Zhejiang Dahua Technology Co., Ltd. is a provider of video surveillance products and services. The company is partially state-owned by Central Huijin Investment, a subsidiary of sovereign wealth fund China Investment Corporation that is overseen by the State Council of the People's Republic of China.
|Traded as||SZSE: 002236|
|Industry||Video surveillance Solutions|
|Products||Security Cameras, Network Cameras, HDCVI analog-to-HD Solutions, NVR/DVR, PTZ Cameras, Fisheye Cameras|
|Revenue||$2.1 billion (2016)|
Number of employees
Dahua Technology has around 13,000 employees all over the world. Dahua solutions, products, and services are used in over 180 countries and regions. It has 35 subsidiaries globally covering Asia (dahua iran), the Americas, Europe, Middle East, Oceania, Africa, etc.
In September 2016, the largest DDoS attack to date, on KrebsOnSecurity.com, was traced back to a botnet. According to internet provider Level 3 Communications, the most commonly infected devices in this botnet were Dahua and Dahua OEM cameras and DVRs. Nearly one million Dahua devices were infected with the BASHLITE malware. A vulnerability in most of Dahua's cameras allowed "anyone to take full control of the devices' underlying Linux operating system just by typing a random username with too many characters." This was exploited, and malware installed on devices that allowed them to be used in "both DDoS attacks as well as for extortion campaigns using ransomware."
In March 2017 a backdoor into many Dahua cameras and DVRs was discovered by security researchers working for a Fortune 500 company. The vulnerability had been activated on cameras within the Fortune 500 company's network, and the data trafficked to China through the company's firewall. Using a web browser, the vulnerability allowed unauthorised people to remotely download a device's database of usernames and passwords and subsequently gain access to it. Dahua issued a firmware update to fix the vulnerability in 11 of its products. Security researchers discovered that the updated firmware contained the same vulnerability but that the vulnerability had been relocated to a different part of the code. This was characterized by the security researchers as deliberate deception.
- "2019 Q1 Report" (PDF). Dahua Technology. April 2019. p. 5. Retrieved September 5, 2019.
- "Introduction - Dahua Technology". de.dahuasecurity.com. Archived from the original on 2018-02-24. Retrieved 2018-02-25.
- "Dahua, GKUVISION, SLR Magic LTD, & DZO" (PDF). olympus-global.com. February 22, 2018.[dead link]
- Franceschi-Bicchierai, Lorenzo (29 September 2016). "How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet". Vice. Retrieved 2019-06-03.
- Goodin, Dan. "Brace yourselves—source code powering potent IoT DDoSes just went public". ARS Technica. ARS Technica. Retrieved 2 October 2016.
- "Attack of Things!". Level 3 Blog. Level 3 Communications. Retrieved 3 October 2016.
- "BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet". HackRead. Retrieved 3 October 2016.
- "BASHLITE Botnets Ensnare 1 Million IoT Devices". www.securityweek.com. Retrieved 2019-06-03.
- ipvideomarket (6 March 2017). "Dahua Backdoor Uncovered". IPVM. Retrieved 2019-06-03.
- J. FREEDBERG JR., SYDNEY. "Hacker Heaven: Huawei's Hidden Back Doors Found". breakingdefense.com. Breaking Defense. Retrieved 7 July 2019.
- "Dahua backdoor". Krebs on Security. Retrieved 2019-06-03.
- at 02:58, Richard Chirgwin 8 Mar 2017. "Dahua video kit left user credentials in plain sight". The Register. Retrieved 2019-06-03.
- "Dahua security camera owners urged to update firmware after vulnerability found". The State of Security. 8 March 2017. Retrieved 2019-06-03.
- Shepardson, David (2019-10-07). "U.S. puts Hikvision, Chinese security bureaus on economic blacklist". Reuters. Retrieved 2019-10-07.