nightvelvet
n3wb
Is P2P traffic for dahua encrypted by default?
Is P2P traffic for dahua encrypted by default?
- Thread starter nightvelvet
- Start date
-
- Tags
- dahua encryption p2p security
steve1225
Getting comfortable
No.
There is weak encryption for password.
That’s all.
nightvelvet
n3wb
So any MiTM attack can access my camera video feed if I am using P2P?
steve1225
Getting comfortable
yes.
And in case of p2p, there is huge risk that Dahua (or HIK) have access to camera/NVR without password.
Tcpdump shows that in case P2P enabled, Dahua NvR have 2 connections (one TCP one UDP) with Dahua servers for 24/7. Connections where every a few seconds there is data sent both ways.
looney2ns
IPCT Contributor
nightvelvet
n3wb
I wanna use p2p for convenience and I accept the fact that if Dahua want to spy on me they probably can but what I don't understand is why the traffic isn't encrypted from my network to Dahua to prevent third parties from sniffing it.
They don't care about your camera feed. Hackers use a vulnerable device (NVR) that has ZERO protection on it to get into your LAN and either scrape it for bank info or use your ISP as a bot for DDoS attacks.
The P2P/QR code/port forwarding is how they are gaining access.
There are lots of examples where the security devices (ironic isn't it) are not very secure from the internet and pass information unencrypted before the P2P handshake begins...
Millions of people around the world want the simplicity of Internet of Things (IoTs) to be easy to connect to their system and work. They do not want to deal with security. They wrongfully assume that because they bought it and all they have to do is scan a QR code, that all is good. A manufacturer also doesn't want to deal with endless phone calls from consumers asking how to set something up, so they make it easy.
So these companies create these QR codes/P2P and magically the new device can be seen on the consumers app. Consumer is happy. But, this device has opened up the system to gain easy access to your entire network.
I have a friend that falls under this "I just want to plug it in and scan a code and it works" mindset. Many years ago she bought a Foscam wifi camera to monitor her front door. She plugged it in and pointed it out a 2nd story window and downloaded the Foscam app and scanned the QR code and magically she could see her camera through the magic of P2P.
A few years later she bought a wifi printer and again, simply downloaded the app from the manufacturer and scanned the QR code and she could start printing.
One time in the middle of the night, she hears her printer printing a page. She thinks maybe she is dreaming or hearing things, so she thinks nothing of it and goes back to sleep. Next morning she gets up and indeed her printer did print something in the middle of the night and the printed page says I SEE YOU and a picture of her from her Foscam camera was below the text.
She changes her wifi password in case it was the peeping perv next door that she has caught looking at her from through her window and he guessed her password, which was password because she liked things simple.
Problem still persists. She goes into Foscam app and changes the password to the camera. Problem still persists. She gets a new router and sets up a stronger password for wifi and changed the passwords of all of her devices. Problem still persists. She gets rid of camera and printer.
At some point Foscam issues a security vulnerability and issued a firmware update. Basically the vulnerability was something like when logging into the camera with a web browser over HTTPS, the initial login to the P2P site is done using SSL. But then it establishes a connection to the HTTPS port again (for the media service) and sends all of its commands unencrypted. This means the username and passwords are being sent unencrypted. While this was a security vulnerability found in Foscam, I suspect it is in others as well. I suspect this is how my friend was hacked and someone was sending pictures of her taken from her Foscam camera to her wifi printer that she set up using the QR code.
Many articles on this site and out on the internet show how vulnerable these devices can be. I remember seeing an article of a webpage showing like 75,000 video streams around the world that were hacked into because of these vulnerabilities. I know there is an article someone on this forum where someone posted that many of these cameras do send passwords totally unencrypted and wide open easy to see for anyone knowing what they are doing.
Do not assume that because it is a name brand that they actually have good security on these cameras or any device for that matter. Think about the typical end-user that just wants simplicity to connect. And then think how a company would go about that to provide that simplicity. End result is to provide that simplicity, it comes at a cost and that cost is security vulnerabilities, which is ironic for security cameras. But if it can happen to Amazon/Ring (which is a fairly large company), it can happen to anyone, especially all the no-name brands being sold on Amazon.
