DAHUA RECORDERS HACKED

fenderman · Oct 3, 2017

dexterash said:
On a thread where people are talking about mass-hacked devices and mass-hacking, you say I'm "really paranoid"? And a little too much TV?

Ok, no problem about that. Your call.

Not the VPN per-se, the VPN service or any other service that's running unsecured/not-updated/vulnerable on the router (including the VPN service, of course).

If you cant understand the difference between a basic hack to a dahua nvr and what you are stating is possible, then we have a problem that no further discussion can resolve.
Again you are assuming the VPN is vulnerable and that is not what you stated earlier. Earlier you implied that the router itself can be hacked bypassing the vpn, that is simply false.

fenderman · Oct 3, 2017

Frank Ecker said:
I complete disagree with this victim blaming. If the manufacturer ships insecure software it is their fault and only their fault.

Not if the victim knew that these devices are not properly secured from the get go and vulnerabilities are found routinely. Installers know this, they dont care. Many end users choose to ignore the danger as well despite being informed.

dexterash · Oct 3, 2017

fenderman said:
Again you are assuming the VPN is vulnerable and that is not what you stated earlier. Earlier you implied that the router itself can be hacked bypassing the vpn, that is simply false.

Is the VPN a software/service that's running on the routers? I think so. Do you disagree?

Are there any VPN vulnerabilities? For sure, depending on the implementation(s).

Can it be hacked? Of course, unless it has been patched/updated.Same goes for *any* service that is connected to the Internet, including DAHUA's data service (the one on port 37777).

Can the router expose more than the VPN service? Maybe.
Can the other services exposed by the router be hacked? Maybe.

Simply put, why a Dahua device can be hacked and a bla-bla device that provides VPN cannot be hacked?

fenderman · Oct 3, 2017

dexterash said:
Is the VPN a software/service that's running on the routers? I think so. Do you disagree?

Are there any VPN vulnerabilities? For sure, depending on the implementation(s).

Can it be hacked? Of course, unless it has been patched/updated.Same goes for *any* service that is connected to the Internet, including DAHUA's data service (the one on port 37777).

Can the router expose more than the VPN service? Maybe.
Can the other services exposed by the router be hacked? Maybe.

Simply put, why a Dahua device can be hacked and a bla-bla device that provides VPN cannot be hacked?

The router does not expose more than the vpn service, that is a fact, not sure what crap hardware they run in your country. NO OTHER SERVICES are exposed. Repeating the same nonsense claiming that they are does not make it so.
Yes the vpn service can be hacked, but anyone with that skillset, will a) not give a crap about you b) pass right though your dahua nvr...the dahua NVR hack is childs play compared to what would be required to pass though a vpn, you dont seem to get the distinction...

dexterash · Oct 3, 2017

fenderman said:
The router does not expose more than the vpn service, that is a fact, not sure what crap hardware they run in your country.

Same as they run in many other countries... probably manufactured by cheap chinese vendors. Or are we talking here about devices that are high-end and extremely secured?

fenderman said:
NO OTHER SERVICES are exposed. Repeating the same nonsense claiming that they are does not make it so.

Saying that "generally, all routers only expose VPNs and not other services" seems like a nonsense too.

fenderman said:
Yes the vpn service can be hacked, but anyone with that skillset, will a) not give a crap about you b) pass right though your dahua nvr
...the dahua NVR hack is childs play compared to what would be required to pass though a vpn, you dont seem to get the distinction...

I also think that you don't understand that no one is doing any distictions... all are automated hacks. Nothing manual, nothing that has a "personal touch". Be it a VPN compiled 5 years ago with 20+ bugs in it, a DAHUA DVR or others...

-----------------

Yet, why would someone lower the security on their internal network just because "shit, if it happens, you are already screwed" it's beyond me...

fenderman · Oct 3, 2017

dexterash said:
Same as they run in many other countries... probably manufactured by cheap chinese vendors. Or are we talking here about devices that are high-end and extremely secured?

Saying that "generally, all routers only expose VPNs and not other services" seems like a nonsense too.

I also think that you don't understand that no one is doing any distictions... all are automated hacks. Nothing manual, nothing that has a "personal touch". Be it a VPN compiled 5 years ago with 20+ bugs in it, a DAHUA DVR or others...

-----------------

Yet, why would someone lower the security on their internal network just because "shit, if it happens, you are already screwed" it's beyond me...

take any 50 dollar asus china router and you will not see any external port but the vpn..There is no automated way to hack a vpn, you have to know the vulnerability to design the automation...you keep making stuff up as you go...wow. The dahua hack was not discovered by automation either..

c hris527 · Oct 3, 2017

Frank Ecker said:
I complete disagree with this victim blaming. If the manufacturer ships insecure software it is their fault and only their fault.

