Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Travis Smith, Senior Security Research Engineer at Tripwir commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“Building security into a product is a process which takes time and money. For device manufacturers, the primary drivers are time to market and keeping the cost low. This creates a difficult environment to create a product which can withstand the watchful eye of white and black hat hackers.
The advice still stands; don’t connect any device to the internet unless it’s absolutely critical. If the device is connected to the internet install updates as soon as possible and keep it on a segmented network, such as a guest wireless network. Should a device become compromised, this will reduce your exposure and limit what a potential hacker has access to.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…