TechnoclinicTechnoclinic
  • Home
  • APPS
  • CAMERAS
    • PRINTERS
  • GAMING
    • LAPTOPS
  • HDTV
  • NEWS
  • PHONES
    • TABLETS
  • REVIEWS
  • SOFTWARE
  • Contact Us!
Search
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Reading: Warning As Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users: Report
Share
Sign In
Aa
TechnoclinicTechnoclinic
Aa
Search
  • Home
  • APPS
  • CAMERAS
    • PRINTERS
  • GAMING
    • LAPTOPS
  • HDTV
  • NEWS
  • PHONES
    • TABLETS
  • REVIEWS
  • SOFTWARE
  • Contact Us!
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Technoclinic > CAMERAS > Warning As Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users: Report
CAMERAS

Warning As Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users: Report

Loknath Das
Last updated: 2019/08/05 at 5:25 AM
Loknath Das
Share
SHARE

uncaptioned

Despite more awareness of the risks associated with Chinese surveillance equipment, the news this week that cameras from the world’s second-largest manufacturer of such devices can be used to secretly listen in to users still comes as a shock. Put simply, the newly disclosed backdoor vulnerability means that millions of cameras have been carrying the potential to be used as eavesdropping devices—even when the audio on the camera is disabled.

“Essentially,” warned Jacob Baines, the researcher who first disclosed the vulnerability with cameras used by both consumers and enterprises, “if this thing is connected directly to the internet, it’s anyone’s listening device.”

The issue impacts Dahua Technology, the second-largest CCTV manufacturer in the world, which—alongside its larger Hangzhou stablemate Hikvision—sells video cameras under its own brand and through a wide range of OEMs. These are cameras deployed widely in the U.S. and Europe. Last year, both those multi-billion-dollar companies were prohibited from U.S. government contracts and applications deemed to have national security restrictions.

Baines initially shared this latest issue with Dahua OEM Armcrest two months ago, reporting that he could “remotely listen” to a tested camera “over HTTP without authentication.” The vulnerability can be seen in action in a video shared by Baines on YouTube. “Pulling apart the firmware for this device,” he pointed out, “it’s clear that it’s a rebranded Dahua camera.”

Now, video surveillance researchers at IPVM have gone further, reporting that this “huge vulnerability” impacts Dahua cameras and firmware more widely. The backdoor “wiretapping vulnerability,” IPVM reports, enables cameras to be used as unauthorized listening devices, with attackers listening to audio captured by the device “even if the camera’s audio has been disabled.”

uncaptioned
TWITTER

This isn’t the first such issue to hit Dahua. Two years ago, a backdoor was found on the company’s cameras that was alleged to enable access to devices installed in major corporate customers, with data sent back to China.

On August 2, Dahua issued a security advisory following the disclosure of that initial vulnerability, saying that “some Dahua products’ VideoTalk function has authentication vulnerability—users without authentication can access this function. After Dahua reconstructed the relevant functional code in 2018, this vulnerability no longer exists.” IPVM criticized Dahua for “quietly fixing” the issue after it came to light, but with no immediate public notification.

A Dahua spokesperson told IPVM that the company’s Security Team and R&D Team has “conducted an emergency investigation, and the preliminary results are that this vulnerability does not exist after refactoring—some end-of-life products may have security risks. We have a plan to repair the related products.”

As IPVM points out, while we all worry about the use of IP video cameras—be they surveillance equipment of webcams—to deliver unauthorized streams, we don’t have the same concerns about audio. That cameras might be used as audio eavesdropping endpoints, even if audio is not enabled, is a major concern. In this kind of surveillance, audio has some major benefits over video—primarily because it doesn’t matter whether the camera is covered or where it’s pointing.

“We have not determined what of the dozens of Dahua OEM partners are impacted, outside of Amcrest,” IPVM reported, “but given that Amcrest and Dahua branded cameras are impacted, it is likely that many others have this vulnerability as well.”

Dahua was approached for comments on this latest disclosure.

The most recent firmware fix appears to have locked down the vulnerability—so update right away. But the fact that it existed in the first place will not help China’s manufacturers make their case for the security credentials of their products.

[“source=forbes”]

TAGGED: as, Be, Cameras, Can, Chinese-Made, Hacked, Millions, of, on, Report, Spy, to, Users, Warning

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
[mc4wp_form]
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Loknath Das August 5, 2019
Share this Article
Facebook Twitter Copy Link Print
Share
Previous Article GE’s UltraPro Bar Indoor HDTV Antenna drops to Amazon low at $31.50 (Reg. $38)
Next Article Mi Gaming Laptop 2019 With 144Hz Display, Up to 16GB RAM Launched

Latest News

Case Study: Nissan and Teads’ Immersive Concept Car Campaign Transformed Scrolls into Stories
NEWS
Review of Hootsuite: Advantages, Drawbacks, Features, and Other Options
REVIEWS
From Idea to Launch: The Software Development Journey
SOFTWARE
How schools can save money and work more efficiently with managed print services
PRINTERS
How to Write Powerful Blog Posts, Comparisons, and Reviews
REVIEWS
How to Defrost Your Lens with Condensation
CAMERAS

Most Viewed Posts

  • Choosing the Right Tablet for Blogging and Writing On the Go (1,036)
  • What You Need to Know About Smartphones vs. Tablet use of the Mobile Internet (992)
  • How to Start a Product Review Blog (Templates & Examples) (982)
  • App Annie now tracks 5,000 Android apps in China: Report (979)
  • How To Start A Review Blog and Get Free Review Products (978)

© 2023 TechnoClinic Network. TechnoClinic Company. All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?