Tens Of Thousands Of Dahua DVR Pws Cached In IOT Search Engine, Allowing Easy Botnet Herding For DDoS | Information Security Buzz
An expert in IoT security offers perspective on findings by (published on Twitter) by Ankit Anubhav, Principal Researcher at NewSky Security, that login passwords for tens of thousands of Dahua DVR devices have been cached and indexed inside search results returned by IoT search engine ZoomEye. Related: CVE-2013-6117.
“Reports of passwords for thousands of public Internet-facing DVRs being exposed by the ZoomEye search engine, further highlight how connected device vulnerabilities can go unpatched for many years. In this case, a vulnerability from 2013 is being openly leveraged to extract admin passwords for the systems. This highlights one of the key issues with IoT security where, even though the vendor had actually fixed the vulnerability, the owners of the devices still haven’t got around to, or been able to, upgrade them. Read more…