Dahua Addresses Recent Report Regarding DDoS Attack
Video surveillance equipment provider Dahua Technology responds to recent coverage about a security breach.
Editor’s note: Dahua Technology has expressed concern about a recent article summarizing a Wall Street Journal piece about a DDoS attack. Dahua responds here.
We would like to address some inaccuracies in the Wall Street Journal article that were subsequently published in your coverage, and we appreciate the opportunity to address them.
To clarify, Dahua Technology has maintained a B2B business model and sells its products through the channel. Currently in the North America market, we don’t sell our products “directly to consumers and businesses through [our] website or retailers like Amazon.”
Amazon is not an approved Dahua distributor and we proactively conduct research to identify and take action against the unauthorized sale of our products. A list of authorized distributors is available here.
Also, the Wall Street Journal omitted facts from the Level 3 report, in particular, the passage that states, “Of the bots we’ve observed participating in attacks, peaking at more than 1 million devices, a large percentage are located in Taiwan, Brazil and Colombia.”
Dahua’s Cybersecurity Committee is dedicated to researching, testing and verifying vulnerabilities, as well as working very closely with third parties who conduct regular testing on Dahua products. To the best of our knowledge, the DDoS [distributed denial-of-service attacks] threats have not affected any Dahua-branded devices deployed or sold in North America.
The committee has also determined the devices that became part of the DDoS attack had one or more of these characteristics:
- The devices were using firmware dating prior to January 2015.
- The devices were using the default user name and password.
- The devices were exposed to the internet without the protection of an effective network firewall.
Education and communication are very important to us, and keeping our customers informed of any risks or potential risks is a priority. We are reiterating to our customers that it is crucial to select strong passwords, keep firmware updated, and only forward ports their devices actually need.
We strongly recommend that our customers and partners review our list of cybersecurity best practices on our website, which can be viewed here.
As always, we have firmware updates available on the Dahua Wiki, and a dedicated channel for customers to ask questions about cybersecurity or report suspected vulnerabilities (email@example.com).
Specific to this issue, we are offering replacement discounts as a gesture of goodwill to customers who wish to replace pre-January 2015 models. Dealers can bring such products to an authorized Dahua dealer, where a technical evaluation will be performed to determine eligibility.
Above all, securing our customers’ assets and protecting their Dahua products is of the utmost importance to us. We continue our commitment to work with our customers and partners to make our products and solutions as secure as possible.
SecurityProduct Briefs: Monitor Audio Adopts BluOS; Powerhouse Alliance HDMI ;Basalte Crestron Connected
New Samsung SmartThings Wifi Melds Home Automation Hub with Plume Mesh Wi-Fi
Careful on 1099 vs Employee: Wrong Contract Can Bite You in the ... Achilles
40% of All ADT Clients Now Use ADT Pulse
Alarm.com Q2 Earnings Beat Previous Record
View more on Security
Take Our Latest QuizzesHow Well Do You Understand Ethernet Cables and Connectors?
Quiz: Is Your Company Performance Above or Below Average?
How Much Do You Know About Cell Phone Signal Boosters?
How Efficient Is Your Service Department? Take the Quiz
5G and the Need for Cellphone Signal Boosters—Do You Know Enough?