I did the whole thing.
Honestly, I won't lose one wink of sleep.
This is a guy who finds vulnerabilities in Fortune 500 enterprise software. He had to make some assumptions, do a ton of pre-planning for this video and ultimately got some corrupted video. Yes he also found the camera serial number. And he showed that Dahua's P2P server was using outdated TLS 1 encryption.
He was also using an older version of SmartPSS which is why it was discontinued in July 2024 and I think was a key part of why he was semi-successful..
Its odd that he hit the P2P server on Alibaba network as I thought, and can see from my house, it goes through AWS servers and was also part of the whole security update Dahua made last summer.. Perhaps the P2P server you hit is region/location dependent.?
But this was all predicated on a man in the middle attack which isnt necessarily simple
I'm not a hacker, but while he could see the request for updated firmware, in order to use that vector and send the camera fw with a payload it would accept, he's still got a lot of work to do. The camera won't accept just anything you send it.
I'm at the limit of my knowledge, but if that guy hacks my system he deserves it.
