Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Travis Smith, Senior Security Research Engineer at Tripwir commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“Building security into a product is a process which takes time and money. For device manufacturers, the primary drivers are time to market and keeping the cost low. This creates a difficult environment to create a product which can withstand the watchful eye of white and black hat hackers.
The advice still stands; don’t connect any device to the internet unless it’s absolutely critical. If the device is connected to the internet install updates as soon as possible and keep it on a segmented network, such as a guest wireless network. Should a device become compromised, this will reduce your exposure and limit what a potential hacker has access to.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…