For that reason, most of us here prevent our systems from having access to the internet.
The P2P/QR code/port forwarding is how they are gaining access.
There are lots of examples where the security devices (ironic isn't it) are not very secure from the internet and pass information unencrypted before the P2P handshake begins...
Millions of people around the world want the simplicity of Internet of Things (IoTs) to be easy to connect to their system and work. They do not want to deal with security. They wrongfully assume that because they bought it and all they have to do is scan a QR code, that all is good. A manufacturer also doesn't want to deal with endless phone calls from consumers asking how to set something up, so they make it easy.
So these companies create these QR codes/P2P and magically the new device can be seen on the consumers app. Consumer is happy. But, this device has opened up the system to gain easy access to your entire network.
I have a friend that falls under this "I just want to plug it in and scan a code and it works" mindset. Many years ago she bought a Foscam wifi camera to monitor her front door. She plugged it in and pointed it out a 2nd story window and downloaded the Foscam app and scanned the QR code and magically she could see her camera through the magic of P2P.
A few years later she bought a wifi printer and again, simply downloaded the app from the manufacturer and scanned the QR code and she could start printing.
One time in the middle of the night, she hears her printer printing a page. She thinks maybe she is dreaming or hearing things, so she thinks nothing of it and goes back to sleep. Next morning she gets up and indeed her printer did print something in the middle of the night and the printed page says I SEE YOU and a picture of her from her Foscam camera was below the text.
She changes her wifi password in case it was the peeping perv next door that she has caught looking at her from through her window and he guessed her password, which was password because she liked things simple.
Problem still persists. She goes into Foscam app and changes the password to the camera. Problem still persists. She gets a new router and sets up a stronger password for wifi and changed the passwords of all of her devices. Problem still persists. She gets rid of camera and printer.
At some point Foscam issues a security vulnerability and issued a firmware update. Basically the vulnerability was something like when logging into the camera with a web browser over HTTPS, the initial login to the P2P site is done using SSL. But then it establishes a connection to the HTTPS port again (for the media service) and sends all of its commands unencrypted. This means the username and passwords are being sent unencrypted. While this was a security vulnerability found in Foscam, I suspect it is in others as well. I suspect this is how my friend was hacked and someone was sending pictures of her taken from her Foscam camera to her wifi printer that she set up using the QR code.
Many articles on this site and out on the internet show how vulnerable these devices can be. I remember seeing an article of a webpage showing like 75,000 video streams around the world that were hacked into because of these vulnerabilities. I know there is an article someone on this forum where someone posted that many of these cameras do send passwords totally unencrypted and wide open easy to see for anyone knowing what they are doing.
Do not assume that because it is a name brand that they actually have good security on these cameras or any device for that matter. Think about the typical end-user that just wants simplicity to connect. And then think how a company would go about that to provide that simplicity. End result is to provide that simplicity, it comes at a cost and that cost is security vulnerabilities, which is ironic for security cameras. But if it can happen to Amazon/Ring (which is a fairly large company), it can happen to anyone, especially all the no-name brands being sold on Amazon.
For that reason, most of us here prevent our systems from having access to the internet.
nightvelvet
n3wb
is this abot cause I am pretty sure I seen this message in another thread?They don't care about your camera feed. Hackers use a vulnerable device (NVR) that has ZERO protection on it to get into your LAN and either scrape it for bank info or use your ISP as a bot for DDoS attacks.
The P2P/QR code/port forwarding is how they are gaining access.
There are lots of examples where the security devices (ironic isn't it) are not very secure from the internet and pass information unencrypted before the P2P handshake begins...
Millions of people around the world want the simplicity of Internet of Things (IoTs) to be easy to connect to their system and work. They do not want to deal with security. They wrongfully assume that because they bought it and all they have to do is scan a QR code, that all is good. A manufacturer also doesn't want to deal with endless phone calls from consumers asking how to set something up, so they make it easy.
So these companies create these QR codes/P2P and magically the new device can be seen on the consumers app. Consumer is happy. But, this device has opened up the system to gain easy access to your entire network.
I have a friend that falls under this "I just want to plug it in and scan a code and it works" mindset. Many years ago she bought a Foscam wifi camera to monitor her front door. She plugged it in and pointed it out a 2nd story window and downloaded the Foscam app and scanned the QR code and magically she could see her camera through the magic of P2P.
A few years later she bought a wifi printer and again, simply downloaded the app from the manufacturer and scanned the QR code and she could start printing.
One time in the middle of the night, she hears her printer printing a page. She thinks maybe she is dreaming or hearing things, so she thinks nothing of it and goes back to sleep. Next morning she gets up and indeed her printer did print something in the middle of the night and the printed page says I SEE YOU and a picture of her from her Foscam camera was below the text.
She changes her wifi password in case it was the peeping perv next door that she has caught looking at her from through her window and he guessed her password, which was password because she liked things simple.
Problem still persists. She goes into Foscam app and changes the password to the camera. Problem still persists. She gets a new router and sets up a stronger password for wifi and changed the passwords of all of her devices. Problem still persists. She gets rid of camera and printer.
At some point Foscam issues a security vulnerability and issued a firmware update. Basically the vulnerability was something like when logging into the camera with a web browser over HTTPS, the initial login to the P2P site is done using SSL. But then it establishes a connection to the HTTPS port again (for the media service) and sends all of its commands unencrypted. This means the username and passwords are being sent unencrypted. While this was a security vulnerability found in Foscam, I suspect it is in others as well. I suspect this is how my friend was hacked and someone was sending pictures of her taken from her Foscam camera to her wifi printer that she set up using the QR code.
Many articles on this site and out on the internet show how vulnerable these devices can be. I remember seeing an article of a webpage showing like 75,000 video streams around the world that were hacked into because of these vulnerabilities. I know there is an article someone on this forum where someone posted that many of these cameras do send passwords totally unencrypted and wide open easy to see for anyone knowing what they are doing.
Do not assume that because it is a name brand that they actually have good security on these cameras or any device for that matter. Think about the typical end-user that just wants simplicity to connect. And then think how a company would go about that to provide that simplicity. End result is to provide that simplicity, it comes at a cost and that cost is security vulnerabilities, which is ironic for security cameras. But if it can happen to Amazon/Ring (which is a fairly large company), it can happen to anyone, especially all the no-name brands being sold on Amazon.
For that reason, most of us here prevent our systems from having access to the internet.
Dude - check out my number of messages and reaction score here. You are a NOOB - how do we know you are not the bot
No I am not a bot. This question comes up a lot so it is easier for me to cut/paste the response that is the same because P2P hasn't magically improved since the last time someone asked the exact same question.
nightvelvet
n3wb
Oh ok thanks then. Well I don't understand how a hacker can get access to my camera when I am not port forwarding, my camera only talks with the Dahua servers.
Again, read what you thought was a bot LOL. There are vulnerabilities within P2P itself and the device whether it is a camera or NVR.
Flat out these devices are not secure, which is ironic LOL.
It comes down to your level of convenience and amount of risk you want to take. Everything in life has a risk. At the very least you should VLAN it so it can't access the rest of your LAN, but it doesn't mean they can't use your ISP for bot attacks.
But we have lots of threads here of people being hacked and P2P or port-forwarding are the causes.
Do a google search on Dahua vulnerability and Dahua P2P and watch all the exploits found. Further these devices are rarely provided updates. If you see 3 in the device lifetime that is a lot. Here is just a sampling
www.dahuasecurity.com
thehackernews.com
www.securitymagazine.com
industrialcyber.co
securityaffairs.com
easypsim.com
www.zdnet.com
Heck even Dahua in their wiki says one should disable P2P LOL
dahuawiki.com
And the threat is the same for any camera using P2P. Don't think this is only a Dahua issue.
Flat out these devices are not secure, which is ironic LOL.
It comes down to your level of convenience and amount of risk you want to take. Everything in life has a risk. At the very least you should VLAN it so it can't access the rest of your LAN, but it doesn't mean they can't use your ISP for bot attacks.
But we have lots of threads here of people being hacked and P2P or port-forwarding are the causes.
