Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Travis Smith, Senior Security Research Engineer at Tripwir commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“Building security into a product is a process which takes time and money. For device manufacturers, the primary drivers are time to market and keeping the cost low. This creates a difficult environment to create a product which can withstand the watchful eye of white and black hat hackers.
The advice still stands; don’t connect any device to the internet unless it’s absolutely critical. If the device is connected to the internet install updates as soon as possible and keep it on a segmented network, such as a guest wireless network. Should a device become compromised, this will reduce your exposure and limit what a potential hacker has access to.”