Categories: NewsSecurity

Second Largest IoT Manufacturer Leaves Devices Open To Hacking

It appears cybercriminals are once again targeting a popular manufacturer of the internet of things hardware. Dahua, the world’s second-largest IoT device manufacturer, had to issue an emerging software patch to address a security flaw found in most of its products. Anyone exploiting this vulnerability can gain remote control over a device by bypassing the login process altogether.

Dahua Exploit Now Available On The Internet

It is unclear if and how many Dahua IoT devices

have been controlled by hackers due to this exploit so far. We do know someone has posted the code online to take advantage of this security flaw and remote control thousands of IoT devices in the process. With the source code up for grabs on the internet, it is only a matter of time until more people will try to take advantage of the situation.

Dahua has been made aware of this software flaw back on March 5th. A security researcher discovered he was able to bypass authentication for Dahua security cameras and DVRs. Since all of these devices are controllable through a local web server, bypassing the authentication protocol could have significant consequences. Rather than entering a username and password, it is possible to trick devices into displaying the username and a hashed value of the password.

Although it is positive to see IoT manufacturers hash a password, the encryption used is rather simple to crack, according to the researcher. To make matters worse, the researcher was able to pass the hash and its username back to the web server to gain access to the device. A major flaw that should not exist in the first place,  yet Dahua somehow missed out on this potential issue during the initial software development and the later QA process.

Related Post

Among the actions a hacker could take are controlling the device remotely, downloading the user database, and gaining full administrator access. Considering how a wide range of IoT devices was used in the recent Mirai botnet attack, vulnerabilities like these could have disastrous consequences for online services and platforms. If Dahua devices are infiltrated successfully, another major denial of service attack can be executed against any target one can think of. Thankfully, the emergency patch solves this problem, albeit the problem should have never existed in the first place.

Considering how simple it is to pull off this hack in the first place, there is plenty of reason to be concerned. Dahua is a well-respected company, yet leaving their devices exposed to such a major flaw will cause a PR nightmare. Dahua has identified a dozen of their product lines being vulnerable to this attack vector, although it is expected more models may suffer from some flaws. Users will need to manually upgrade their device firmware to resolve these issues, although it is unclear how many people will go through the necessary steps to do so.

This isn’t the first time a major Chinese IoT manufacturer has to deal with a significant security flaw either. Hikvision, another major player in the IoT manufacturing sector, has had to issue an emergency update last week. It is evident these types of devices will continue to pose significant security risks. Plenty of consumers and enterprises want to buy cheap IoT devices, yet few people take the necessary precautions to ensure their devices are protected in an optimal manner. Moreover, when manufacturers make bypassing the device authentication service a trivial matter, there is a lot of work to be done moving forward.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

The 6 Top New Meme Coins to Invest in for Long Term with the BTFD Big50 Discount Offer

The meme coin market has been buzzing with excitement lately, hasn’t it? The wider crypto…

54 mins ago

100x Crypto For 2025: Cronos, Algorand, Kaspa, & BlockDAG – Explore Potential Breakouts!

While the early days of Bitcoin are a thing of the past, the cryptocurrency market…

12 hours ago

Grab the 4 Best New Meme Coins to Invest in Today: Big Discounts, Bigger Gains with BTFD’s Festive Deal!

Imagine this: a market dip so juicy, it’s practically begging to be seized. For savvy…

17 hours ago

Top Crypto Presales to Buy Now for Substantial ROI in 2025

Top 5 Presale Cryptos That Could Make You the Next Millionaire in 2025! With 2025…

18 hours ago

Missed Bitcoin? Don’t Miss DexBoss [DEBO]—The Best Crypto Presale that Could Make Millionaires by 2025. 

Did you miss the Bitcoin boom? Then, don't miss DexBoss; it has the best crypto…

19 hours ago

3 Altcoins You Need In This Market Dip To Prepare For The Next Bullish Pump

Investors are concentrating on top altcoins with great surge potential as the bullish momentum picks…

19 hours ago