It seems that many recording devices manufactured by DAHUA have been accessed and reconfigured, one way or another, by automated software developed by hackers. Usually, these are devices that are directly connected to the Internet and are accessed directly, not via a VPN or, maybe, a SSH tunnel (please contact us if you want to know how to secure your devices).
Devices affected include DVRs, HCVRs, NVRs, XVRs etc.
What can you do?
We have a few recommendations for you:
- Disconnect your device(s) from LAN/Internet
- Connect an USB mouse and a monitor to them (you can move them to a convenient location to do this)
- Login and reset the device(s) to defaults
- If you can’t remember the passwords or if they have been changed by the hackers, you can use our quick service to generate temporary passwords
- Update your device to the latest firmware (March 2017 or, better, August 2017)
- Reset again the device to defaults
- Change all passwords including admin, 888888 and 666666 accounts (if present)
- Put it back in it’s place, connect it to the Internet and redo the settings
- Test it using your preferred software (DMSS for mobile devices, SmartPSS for Windows / MAC, etc) or maybe the portable IPRVM client developed by Preferred Solutions, USA
- Decide if you need an additional layer of security via VPN or SSH Tunnels. If so, contact us to find out how to implement them
- You could, also, isolate them on your local LAN and disable any port forwarding / direct Internet access
Please be aware that, without firmware updates, proper configuration and proper security, you can become (again) a victim of the hackers that can — without your knowledge — spy on you, disable your recording device, delete your recordings and other bad things.
How do I know I have been hacked — September 2017?
Common indicators include: cameras have settings the video stream black and they will display a text overlay like «HACKED 1», «HACKED 2» etc