Dahua Addresses Recent Report Regarding DDoS Attack
Video surveillance equipment provider Dahua Technology responds to recent coverage about a security breach.
Editor’s note: Dahua Technology has expressed concern about a recent article summarizing a Wall Street Journal piece about a DDoS attack. Dahua responds here.
We would like to address some inaccuracies in the Wall Street Journal article that were subsequently published in your coverage, and we appreciate the opportunity to address them.
To clarify, Dahua Technology has maintained a B2B business model and sells its products through the channel. Currently in the North America market, we don’t sell our products “directly to consumers and businesses through [our] website or retailers like Amazon.”
Amazon is not an approved Dahua distributor and we proactively conduct research to identify and take action against the unauthorized sale of our products. A list of authorized distributors is available here.
Also, the Wall Street Journal omitted facts from the Level 3 report, in particular, the passage that states, “Of the bots we’ve observed participating in attacks, peaking at more than 1 million devices, a large percentage are located in Taiwan, Brazil and Colombia.”
Dahua’s Cybersecurity Committee is dedicated to researching, testing and verifying vulnerabilities, as well as working very closely with third parties who conduct regular testing on Dahua products. To the best of our knowledge, the DDoS [distributed denial-of-service attacks] threats have not affected any Dahua-branded devices deployed or sold in North America.
The committee has also determined the devices that became part of the DDoS attack had one or more of these characteristics:
- The devices were using firmware dating prior to January 2015.
- The devices were using the default user name and password.
- The devices were exposed to the internet without the protection of an effective network firewall.
Education and communication are very important to us, and keeping our customers informed of any risks or potential risks is a priority. We are reiterating to our customers that it is crucial to select strong passwords, keep firmware updated, and only forward ports their devices actually need.
We strongly recommend that our customers and partners review our list of cybersecurity best practices on our website, which can be viewed here.
Specific to this issue, we are offering replacement discounts as a gesture of goodwill to customers who wish to replace pre-January 2015 models. Dealers can bring such products to an authorized Dahua dealer, where a technical evaluation will be performed to determine eligibility.
Above all, securing our customers’ assets and protecting their Dahua products is of the utmost importance to us. We continue our commitment to work with our customers and partners to make our products and solutions as secure as possible.
SecurityProduct Briefs: OneVision VR; URC Sonos Module; Luxul Customer Assurance Program
SnapAV Acquires Allnet, Major Midwest Distributor for Home-Tech Pros
Nortek Patent: The Idiot Savant of Smart Garage Door Openers
Security Rep Firm LRG Partners with Nest Labs Professional Channel
Parasitic Smart Locks: August and Nest/Yale Sponge Power off Doorbells
View more on Security
Take Our Latest QuizzesDo You Know the Origin of These Brand Names? Take the Quiz
So You Think You Know Smart Lights? How about a Dimesimeter?
Cover Your AAS: 4 Questions to Reveal if You’re Ready for an As-a-Service Model
Test Your CES Knowledge! Take This Short Quiz
Who Buys Smart Home Tech? Test Your Knowledge of the Home-Tech Market