Dahua responds to IoT attack - offers replacement discounts

[dexterash]

Agreed.
Many QNAP users discovered the hard way after being hacked (various high-severity Linux vulnerabilities) that even re-initialising the device didn't clear the changes that had been written into the system flash, which is rw when transiently mounted during bootup.

Haven't investigated yet QNAPS, but I do recall they use a partition on the HDD/Raid to download/deploy the "whole" system - since the initial one is just a downloader. Or this happens to just some of their models?

I suspect that's one of the underlying causes of the Huisin Mini PTZ 'bricked' cameras - those I've seen have had flash contents overwritten. Too easy to do.

It can be done in several ways - some haven't been exploited... yet by the malware families.

CRAMFS as used by Hikvision does have some merit from the robustness viewpoint, if not the modding viewpoint.

CRAMFS is widely spread in embedded devices. From a security point of view, it's some-how ok-ish.

I agree about modding, but... if the modding is simple, it can also be simple for a malware to exploit this. And I don't think a manufacturer should make it simple.
But I might be wrong...

 

[dexterash]

another possible attack vector is the password reset tool, I dont have access but they link to it on the wiki: http://dahuawiki.com/Password_Reset

This attack vector works only local, using mouse + monitor connected. Can't be exploited from remote.

if the method for generating these logins gets reverse engineered it could make trivial to hack into em, especially over something like p2p that shares serial/mac info with foreign servers.

It has been. But since it doesn't work remotely, it's only useful to support password-reset.