DAHUA RECORDERS HACKED

bigredfish · Oct 3, 2017

mik said:
OK, so I'm hacked as well. So do i toss these units and start over or is there some time of protocol to go through. I'm not an IT kinda guy but not an idiot so if there are good directions i can get it done.

Also, sounds like we need our own type of cyber security on this NVR?

As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine. You should be able to reset to factory original settings, then apply updated firmware like I did, Firmware - Dahua Technology then before connecting it to the Interwebs, make sure and change all user account passwords to something strong. THEN setup a VPN for access instead of port forwarding.

Asus and Netgear routers have OpenVPN capabilities built in, just follow the instructions and set up a VPN client on every device you want to connect to the NVR remotely.

fenderman · Oct 3, 2017

bigredfish said:
As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine. You should be able to reset to factory original settings, then apply updated firmware like I did, Firmware - Dahua Technology then before connecting it to the Interwebs, make sure and change all user account passwords to something strong. THEN setup a VPN for access instead of port forwarding.

Asus and Netgear routers have OpenVPN capabilities built in, just follow the instructions and set up a VPN client on every device you want to connect to the NVR remotely.

if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...

bigredfish · Oct 3, 2017

fenderman said:
if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...

True, just habit.

dexterash · Oct 3, 2017

bigredfish said:
As far as I can tell the hack wasn't malicious in that it didnt permanently break the machine.

Do you think something is malicious only if it breaks the functionality of a device? How about if, for example, - I don't know - retrieves the e-mail/SMTP settings from the device and uses them?

fenderman said:
if you setup vpn you dont need strong passwords....if someone can get past the vpn they wont have a problem with your dahua nvr...

So, if someone manages to break into your network - either via a malware on a mobile or a wifi hack, for example - they should be greeted with easy ways to "move lateraly"? As in f*ck up all the network?

Interesting...

Bare in mind that VPNs should be/are tunnels to your "private network" and provide security until the entry point of the network/VPN, not on it, as a whole!

bigredfish · Oct 3, 2017

True I have no way of knowing if any malware was put on the machine, or if they stole my emails creds, or if it will make calls to East Bolivia by itself.. so I will need to monitor outbound traffic and keep an eye on my (already changed password) email account. Was basing that conclusion on the known announcements I've read.

fenderman · Oct 3, 2017

dexterash said:
Do you think something is malicious only if it breaks the functionality of a device? How about if, for example, - I don't know - retrieves the e-mail/SMTP settings from the device and uses them?

So, if someone manages to break into your network - either via a malware on a mobile or a wifi hack, for example - they should be greeted with easy ways to "move lateraly"? As in f*ck up all the network?

Interesting...

Bare in mind that VPNs should be/are tunnels to your "private network" and provide security until the entry point of the network/VPN, not on it, as a whole!

Yes, they should, if you have someone with network access you have much bigger problems than you NVR....are wifi hack even if possible would require that person to be in close proximity to you, hate to break it to you but you are not that important. A device vulnerability like a pc exposed to malware would also provide the hacker with your user name and password the next time you logged into the NVR....hate to break it to you, you are not that important.

dexterash · Oct 3, 2017

bigredfish said:
True I have no way of knowing if any malware was put on the machine, or if they stole my emails creds, or if it will make calls to East Bolivia by itself.. so I will need to monitor outbound traffic and keep an eye on my (already changed password) email account. Was basing that conclusion on the known announcements I've read.

From the preliminary data, it doesn't seem that they did "plant" something on the device(s). But that doesn't rule out the possibility to grab settings as credentials for e-mail alerts, FTP / NAS uploads & maybe others.

Although users should be aware that, with access to the NVR, there is also the possibility to "upgrade" them with a firmware that has an "implant" or other "not-so-friendly" things...

dexterash · Oct 3, 2017

fenderman said:
Yes, they should, if you have someone with network access you have much bigger problems than you NVR....are wifi hack even if possible would require that person to be in close proximity to you, hate to break it to you but you are not that important. A device vulnerability like a pc exposed to malware would also provide the hacker with your user name and password the next time you logged into the NVR....hate to break it to you, you are not that important.

Or having your router hacked, for example... No close proximity needed.

Malware: depends on the type of it... you assume that all malware are keyloggers or sniffers?

fenderman · Oct 3, 2017

dexterash said:
Or having your router hacked, for example... No close proximity needed.

Malware: depends on the type of it... you assume that all malware are keyloggers or sniffers?

Pray tell how the router is hacked without breaking the vpn....
not all malware are keyloggers, but if the intent is getting your info it will have that component...

dexterash · Oct 3, 2017

fenderman said:
Pray tell how the router is hacked without breaking the vpn....
not all malware are keyloggers, but if the intent is getting your info it will have that component...

