Yeah, a 16 channel NVR with only 80Mbps bandwidth is robbery. That is way too low.
Hacked DAHUA cam and added that names
- Thread starter TIGOS1
- Start date
Yeah, a 16 channel NVR with only 80Mbps bandwidth is robbery. That is way too low.
bigredfish
Known around here
I have a theory, hunch if you will, that the “P2P” hacks mentioned by the OP originated with SmartPSS
I can’t prove it yet, but there seem to be suspicious coincidences with this and the recent abrupt discontinuation of SmartPSS and urgency to switch to SmartPSS Lite, along with disconnecting some older European P2P servers
As someone who ran SmartPSS for many years, typically all day, I recall various issues with bandwidth hogging and huge numbers of connections on some versions. I wasn’t running P2P at the time.
Lite doesn’t seem to have those same issues.
I’ve communicated with 3 users who supposedly were “hacked” and all 3 ran older versions of SmartPSS
I can’t prove it yet, but there seem to be suspicious coincidences with this and the recent abrupt discontinuation of SmartPSS and urgency to switch to SmartPSS Lite, along with disconnecting some older European P2P servers
As someone who ran SmartPSS for many years, typically all day, I recall various issues with bandwidth hogging and huge numbers of connections on some versions. I wasn’t running P2P at the time.
Lite doesn’t seem to have those same issues.
I’ve communicated with 3 users who supposedly were “hacked” and all 3 ran older versions of SmartPSS
So your internet comes into your Netgear and then into the firewalla and then out to the rest of your network?
bigredfish
Known around here
On one of the networks I help maintain UPNP got enabled somehow on the router and two of the Dahua cameras had a bunch of usernames added to them. Is it just a matter of deleting the user, disabling all of the systems services besides Onvif (using blue iris for NVR), changing the admin password on the camera, disable p2p, disabling UPNP on the router and blocking outbound internet from the cameras besides NTP traffic? Any other holes get opened that people are aware of? Thanks
Personally if your system has been Hacked then you will want to Reset the cameras and anything they are connected to.. Making sure to change the Passowrrd that you used for all devices and make sure that UPnP isn't enabled on all devices and to even make sure that it can't be enabled by accident I would disable UPnP in the Router so that it will not even allow devices to setup.. That is how I have my Router setup and the picture below is how I have my cameras setup the ones that are connected to NVRs POE ports don't matter in most cases but the ones that are connected to my Local Network and access the Internet for P2P service and or for sending Emails on events..
Attachments
Disable uPNP not only in the router but also in the camera when provided.
bigredfish
Known around here
bigredfish
Known around here
The router is under control of a larger it company, and there could be, but not up against the nvr
bigredfish
Known around here
From what I can tell (and there was an extensive thread on this many months back) the problems with Dahua P2P was mostly with the implementation of the P2P server and SmartPSS and how they communicated. In Aug '24 Dahua discontinued SmartPSS and their P2P servers were put behind AWS. There was a FW update for all older NVR's. As far as I can tell the problem was still small in the big scheme of things, and the attacker would still need your serial number or QR code and login credentials.
But of Port 80 and 37777 are port forwarded in the router, the problem lays there
But of Port 80 and 37777 are port forwarded in the router, the problem lays there
I created this thread about a year ago.
Back then, my cameras were hacked via P2P.
But for the users of this forum, this is unbelievable.
I feel like they've been living in a world of unicorns and pink clouds for years.
Back then, my cameras were hacked via P2P.
But for the users of this forum, this is unbelievable.
I feel like they've been living in a world of unicorns and pink clouds for years.
Dahua claimed all the problems were due to using old P2P apps, but that's not true.
I have about 800 cameras in just one apartment complex, and over 100 were hacked via P2P.
When hacked, the password isn't used.
A log entry appears: an unnamed user connected via P2P.
The user added a new user with ADMIN credentials.
None of them were added to the apps.
But they didn't believe me on the forum. After all, Dahua didn't tell them that.
I solved the problem. I followed this procedure:
- I search all Dahua devices on the local network for all added users. I compile a list of them.
- I run automatic deletion of users from all Dahua devices.
- I run a procedure that permanently disables P2P on all Dahua devices on the local network.
This is the only thing that works 100%
bigredfish
Known around here
There is no need to have P2P enabled on the individual cameras at all.
Only on the 1 device, the Dahua NVR. None of my cameras or the hundreds I've helped with have P2P enabled.
The first thing I do when setting up or telling someone how to setup their new cameras is to say NO at the initial screen asking to enable P2P
But I DO run it successfully on Dahua NVR's, especially with the 2024 (Aug/Sept) FW update
Only on the 1 device, the Dahua NVR. None of my cameras or the hundreds I've helped with have P2P enabled.
The first thing I do when setting up or telling someone how to setup their new cameras is to say NO at the initial screen asking to enable P2P
But I DO run it successfully on Dahua NVR's, especially with the 2024 (Aug/Sept) FW update
bigredfish
Known around here
How did they find the cameras?
How did they know the serial #?
How did they bypass the password?
My logs don't show a password attempt when I login successfully either. Only on blocked attempts
My clients have dozens of dashcams in their apartment complexes.
Even statistically, it's impossible for them not to be hacked.
And that's true.
On average, out of 20 dashcams/NVRs, one or two have been hacked via P2P, and these are the ones with the names listed in the screenshot a few posts above.
If you haven't read what I wrote at the beginning of this thread, let me remind you:
I suggest creating a list of usernames that are added during a hack.
This is necessary so that these users can be created on our DVRs, but with our password.
This will prevent an attacker from adding their own username and using it.
But as you can see here, everyone found my idea dubious.
After all, DAHUA didn't write about it!
These are the most important questions. But I don't have a definitive answer.
I think it's similar to that old hack that's now publicly available.
It also didn't require a login or password to gain full access to DAHUA's cameras.
I believe this is all the work of someone from DAHUA.