Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and manufacturing of 'Honeywell' branded IP cameras.
Now, after years of silence, Honeywell has spoken to IPVM, explaining what they are doing to address the NDAA ban, the release of their 30 series IP cameras, their cybersecurity process and whether any Dahua-OEMed Honeywell cameras have the Dahua wiretapping vulnerability.
Executive *******
********* **** ******** ** *** *** '***********' *** '*****' ****** **** ***** ***** ****** the'**' *********** **** ****** ************ *******. ********, Honeywell **** *** ***** ***** ***** series ******** * ****** **** **** normal ***** ******* ** *** **** they **** ******** ** ****-* ************* certificate *** *** ***** ****.
**** ********* ** ********** **** ******** is ********* * ***** **** ******* in ************ *** *******. ** *** other ****, **** ****** ** ******** from *** ********* *** *** ********* OEMing ** ***** ******** ***** ****** buyers ** **** ** ************* ********** NDAA ****** ********. ********, ***** ****** a ***-***** *** ********* *** ****, it ***** ****** ********* ********* ** other ************* ****** *** ** ****** offerings, * ******* ******** *** * company **** *** ***** ******* ** the **** *** ***** ** ***** security ***** (*.*.,********* *******************).
Wiretapping *************
********* **** ** ***** ****** *, 2019:
** *** ******* ** ********* *****, if ***, ******* *** ******** ** this ************* *** *** ******* ******* with ***** ** ************ *** ********* firmware *****.
**** ** * *******. ***** **** about ****, ** ***** *** ****** and ********* ** ******** ** ****** 2nd ***** **** ******** *** ********* still *** *** ********** ** **** are ********. ***** ***** *** **** made **** ***** ** ********, ** ultimately ** ***** *********'* ************** *** picking *****.
Background ***** ******
*** ***** ***** **** ************ ***** ******* ** *** ****** Chinese ***** ***************** *** ******* *****:
Honeywell ************* ***********
********* **** * ***** **** ** IPVM *** **** **** *** ***** for *************.
*** ***** ****** ******* **** * crypto ******* ** ****** *** ** their ******* ****** **** ********* **********:
*** ********* ***** ****** ******* **** built-in ****** ******** ** ******* ******** tampering **********. ************, *** ****** ******** and ********* ***** ********** ************, ****** key *** ******* **** ** * highly ****** ***********. **** ******* ********-***** encryption *** ******* ****** ** ********* for *** ****** ****** ** ******* against ***** ******* *** *********. ********* developed ******** ******* ***** ********** *** protection ***** ** **; *** *******, encrypted **** *** ***** ************* **** HTTPS, ****** ******** *** ******** ********** for ********** ******* ******* ********* ** tampering ****** ******** *******, ****** ***** analytics *** *********** ******** ******* ********* while ********* ** ************* ** ********* enabled *******.
** ********, ********* **** **** *** Dahua *** ******* ** *******:
******** **** ********** ***** ** *** threat *********** ***** ** * ********** product ** ******** ** **** ** the ********* ******** *** ******** *****
******** ************ *** ******** ******** ***** on ******** ********* *** ********** **** as *****, ***/*** **/*****, *** *****, PCI ***, ****, *****, ********** ***** laws *** ***********, *** ****** ********* on *** ******* ** ******** *** the ******** **** **********
******* ****** ***********
****** ********
****** ******, ******* ** ******, *** Secure ****** ********* *** *********
****** **** ******** (****** **** ********) to ******* ****** ****** *** ****** practices
****** ******** ** ******** **** ****** usage *** ********* ***************
*** ******** ** ******* * ****** and ************* *********** ******* *******. ** some *****, ********** *********** ******** ******* is ********* *** ******** ********. *** criteria *** **** ********** ******* – as **** ** ***** ******** ** offerings *** ******** *** **** – is *******-**** *********** ***********.
* ****** **** ********** ****** **** requires ******** ********** ********* ***** ** severity
****** *** ******** ** ************* ** senior ********** ***** ** ******* ********
********* ******* *** ******** ************ *** security *******
** *** ***** ****, ** *** wiretapping ************* ***** *****, **** *** still ******* ********* ** ***** ** assess **** ******.
********, ********* ********** **** *** ***** series *** * ** ****-* *************.
*******, **** ** **** *** *** more ********* ***** ******. ***** *****-**** Essentials ****** *** ** ****, ** UL *************, ***.
NDAA **** *** *********
********* ********* ****:
**** **** ** *********** * ******* to ***** ********** ****** ** *** market ***** **** ****** ******* ******** and *** ***** ********** ** ******** Honeywell *******, **** *** ** ****** line, **** *** ******** *** *** as **** ** ***** ******* ***** comply **** **** ****, ******* ***. The ** ****** ** *** ***** release ** **** *******. ** **** expand ***** ****** **** *** **** 12 ****** ** **** **** ***** customers *** ****** *** ***** ******** they **** **** *********. ** **** continue ** ******** * ***** ** cameras *** ***** ********* *** ***’* require ***** ***** ******* ** ****** with **** ****, ******* ***. ** are ********** ********* *** ******** ** ensure **** **** **** *** ******** needs ** *** ********* *** ***** and ********.
