Dahua Technology, an infamous firm established in 2001 is a prodigious provider of video surveillance products and services. This includes Security cameras, Network cameras, DVRs etc.
Way back in 2013, a vulnerability CVE-2013-6117 was discovered in Dahua’s security DVR Appliances by Depth Security researcher Jake Reynolds. The vulnerable firmware versions include 2.608.0000.0 or 2.608.GV00.0. This is a 5 year old authentication bypass vulnerability that allows an attacker to bypass the authentication mechanism and perform unauthorized actions.
The vulnerability is exploited by initiating a raw TCP (Transfer Control Protocol) connection on a Dahua DVR on port 3777 to send a special payload.
Once this payload is received on a Dahua device, DDNS(Dynamic Domain Name System) credentials are received that enables the attacker to access the device, and other data, all in plaintext.
However, recently a new low was discovered to ease the hack of IoT (Internet of Things) devices by NewSky Security. NewSky Security is a cyber Security Company specialized in solving IoT threats.
This new ease of hacking technique is carried out via ZoomEye– an IoT search engine designed to find Internet connected devices and vulnerabilities. ZoomEye caches login credentials of thousands of internet devices. Hence, attackers now no longer have to connect to insecure Dahua DVR to obtain the credentials. All they need to do is to create a free account with ZoomEye and scrape the cache to get the credentials.
According to NewSky Security researchers, this trick was learnt when Janitor, the author of BrickerBot IoT malware published a post. BrickerBot, as you would recall, is a botnet discovered last year that permanently bricked poorly secured IoT devices in an attempt to disable them before they could be added to Mirai or other IoT botnets.
Brickerbot author also claims to have used the vulnerability CVE-2013-6117 to hijack and disable Dahua DVR’s in the past.
A worrisome number of 30,000 vulnerable devices have been unearthed whose credentials were stored in Zoomeye’s cache and have already been abused by BrickerBot author.
Furthermore, users too are to be blamed for securing their devices with shoddy passwords and making it easier for hackers to crack it and hence exploit the device. For instance, with just three search attempts on Zoomeye, 30,000 vulnerable Dahua devices could be identified.
Approximately:
Hits: 148
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.