Do a google search on Dahua vulnerability and Dahua P2P and watch all the exploits found. Further these devices are rarely provided updates. If you see 3 in the device lifetime that is a lot. Here is just a sampling
Trust Center - Dahua DACH
Dahua fully recognizes the importance of cybersecurity. Here you can find the latest cybersecurity notices/announcements, how to report a vulnerability, and recommended prevention methods
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices
Researchers discovered a new vulnerability (CVE-2022-30563) in Dahua IP cameras that can be exploited by remote attackers to compromise the cameras.
New research: P2P vulnerabilities show IoT security camera risks
Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams...
www.securitymagazine.com
Nozomi probes deeper into security vulnerability that hackers can exploit to compromise Dahua IP cameras - Industrial Cyber
Nozomi detects critical vulnerability that hackers could exploit to compromise Dahua IP cameras by replaying credentials.
industrialcyber.co
A flaw in Dahua IP Cameras allows full take over of the devices
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras.
securityaffairs.com
Dahua, Hikvision IoT Devices Under Siege – Krebs on Security
krebsonsecurity.com
amcrest.com" data-pending="true">
Port 37777 vulnerability - Amcrest Forum
amcrest.com
Is your camera hacked? | easypsim™
Hikvision and Dahua surveillance cameras or cameras produced by Xiongmai can pose a significant security risk. Some security vulnerabilities ...
easypsim.com
Over two million IoT devices vulnerable because of P2P component flaws
Devices like IP cameras, smart doorbells, and baby monitors sold under hundreds of brands are impacted.
www.zdnet.com
Heck even Dahua in their wiki says one should disable P2P LOL
DahuaWiki
dahuawiki.com
And the threat is the same for any camera using P2P. Don't think this is only a Dahua issue.
nightvelvet
n3wb
Ok thanks I will read all the information you provided. Very helpfulAgain, read what you thought was a bot LOL. There are vulnerabilities within P2P itself and the device whether it is a camera or NVR.
Flat out these devices are not secure, which is ironic LOL.
It comes down to your level of convenience and amount of risk you want to take. Everything in life has a risk. At the very least you should VLAN it so it can't access the rest of your LAN, but it doesn't mean they can't use your ISP for bot attacks.
But we have lots of threads here of people being hacked and P2P or port-forwarding are the causes.
Do a google search on Dahua vulnerability and Dahua P2P and watch all the exploits found. Further these devices are rarely provided updates. If you see 3 in the device lifetime that is a lot. Here is just a sampling
Trust Center - Dahua DACH
Dahua fully recognizes the importance of cybersecurity. Here you can find the latest cybersecurity notices/announcements, how to report a vulnerability, and recommended prevention methods
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices
Researchers discovered a new vulnerability (CVE-2022-30563) in Dahua IP cameras that can be exploited by remote attackers to compromise the cameras.
New research: P2P vulnerabilities show IoT security camera risks
Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams...
Nozomi probes deeper into security vulnerability that hackers can exploit to compromise Dahua IP cameras - Industrial Cyber
Nozomi detects critical vulnerability that hackers could exploit to compromise Dahua IP cameras by replaying credentials.
A flaw in Dahua IP Cameras allows full take over of the devices
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras.
Dahua, Hikvision IoT Devices Under Siege – Krebs on Security
krebsonsecurity.com
amcrest.com" data-pending="true">Port 37777 vulnerability - Amcrest Forum
amcrest.com
Is your camera hacked? | easypsim™
Hikvision and Dahua surveillance cameras or cameras produced by Xiongmai can pose a significant security risk. Some security vulnerabilities ...
Over two million IoT devices vulnerable because of P2P component flaws
Devices like IP cameras, smart doorbells, and baby monitors sold under hundreds of brands are impacted.
Heck even Dahua in their wiki says one should disable P2P LOL
DahuaWiki
And the threat is the same for any camera using P2P. Don't think this is only a Dahua issue.
steve1225
Getting comfortable
It simple - SOCs (cpu processors) used in cameras /NVRs didn’t have power to strong encrypt (in TLS/SSL) all network traffic.
if it important for You - the only proper way to access NVR outside your network is VPN
nightvelvet
n3wb
Oh I see, makes sense. Didn't know TLS took a lot of cpu power, I always forget how all modern labtops have insance cpus compared to a lot of IoT devices.
Of course this is exactly what a bot would say.