Even if a VPN is installed and running, your router is still Internet-connected and directly accessible (as in visible IP and visible services running on it + some other things). The VPN is on top of that - it's a server/service that can be accessed remotely (you connect to your router's IP address, right?). Your router is not protected if it's just a server for VPN services...

What can happen or how it can happen depends on many factors.

fenderman · Oct 3, 2017

dexterash said:
Even if a VPN is installed and running, your router is still Internet-connected and directly accessible (as in visible IP and visible services running on it + some other things). The VPN is on top of that - it's a server/service that can be accessed remotely (you connect to your router's IP address, right?). Your router is not protected if it's just a server for VPN services...

What can happen or how it can happen depends on many factors.

No it is not..you cannot connect to anything before passing the vpn...what are you talking about? pushing false information like this is not helpful to anyone.

fenderman · Oct 3, 2017

even if your nonsense was possible, anyone who can do that would pass your dahua nvr is two minuets.

dexterash · Oct 3, 2017

fenderman said:
No it is not..you cannot connect to anything before passing the vpn...what are you talking about?

You can't connect to anything that's behind the VPN-bridge / router, but you connect to the router, right? Or how else would the VPN work?

For example: enable a VPN server on your router and scan it with an open-ports scanner. Depending on the VPN type used, you might see some ports open. And they are open on your router and open to anyone on the Internet, as they are open to you to connect from anywhere to your house's VPN. Also, if your router has bugs or other services that are Internet-faced, they will be open too...

fenderman · Oct 3, 2017

dexterash said:
You can't connect to anything that's behind the VPN-bridge / router, but you connect to the router, right? Or how else would the VPN work?

For example: enable a VPN server on your router and scan it with an open-ports scanner. Depending on the VPN type used, you might see some ports open. And they are open on your router and open to anyone on the Internet, as they are open to you to connect from anywhere to your house's VPN. Also, if your router has bugs or other services that are Internet-face, they will be open too...

Once again ZERO open ports are visible. Nonsense.

dexterash · Oct 3, 2017

fenderman said:
even if your nonsense was possible, anyone who can do that would pass your dahua nvr is two minuets.

Not really... Usually, attacks are targeted. For example, these ones were specifically made for DAHUA devices. Others are made for HIK. Others for Xiongmai (or TVT or blabla). Others for routers manufactured by DLINK. Others... etc.

Of course, the next attack(s) might combine them... but why make it easier for attackers?

dexterash · Oct 3, 2017

fenderman said:
Once again ZERO open ports are visible. Nonsense.

I'm sorry to disagree with you, but your VPN tunnel needs (at least) one port open. You can't connect with a VPN client to something that's not open or not running. Or unplugged. Or inexistent.

Unless you are talking about P2P *that is not VPN*...

fenderman · Oct 3, 2017

dexterash said:
I'm sorry to disagree with you, but your VPN tunnel needs (at least) one port open. You can't connect with a VPN client to something that's not open or not running. Or unplugged. Or inexistent.

Unless you are talking about P2P *that is not VPN*...

correct, the port is open for the VPN, so, you need to break the vpn, back to square 1.

fenderman · Oct 3, 2017

dexterash said:
Not really... Usually, attacks are targeted. For example, these ones were specifically made for DAHUA devices. Others are made for HIK. Others for Xiongmai (or TVT or blabla). Others for routers manufactured by DLINK. Others... etc.

Of course, the next attack(s) might combine them... but why make it easier for attackers?

you are really paranoid...and posting scenarios that cannot happen in the real world....a little too much tv.

dexterash · Oct 3, 2017

fenderman said:
you are really paranoid...and posting scenarios that cannot happen in the real world....a little too much tv.

On a thread where people are talking about mass-hacked devices and mass-hacking, you say I'm "really paranoid"? And a little too much TV?

Ok, no problem about that. Your call.

fenderman said:
correct, the port is open for the VPN, so, you need to break the vpn, back to square 1.

Not the VPN per-se, the VPN service or any other service that's running unsecured/not-updated/vulnerable on the router (including the VPN service, of course).

Frank Ecker · Oct 3, 2017

cyberwolf_uk said:
...People are always to quick to blame Dahua for this problem when the blame is down to the end users and the installer!

I complete disagree with this victim blaming. If the manufacturer ships insecure software it is their fault and only their fault.

Search

DAHUA RECORDERS HACKED

bigredfish

Known around here

fenderman

bigredfish

Known around here

dexterash

Young grasshopper

bigredfish

Known around here

fenderman

dexterash

Young grasshopper

dexterash

Young grasshopper

fenderman

dexterash

Young grasshopper

fenderman

fenderman

dexterash

Young grasshopper

fenderman

dexterash

Young grasshopper

dexterash

Young grasshopper

fenderman

fenderman

dexterash

Young grasshopper

Frank Ecker

Young grasshopper