Oh Boy, where to start here, First of all you are buying hardware from china at a cheap price, Most of the stuff bought is coming from Amazon or Ali. Dahua tells you up front they do NOT support the end user, they leave it up to your Authorized distributor to do so. Its like getting a copy of pirated of Microsoft windows with updates disabled and getting a virus, then blaming Microsoft. You get what you pay for and its up to you to make sure of it. I really do support my end users of Dahua products and Im on top of it all the time. None of my systems were effected because people paid me to install it securely.
Dahua says this : http://www1.dahuasecurity.com/news/statement-about-purchasing-products-from-unauthorized-channels-155.html

dexterash · Oct 3, 2017

fenderman said:
take any 50 dollar asus china router and you will not see any external port but the vpn..

So all readers of ipcamtalk have 50USD Asus China Routers?

fenderman said:
There is no automated way to hack a vpn, you have to know the vulnerability to design the automation...you keep making stuff up as you go...wow. The dahua hack was not discovered by automation either..

1. There are *some* vulnerabilities that can be discovered by automation/brute-something/blabla
2. I did not say that DAHUA's new problem was auto-discovered, but it was auto-applied. The automation is a mix of fingerprinting (as in identifying the devices/service that is vulnerable) + "applying" the hack (or whatever it is) for that specific device/service

-----

You "accused" me of making stuff up. Can you, please, explain how and what happened with the latest outbreak in DAHUA recording devices having their parameters modified?

fenderman · Oct 3, 2017

dexterash said:
So all readers of ipcamtalk have 50USD Asus China Routers?

1. There are *some* vulnerabilities that can be discovered by automation/brute-something/blabla
2. I did not say that DAHUA's new problem was auto-discovered, but it was auto-applied. The automation is a mix of fingerprinting (as in identifying the devices/service that is vulnerable) + "applying" the hack (or whatever it is) for that specific device/service

-----

You "accused" me of making stuff up. Can you, please, explain how and what happened with the latest outbreak in DAHUA recording devices having their parameters modified?

I would hope they at LEAST have that. You completely missed the point.
Again, you completely misunderstand the vpn and its vulnerabilities as compared to basic hacks like the dahua nvr.

dexterash · Oct 3, 2017

fenderman said:
I would hope they at LEAST have that.

DSL routers not provided by the ISPs [maybe in bridge mode]? And not under their management?

fenderman said:
Again, you completely misunderstand the vpn and its vulnerabilities as compared to basic hacks like the dahua nvr.

I know, I always misunderstand. You've been telling me that for the last few hours.

So: What's more secure? A VPN server (take it generally, not a specific one, we're talking concepts here, altough we should have a tech talk) that it's a 2010 version or a device that is behind the VPN and a 2017 version?

Btw, so what happened to the DAHUA devices? And how?

fenderman · Oct 3, 2017

dexterash said:
DSL routers not provided by the ISPs [maybe in bridge mode]? And not under their management?

I know, I always misunderstand. You've been telling me that for the last few hours.

So: What's more secure? A VPN server (take it generally, not a specific one, we're talking concepts here, altough we should have a tech talk) that it's a 2010 version or a device that is behind the VPN and a 2017 version?

Btw, so what happened to the DAHUA devices? And how?

you can hack away at a dsl router all day long, as long as there is a vpn behind it, you are ok.
Yes, I will keep telling you that.
Your silly question to me indicates that you truly dont understand what i am telling you....English must not be your native language. If you want to know what happend to the dahua devices go read..its all out there...you dont need me for that, at least i hope not.

c hris527 · Oct 3, 2017

dexterash said:
So all readers of ipcamtalk have 50USD Asus China Routers?

1. There are *some* vulnerabilities that can be discovered by automation/brute-something/blabla
2. I did not say that DAHUA's new problem was auto-discovered, but it was auto-applied. The automation is a mix of fingerprinting (as in identifying the devices/service that is vulnerable) + "applying" the hack (or whatever it is) for that specific device/service

-----

You "accused" me of making stuff up. Can you, please, explain how and what happened with the latest outbreak in DAHUA recording devices having their parameters modified?

