Device Security Assessment & Enforcement

Update 25 September, 2015
For now, we have identified bugs, developed a patch(will be available to most DAHUA-based products) and also solutions for recovering the device for situations where:

  • Device stops responding, recording or can’t be accessed via Internet while directly connected or through PPPoE
  • Device still records, but you cannot access it via Internet
  • Device displays a “System has been hacked”, “Device has been hacked”, “DVR has been hacked” or other messages and the admin account has no rights

Update 1 September, 2015
We have developed custom firmware(s) for old devices that are prone to telnet(port 23)->root username attacks(via default, unchangeable vizxv password). We are able to customize/patch almost any old firmware with a secure password that you provide.

Why? Because using root&vizxv password devices are vulnerable to data leaks(including several, clear-text stored credentials), record(s) deletion, halt of operation(for at least 4 minutes), reset of configuration ect.

Some affected models
DVR0404HE-AN, DVR0404HE-AS, DVR0404HF-AN, DVR0404HF-AS, DVR0404HF-AT, DVR0404HF-U, DVR0404LE-AN, DVR0404LE-AS, DVR0404LF-A, DVR0404LF-AS, DVR0404LF-AST, DVR0404LF-L, DVR0404LF-S, DVR0804HF-U, DVR0804LE-AS, DVR0804LF-A, DVR0804LF-AS, DVR0804LF-AST, DVR0804LF-L, DVR0804LF-S, DVR1604HF-L-E, DVR1604HF-S-E, DVR1604HF-U, DVR1604LE-AS, DVR1604LE-SL, DVR1604LF-A, DVR1604LF-AE, DVR1604LF-AS, DVR1604LF-AST, DVR1604LF-L, DVR1604LF-S, DVR3108H, DVR310XE, DVR3116E, DVR3116H

Some DVRs, NVRs (and other embedded security or monitoring devices) can and might be compromised by different security problems. For those, we will remotely-assess your current device’s security and issue a report.

Tip: This feature is currently under development.
We will be doing #pentesting and some #hardwarefingerprinting. We will also use common #CVEs available and some inside-developed tools. We will present a statistic of vulnerable devices in the near future.