"Before the war broke out, Ukraine had just rolled out "Safe City" across the country: an extensive network of video surveillance. The cameras, often with an internet connection, appear to come largely from Chinese state-owned companies and are easy to hack. Is Russia watching?"

This text was translated from a trustworthy dutch newspaper indepth article NL volksrant article Chinese cameras in Ukraine risk

Unfortunately, I couldn't get the full English translation online.

you are viewing a single comment's thread
view the rest of the comments

[–] IsoKiero@sopuli.xyz 1 points 2 years ago (1 children)

" Risks: Users of these cameras run several risks. A possible hacker can: watch with the camera, change the password, adding the camera to a botnet, crash the camera, find out the location of the camera; access other devices in the home network.

The advice doesn't mention Dahua spesifically and the rest applies to every device you might connect to your network with poor security. It might be a camera or a tv, fridge, dishwasher, thermostat or a light bulb to mention a few. Most of those are just a small (often linux-based) computers which can do a lot of things, as computers in general do. Their security is just garbage and if a malicious actor gains access they can do whatever a compromized computer could do on the network.

On CCTV spesifically the worst ones are the devices which work only with some cloud-based messenger app. It's like connecting your home security to whatsapp (altough whatsapp itself is somewhat secure on that matter), but way worse.

Dahua, Axis and loads of other camers don't broadcast to internet by default and your NVR needs to connect to them (often, but not always) via RTSP. If your network is properly firewalled (NVR included) there's very little risk of attacker gaining access to that camera and using it as a general purpose computer to spy on you and hacking your devices trough it.

The 'predictable UID' and 'license plate on the internet' is mostly praising FUD and while it is true for certain type of cameras (the kind you'll connect over the internet directly either via a cloud service or a messaging platform) it's not a blanket statemet which would be valid for each and every camera manufactured at China.

It's certainly possible to run those devices securely and with Dahua you can run them entirely off the internet if you decide to do so (with some tradeoffs of course). The major problem is the people, who just buy cheapest things around and plug them into the network without any worries about any kind of security.

Of course there's at least some influence from the governments around the world to promote the 'we can spy you trough this but it's really convinient to setup' kind of devices, but if you either pay attention by yourself or get yourself a companion who'll set your hardware in a secure manner the problem doesn't exist anymore.

And that applies to everything with internet connectivity. Philips HUE lightbulbs have had vulnerabilities as a load of other 'smart' appliances, Ring and Nest included. And leaving anything connected straight to public internet has risks, some more manageable than others.

[–] HowRu68@lemmy.world 1 points 2 years ago

Thanks for your elaborate reaction. I'm certainly not knowledgeable in security matters the way you are. I do agree and can see, that certain systems, soft & hardware platforms can be more vulnerable, regardless their origin.

Also, yes , Duhua wasn't mentioned as a risk. And, although it is possible to set up more secure systems, apperantly it has simply not often or sufficiently been done in the past, either by governments or end consumers. Ofcourse, in the end of the day everything is hackable, if not offsite, then surely onsite.

The issue according to many media has been the unsecure cameras, especially in Ukraine ( but also in many other countries) . So, I'm just hoping that this information leak is being tackled, in a correct way.

But, what you have said, has made it even clearer to me, how vulnerable we all actually are.