Quickly I will chime in here, If you had your standard ports forwarded on your router or your router UPNP was enabled, than you had a good chance of being hacked. If you had UPNP disabled and had a VPN set for camera viewing from the outside, then your chances of being hacked went to almost zero.

fenderman · Oct 4, 2017

c hris527 said:
Quickly I will chime in here, If you had your standard ports forwarded on your router or your router UPNP was enabled, than you had a good chance of being hacked. If you had UPNP disabled and had a VPN set for camera viewing from the outside, then your chances of being hacked went to almost zero.

that is incorrect, if had you vpn enabled you had a ZERO chance of getting hacked by this vulnerability, not almost zero, zero.

dexterash · Oct 4, 2017

c hris527 said:
Quickly I will chime in here, If you had your standard ports forwarded on your router or your router UPNP was enabled, than you had a good chance of being hacked. If you had UPNP disabled and had a VPN set for camera viewing from the outside, then your chances of being hacked went to almost zero.

Quick Chime Reply: uPNP attacks have taken place in Feb-March 2017, exposing all sort of ports, including HTTP, RTSP, Telnet & others. Most of them redirected have been moved to non-standard ports. This has been done via commands sent to the DATA port...

dexterash · Oct 4, 2017

fenderman said:
you can hack away at a dsl router all day long, as long as there is a vpn behind it, you are ok.

So I can hack a device that manages a service (a VPN service - since it seems I need to point that out), but the service provided by the device and the devices serviced by that device remain(s) secure?

How does that happen? How can a hacked device be safe? Because it provides VPN services?

fenderman said:
English must not be your native language.

Tech must not be your native language...

Now, who has a point?

fenderman · Oct 4, 2017

dexterash said:
So I can hack a device that manages a service (a VPN service - since it seems I need to point that out), but the service provided by the device and the devices serviced by that device remain(s) secure?

How does that happen? How can a hacked device be safe? Because it provides VPN services?

Tech must not be your native language...

Now, who has a point?

Your premise is faulty. You cannot hack the device that is the entire point. What I said about the dsl router is that if there is a SEPARATE asus vpn behind the ISP dsl router/modem, it wont help you to hack the dsl device...if you are going to lie to make a point, at the very least read my responses. Do you not understand the term "behind it"? your english is worse than i assumed. I will not allow you to post false and misleading information on this forum. End of story.

c hris527 · Oct 4, 2017

dexterash said:
Quick Chime Reply: uPNP attacks have taken place in Feb-March 2017, exposing all sort of ports, including HTTP, RTSP, Telnet & others. Most of them redirected have been moved to non-standard ports. This has been done via commands sent to the DATA port...

So if UPNP is disabled or your router AND you had NO devices on your network(like your cameras and nvr) with the ability to enable them AND you had a VPN setup to view your cameras, your chances are almost zero. whats your point, lets face the fact that as about as secure as you are going to get when it comes to securely viewing cams over the net. The Robbers are going to check for unlocked doors, not waste their time unlocking doors.

fenderman · Oct 4, 2017

\

c hris527 said:
So if UPNP is disabled or your router AND you had NO devices on your network(like your cameras and nvr) with the ability to enable them AND you had a VPN setup to view your cameras, your chances are almost zero. whats your point, lets face the fact that as about as secure as you are going to get when it comes to securely viewing cams over the net. The Robbers are going to check for unlocked doors, not waste their time unlocking doors.

he's gone...purposely misleading users when he knows better than that. He can spew that nonsense in Romania to garner business for himself..

c hris527 · Oct 4, 2017

fenderman said:
\

he's gone...purposely misleading users when he knows better than that. He can spew that nonsense in Romania to garner business for himself..

I usually keep my mouth shut but sometimes I cannot take it, especially when the scenarios are not likely. Unless your camera system is a REAL high value target of the NSA the chances of hacking encrypted data and returning a Key are very small.

fenderman · Oct 4, 2017

c hris527 said:
I usually keep my mouth shut but sometimes I cannot take it, especially when the scenarios are not likely. Unless your camera system is a REAL high value target of the NSA the chances of hacking encrypted data and returning a Key are very small.

more importantly anyone who can hack a modern update vpn would have no issue with a dahua nvr

Search

DAHUA RECORDERS HACKED

fenderman

fenderman

dexterash

Young grasshopper

fenderman

dexterash

Young grasshopper

fenderman

c hris527

Known around here

dexterash

Young grasshopper

fenderman

dexterash

Young grasshopper

fenderman

c hris527

Known around here

fenderman

dexterash

Young grasshopper

dexterash

Young grasshopper

fenderman

c hris527

Known around here

fenderman

c hris527

Known around here

fenderman