DAHUA RECORDERS HACKED

mik said:
OK, so I'm hacked as well. So do i toss these units and start over or is there some time of protocol to go through. I'm not an IT kinda guy but not an idiot so if there are good directions i can get it done.

Also, sounds like we need our own type of cyber security on this NVR?
Click to expand...

As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine. You should be able to reset to factory original settings, then apply updated firmware like I did, Firmware - Dahua Technology then before connecting it to the Interwebs, make sure and change all user account passwords to something strong. THEN setup a VPN for access instead of port forwarding.

Asus and Netgear routers have OpenVPN capabilities built in, just follow the instructions and set up a VPN client on every device you want to connect to the NVR remotely.
 
  • Like
Reactions: mik
bigredfish said:
As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine. You should be able to reset to factory original settings, then apply updated firmware like I did, Firmware - Dahua Technology then before connecting it to the Interwebs, make sure and change all user account passwords to something strong. THEN setup a VPN for access instead of port forwarding.

Asus and Netgear routers have OpenVPN capabilities built in, just follow the instructions and set up a VPN client on every device you want to connect to the NVR remotely.
Click to expand...
if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...
 
fenderman said:
if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...
Click to expand...

True, just habit.
 
bigredfish said:
As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine.
Click to expand...
Do you think something is malicious only if it breaks the functionality of a device? How about if, for example, - I don't know - retrieves the e-mail/SMTP settings from the device and uses them?

fenderman said:
if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...
Click to expand...
So, if someone manages to break into your network - either via a malware on a mobile or a wifi hack, for example - they should be greeted with easy ways to "move lateraly"? As in f*ck up all the network?

Interesting...

Bare in mind that VPNs should be/are tunnels to your "private network" and provide security until the entry point of the network/VPN, not on it, as a whole!
 
True I have no way of knowing if any malware was put on the machine, or if they stole my emails creds, or if it will make calls to East Bolivia by itself.. so I will need to monitor outbound traffic and keep an eye on my (already changed password) email account. Was basing that conclusion on the known announcements I've read.
 
dexterash said:
Do you think something is malicious only if it breaks the functionality of a device? How about if, for example, - I don't know - retrieves the e-mail/SMTP settings from the device and uses them?


So, if someone manages to break into your network - either via a malware on a mobile or a wifi hack, for example - they should be greeted with easy ways to "move lateraly"? As in f*ck up all the network?

Interesting...

Bare in mind that VPNs should be/are tunnels to your "private network" and provide security until the entry point of the network/VPN, not on it, as a whole!
Click to expand...
Yes, they should, if you have someone with network access you have much bigger problems than you NVR....are wifi hack even if possible would require that person to be in close proximity to you, hate to break it to you but you are not that important. A device vulnerability like a pc exposed to malware would also provide the hacker with your user name and password the next time you logged into the NVR....hate to break it to you, you are not that important.
 
bigredfish said:
True I have no way of knowing if any malware was put on the machine, or if they stole my emails creds, or if it will make calls to East Bolivia by itself.. so I will need to monitor outbound traffic and keep an eye on my (already changed password) email account. Was basing that conclusion on the known announcements I've read.
Click to expand...
From the preliminary data, it doesn't seem that they did "plant" something on the device(s). But that doesn't rule out the possibility to grab settings as credentials for e-mail alerts, FTP / NAS uploads & maybe others.

Although users should be aware that, with access to the NVR, there is also the possibility to "upgrade" them with a firmware that has an "implant" or other "not-so-friendly" things...
 
fenderman said:
Yes, they should, if you have someone with network access you have much bigger problems than you NVR....are wifi hack even if possible would require that person to be in close proximity to you, hate to break it to you but you are not that important. A device vulnerability like a pc exposed to malware would also provide the hacker with your user name and password the next time you logged into the NVR....hate to break it to you, you are not that important.
Click to expand...
Or having your router hacked, for example... No close proximity needed.

Malware: depends on the type of it... you assume that all malware are keyloggers or sniffers?
 
dexterash said:
Or having your router hacked, for example... No close proximity needed.

