Dahua Says Cybersecurity Report Diminishes Its Role in Massive DDoS Attack

Dahua referenced a report by a cybersecurity research firm that said the mid-September DDoS attacks “originated primarily from devices manufactured by another video surveillance vendor.”

FRAMINGHAM, Mass. – Dahua released a statement this week to address claims its video surveillance products were implicated in widespread distributed denial of service (DDoS) attacks in September.

In the statement, Dahua cites a report by cybersecurity research firm Flashpoint, which said it “identified the primary manufacturer of the devices that utilize the default username and password combination known as root and xc3511.”

The company identified by Flashpoint was Hangzhou, China-based Xiongmai       Technologies, which Flashpoint describes as a provider of “white-labeled DVR, NVR and IP camera boards and software to downstream vendors who then use it in their own products.”

Following is the complete Dahua statement:

In [September], a Distributed Denial of Service (DDoS) attack occurred due to a massive botnet created by malware named Mirai. This attack was caused by vulnerabilities in a large number of IoT devices, such as security cameras and DVRs using default credentials. Dahua’s products were initially named as the victims of the hacking and the source of these DDoS attacks in reports by research firm Level 3 Communications, the Wall Street Journal, and industry trade publications.

A subsequent report by cybersecurity research firm Flashpoint was issued on October 7 confirming that the Mirai DDoS attacks originated primarily from devices manufactured by another video surveillance vendor, and not Dahua. The Flashpoint report prompted a series of headlines that downgraded our devices involvement in causing the attacks, by Forbes.com, Network Security News, and SecurityWeek.

We acknowledge the vulnerabilities that some of our pre-2015 cameras and DVRs have used default usernames and passwords. This may have caused exposure to risks when the devices are exposed to the Internet without firewall protection. Dahua has taken steps to resolve this vulnerability and offer solutions. Keeping our customers informed of any threats or potential risks is a priority.

To address any potential issues, we have firmware updates available on the Dahua Wiki (http://dahuawiki.com/Firmware/Locate_Device_Firmware), and a dedicated channel for customers to ask questions about cybersecurity or report suspected vulnerabilities ([email protected]).

We continue to remind our customers that it is crucial to select strong passwords, keep firmware updated, and only forward ports their devices actually need. We strongly recommend that our customers and partners review our list of cybersecurity best practices on our website at http://www.dahuasecurity.com/en/us/best-practices.php.

Specific to this issue, we are offering replacement discounts as a gesture of goodwill to customers who wish to replace pre­‐January 2015 models. End users can bring such products to an authorized Dahua dealer, where a technical evaluation will be performed to determine eligibility.

Above all, securing our customers’ assets and protecting their Dahua products is of the utmost importance to us. We continue our commitment to work with our customers and partners to make our products and solutions as secure as possible.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters