Originally Posted by Bongo
I had been casually looking into one of these systems as well, but a bit hesitant for a couple reasons including how quickly they become obsolete and security (who can control, watch).
Products including a lot of the DVRs / cameras made by Dahua** were easily compromised and turned into supporting to the largest Internet Distributed Denial of Service (DDOS) attack a couple weeks ago. Two 18 year-old kids hacked into hundrends-of-thousands of Internet of Things (IoT) devices and turned them against an author who was starting to get too close to identifying them for their nefarious activities.* A couple keys that led to this:
- Most of the devices don't make it easy to change the passwords for these devices.
- Even those devices that do allow password change are really only changing the password to access the user interface. They can still be logged into remotely with the one
user account and password programmed into the device.
- Most of us consumers don't really care how secure these devices are when we installed them into our house. Sure, they might use a little of our bandwidth - but beyond our Internet connection being a little slow, how do we know?
for mention of the devices. Brian Krebs, who authors the articles at that site, has 4 or 5 articles on this specific topic over the past two weeks.
* I might be running a little fast and loose with the comments in this paragraph. It is my recollection from reading the blog and related articles. But since I'm not really an authoritative source, I didn't go back and confirm what I had recalled.
** Dahua has issued a statement that they will replace the compromised devices. Anything manufactured before a specific date. However, the swap process isn't operational and it appears Dahua will make it a bit difficult for anyone other than a serious IT expert to demonstrate harm.
DON'T use the default ports for anything that can be accessed online. The script kiddies are probably scanning for default ports on IPs. Use a hardware firewall on your home network. The people that are getting hacked are the people that just plug the dvr in and don't do anything else.
Disable the default admin account
Don't use factory ports IE 80 for http access
Do use a hardware appliance with a built in firewall to block inbound factory telnet and ftp protocols and ports
It's pretty simple to secure yourself from this type of attack, take over.
Some of the critical information needed.
-The devices were using firmware dating prior to January 2015.
-The devices were using the default user name and password.
-The devices were exposed to the internet without the protection of an effective network firewall.