We've all experienced how horrible it is sometimes to configure new devices in a network. I don't care, nor will I investigate further. To me this continues to demonstrate that the IP protocol suite is not secure, or course, and that Dahua doorbell cameras ought to be installed into a tightly controlled home network … like every other device.
If enterprise security detects these non-standard ARP conditions it could be a reason to kick these manufacturers off the network.