Malware: depends on the type of it... you assume that all malware are keyloggers or sniffers?
Click to expand...
Pray tell how the router is hacked without breaking the vpn....
not all malware are keyloggers, but if the intent is getting your info it will have that component...
 
fenderman said:
Pray tell how the router is hacked without breaking the vpn....
not all malware are keyloggers, but if the intent is getting your info it will have that component...
Click to expand...
Even if a VPN is installed and running, your router is still Internet-connected and directly accessible (as in visible IP and visible services running on it + some other things). The VPN is on top of that - it's a server/service that can be accessed remotely (you connect to your router's IP address, right?). Your router is not protected if it's just a server for VPN services...

What can happen or how it can happen depends on many factors.
 
dexterash said:
Even if a VPN is installed and running, your router is still Internet-connected and directly accessible (as in visible IP and visible services running on it + some other things). The VPN is on top of that - it's a server/service that can be accessed remotely (you connect to your router's IP address, right?). Your router is not protected if it's just a server for VPN services...

What can happen or how it can happen depends on many factors.
Click to expand...
No it is not..you cannot connect to anything before passing the vpn...what are you talking about? pushing false information like this is not helpful to anyone.
 
even if your nonsense was possible, anyone who can do that would pass your dahua nvr is two minuets.
 
fenderman said:
No it is not..you cannot connect to anything before passing the vpn...what are you talking about?
Click to expand...
You can't connect to anything that's behind the VPN-bridge / router, but you connect to the router, right? Or how else would the VPN work?

For example: enable a VPN server on your router and scan it with an open-ports scanner. Depending on the VPN type used, you might see some ports open. And they are open on your router and open to anyone on the Internet, as they are open to you to connect from anywhere to your house's VPN. Also, if your router has bugs or other services that are Internet-faced, they will be open too...
 
Last edited:
dexterash said:
You can't connect to anything that's behind the VPN-bridge / router, but you connect to the router, right? Or how else would the VPN work?

For example: enable a VPN server on your router and scan it with an open-ports scanner. Depending on the VPN type used, you might see some ports open. And they are open on your router and open to anyone on the Internet, as they are open to you to connect from anywhere to your house's VPN. Also, if your router has bugs or other services that are Internet-face, they will be open too...
Click to expand...
Once again ZERO open ports are visible. Nonsense.
 
fenderman said:
even if your nonsense was possible, anyone who can do that would pass your dahua nvr is two minuets.
Click to expand...
Not really... Usually, attacks are targeted. For example, these ones were specifically made for DAHUA devices. Others are made for HIK. Others for Xiongmai (or TVT or blabla). Others for routers manufactured by DLINK. Others... etc.

Of course, the next attack(s) might combine them... but why make it easier for attackers?
 
fenderman said:
Once again ZERO open ports are visible. Nonsense.
Click to expand...
I'm sorry to disagree with you, but your VPN tunnel needs (at least) one port open. You can't connect with a VPN client to something that's not open or not running. Or unplugged. Or inexistent.

Unless you are talking about P2P *that is not VPN*...
 
dexterash said:
I'm sorry to disagree with you, but your VPN tunnel needs (at least) one port open. You can't connect with a VPN client to something that's not open or not running. Or unplugged. Or inexistent.

Unless you are talking about P2P *that is not VPN*...
Click to expand...
correct, the port is open for the VPN, so, you need to break the vpn, back to square 1.
 
dexterash said:
Not really... Usually, attacks are targeted. For example, these ones were specifically made for DAHUA devices. Others are made for HIK. Others for Xiongmai (or TVT or blabla). Others for routers manufactured by DLINK. Others... etc.

Of course, the next attack(s) might combine them... but why make it easier for attackers?
Click to expand...
you are really paranoid...and posting scenarios that cannot happen in the real world....a little too much tv.
 
fenderman said:
you are really paranoid...and posting scenarios that cannot happen in the real world....a little too much tv.
Click to expand...
On a thread where people are talking about mass-hacked devices and mass-hacking, you say I'm "really paranoid"? And a little too much TV? :)

Ok, no problem about that. Your call. ;)

fenderman said:
correct, the port is open for the VPN, so, you need to break the vpn, back to square 1.
Click to expand...
Not the VPN per-se, the VPN service or any other service that's running unsecured/not-updated/vulnerable on the router (including the VPN service, of course).
 
cyberwolf_uk said:
...People are always to quick to blame Dahua for this problem when the blame is down to the end users and the installer!
Click to expand...
I complete disagree with this victim blaming. If the manufacturer ships insecure software it is their fault and only their fault.
 
You must log in or register to reply here.
Top Bottom