More Security Cameras Found To Be Easily Hackable - Olmec Skip to main content

More Security Cameras Found To Be Easily Hackable

By March 17, 2017March 1st, 2023Cybersecurity

Dahua, a Chinese manufacturer of DVRs and Smart Cameras, has security problems. In fact, on the Dark Web, the company is commonly referenced as building products that are particularly easy to hack, and as such, hackers gravitate to them. In practice, what this means is that Dahua devices make up a disproportionate share of most of the botnets in operation today. In fact, the recent attack on Dyn, which brought down the internet for much of the Eastern United States, was made up of an army of devices that included a huge number of Dahua smart products.

How easy is it to hack these devices?

According to a security researcher going by the name of Bashis, it’s almost laughably easy. The manufacturer stores configuration information for all their products on a web server. Downloading the file is as simple as getting the IP address of the smart device in question.

The hacker simply types the URL into his browser, downloads the file and gains access to full information on all users who have access to the device. Even worse, using simple automation tools, the process can be replicated quickly and easily, enabling a single hacker to take control of a large number of devices single-handedly.

Bashis reported his findings to the company and posted proof of concept code on Github as a demonstration, but later removed the code at Dahua’s request to give the company time to release an update to their firmware.

Dahua has done so, but this vulnerability dates back at least three years. The company’s older equipment does not automatically get updates to its firmware, which means that there are hundreds of thousands, perhaps millions of smart devices that are still vulnerable and easily hackable.

Until those devices are manually updated (which is unlikely) or simply retired from service, they are, and will remain, at serious risk.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.