********* *********** ****** ***** *******, ** least ***** ** *** ****** ** LinkedIn ***** ** *** **** ***** such **:
***:
OEMing **** *******
*** ** ****** ** ***** **** Vivotek ** *** **** ****** *** both ********* *****:
********* ******** ** ******* ** **** but ** ** ****-*******.
**** *** *** **** **** *** "positioning *** ** ****** ** *** mid-scale *****: ***** *********** *** ***** equIP *** **** ** **** ** the **** ****** ** **."
***** ** *** ****-***** ******** ** how *** * ********* ***** *******:
*******
*** ******* ** *********'* ** ****** program ** **** ********. *******, ** is ******* **** ** ********** *** base ** ****** ******* ****** *** Honeywell ****** ** ********** ** ******** to ** **** *********** *** ********* about *** ******** *** *************.
** * **** ***, **** * purely ******** ***********, ** *** ************** that ********* ***** **** **** ******* by *********** ***** ************'* *******. **** time ** *** ****.
**** ********* ********* ***** ***** ** confused **** ****** **** ****** ******** is * ******* *** ********* *** potentially ******* **** ** ******* *** Dahua **** ****, **** ***** ***** for ***-** **** ********, ********* ** Vivotek ********* ** ****** * ****** manufacturer, ***.
********, *** ********. ** ** ***** a ***** ****** *** ** ** still ** ********** ******, **** ** without *** ****, **** ** ********* so ***** ** ****** ************* ** use ***** *******. * ***** ** is **** ********* ****** * ********* but ***’* *** *** ***** ** buying ***** *** ******* **** *** same **** *** ** ****** ****** for * ***** ***** *** ****** direct *******.
** ***** *** **** ******* ** by *** ******* ***** ****, * don't **** *** **** ** **** not *** *** ******.
***** ** ******** *******/********* ** ********, I ********** **** ********** ********** ***** 😜. *'* ***** ** *** *** Battlestar ********** **** ** ******* (*** know....like ** *** ** ****** **** that).
“****** ******** ** ******* ******** ********* protection.”
*** **** *** **** ******* **** the ******* ** *** ********?
*** ******-******* **** **** **** ****** only ******* ******* ***-********* ****** ********... unless **** ****** ******** ***’* ******* of ************ ******** *** ******* ******* key **** *** ********...
****** ****** ******** ***** ** * lot ****** ** ******** ********* ** modified ****, * ****** *** *** it ***** ******** ****** * ******** file **** *** ***************?
****** ** **** **** ************* **** me **** ** *** ** ****?
* ******* *** ***** ******* ******* capability ******* ** ********** *** ** the ****** ** ** ****** **** side-loading. * ***** **** ** *** introduce ** ******* ****** *** ****** supply ***** *** *** *** ** with * ********* ****** *********** ****** being ********* ** *** *******. **** would ** *** **'* ******* ** be ********** ****** ********** ********* ** crazy ****** **** ****.***, *****?
******* ******* **** *** *********?
** ** **** *************, **** ** use ********* *****, ***** *** ************ in *****. ***** ** (********* *** buyers ** ***** ********) *** ********* drive *** ****** *** ***** ************* of *** **** **** **** ***** ago, ******* **** **** ** * high **** *********** **** ****.
* ** ******* **** ****** "******** but ***** ****** ** ******" ******** can **** **** ******* ********** ** other *********. * **** ** **** the ************ *** ******** ** ****** diversity ** *******. ** ****** *** quick ** ****** *** ** **** to *** "****** ** *** *****" that ***** ** ** ******* ** offering.
**** ***** ****** ****** ******:
*** *** *** ******** **** ***** Boeing *********
******* ***** *********.
******* ******** ****** *** **** ******* Uber ********
**** ******* *** ***:
********* ***** *** **** ****** ****, and ***** *** *** ** **********.
********* ****, ******* *** **** *****, North ********.
*** **** ******** ****, ******* ****** and ******* *******
** ************** ****
***** ** *** ***, **** **** want ***** ***** *********. ** *** can **** **** ****, **** ****** "low *****".
** ****** ** **** **** *** manufacture ** *** ********* (**** *********) Series ** ******* *** *** **** baked. *** ******* ** ** *********** a ********** ********* ******. **** ** HiSilicon *****.
***** ****. * ******* ********* *** finding *********** *******.
********, *** ********** ********** ** *** access ******* *********** (******** **** ****, blaster *****, *** ****-***-**** ******* ******), shows ** **** *********** ***** ********. Who ****** ***** **.
********* ******* **** **** *********** ** the **** ***** ** **** ****** chip. *** ***** ******* **** *** crypto ******** ** *********. *** *** not *** **** *** ** *** certified ****** ******* ** ***** ** that ****** (** **** **'* ****-*** or ******** ****.) **'** ******** ** believe * ******* **** ** ********* being ********** *** ** ** *** crypto ******** **** *** ****** ** the ******* ** *** ******* ******* in ******** *** ****'* **? ** you **** ** ** ***** **** you **** ** **** ** **** crypto ******** *********. (*** ****** ****** that ******* ***** ****** *** ********* received ****** **** **** *** **** the ******** ***** **** **.)