I thought Interlogix closed their doors, out of business.
Banned Hidden Relabelled Hikvision Surveillance Purchased By US Embassy
A US Embassy is purchasing banned Hikvision OEMs, violating the NDAA ban. The embassy's contractor emailed IPVM asking us to sell them these products and was confused when IPVM alerted them to the fact that this was illegal.
Inside this report, we cover how the contractor accidentally tipped off IPVM to the Hikvision purchase, the equipment being sold, the contract, and the State Department's Response.
Embassy Vendor Asks IPVM for Interlogix Stock
A representative for Venezuelan security integrator Grinta emailed info@ipvm.com claiming to be "in urgent need" of Interlogix cameras to fulfill a contract with the US Embassy in Caracas:
IPVM does not sell any products but intermittently receives such emails most typically because our reporting is returned in search results and people mistakenly email us.
IPVM Points Out Illegal Sale, Grinta Claims Ignorance
IPVM responded informing the vendor that these Interlogix models are actually made by Hikvision, which the US Embassy cannot buy or use, saying:
Thank you for your inquiry. Those devices are manufactured by Hikvision and selling them to the US government will violate US law (specifically the NDAA).
How can we help you and the US embassy in Venezuela correct this mistake?
The Grinta representative replied that "Interlogix/Truevision, as a brand, has nothing to do (to my knowledge) with Hikvision" adding that "I am sure our client would not request a brand that violates any law."
The US Embassy is likely unaware. The problem is that sellers of OEMs like Interlogix (a subsidiary of Carrier and formerly UTC) have long chosen to deceive the public. Since transparent disclosures are rare, buyers of surveillance, even the Federal government, have little way of knowing the actual manufacturer of OEM products. The best option is our Hikvision OEM directory though many do not even realize their product is actually made by another manufacturer, including NDAA banned ones.
Grinta stopped responding to IPVM after we told them we would be reporting on this.
Interlogix Models are Hikvision OEMs
Interlogix is a surveillance brand owned by the multi-billion dollar American company Carrier (spun out of American giant UTC in 2020). IPVM verified that Interlogix products are OEMed from Hikvision in both 2017 testing of Interlogix's 5 series and 2019 testing of Interlogix's 6 series.
While Interlogix makes cosmetic changes to Hikvision's base offering, e.g., from light grey to dark grey, the software is clearly from Hikvision, e.g., as shown below:
Moreover, Hikvision's proprietary SADP software discovers Interlogix devices as Hikvision devices:
IPVM also confirmed that the particular camera (TVB-5403) and NVR models (TVT-1116S-6T) sought by the Embassy are indeed Hikvision OEMs. Interestingly, the TVB-5403 was impacted by the Hikvision backdoor, as Interlogix confirmed itself (Interlogix describes it with Hikvision's phrasing "Potential Privilege Escalation Vulnerability").
Adding to this situation, Interlogix was shut down (at least in North America in 2019) which contributed to this vendor emailing randomly looking to purchase these devices.
Embassy Bid Found in Public Records
Grinta was recently awarded a contract by the US Department of State to supply security cameras in Caracas totaling $31,238.80, according to public records found via GovSpend:
State Department Responds, Declines to Comment
The US State Department responded to this purchase stating generically:
The Department of State does not comment on security protocols, procedures, or capabilities related to its facilities.
The Department regularly reviews the National Defense Authorization Act (NDAA) list of prohibited manufacturers when making procurements.
Risk Much Broader
While this incident is alarming in itself, the risk is far greater, as for every contractor who accidentally emails IPVM, surely there are many more that quietly and irresponsibly sell banned products to the US federal government. The State Department, the DoD, and other federal entities face significant risk as unscrupulous 'manufacturers' or ignorant sellers sell them banned products whose true identities are hidden, at the expense of the security of the US government.
UTC shut down Interlogix in 2019 and the products are no longer actively “manufactured” (to our knowledge). The products being purchased by the Embassy would be remaining stock. Interlogix’s website is still active with product specifications, etc., likely to help enable sales of remaining stocks.
Incorrect. Interlogix is still selling and supporting equipment outside of the US and Canada, particularly in Australia and Europe.
It does not surprise me that they want to install Chinse banned cameras. Either on purpose or by accident.
"In 2001, Venezuela was the first Hispanic country to enter a 'strategic development partnership' with China."
"In April 2010 China agreed to extend $20 billion in loans to Venezuela."
Can IPVM start a wall of shame for integrators that email them by accident? Please.
Bringing this to light is a real public service. But it wouldn’t surprise me if the Embassy and the integrator see things differently.
It sounds like the only way the NDAA could work effectively is to have a whitelist, not a blacklist. There just is no way an end user can really know- unless they specially type "OEM Hikvision list" in google. The first hit is IVPM's list (thankfully public).
Or there could be a requirement that sellers need to disclose the status prominently as is done in food / nutritional labels, discussed here Top 9 Actual Excuses of Unethical Relabellers
Even this isn't all that helpful. Hisilicon is also banned and their DSPs are used by a huge percentage of manufacturers.
So all that really needs to happen is that ALL federal procurement contracts require the mfr to provide a positive statement of sec 889 compliance. We have made that a standard for all purchases here and we aren't even a governmental entity. No statement of compliance no purchase. If the mfr. provides a false statement of compliance then they have committed fraud.
Great reporting, keep it up!
"The US Embassy is likely unaware. The problem is that sellers of OEMs like Interlogix parents Carrier and UTC have long chosen to deceive the public. Since transparent disclosures are rare, buyers of surveillance, even the Federal government, have little way of knowing the actual manufacturer of OEM products. The best option is our Hikvision OEM directory though many do not even realize their product is actually made by another manufacturer, including NDAA banned ones. "
Now, this is just sick and funny that little ipvm can procure all of this information but the US government cannot? We have 26+ intelligence agencies and can't find an OEM seller? IPVM has access to privileged information that the US government does not? IPVM has an operating budget of.....and the US government has an operating budget of.....
You're right in a way. It isn't hard to show that Interlogix is a Hikvision OEM.
And yet, with these massive resources, the fact is that the Federal government didn't avoid buying banned relabelled Hikvision products.
It actually illustrates how significant this problem is, that the Federal government with its "26+ intelligence agencies" can be so easily duped into violating its own purchasing ban.
We have 26+ intelligence agencies and can't find an OEM seller?
Apparently, the answer is yes.
"And yet, with these massive resources, the fact is that the Federal government didn't avoid buying banned relabelled Hikvision products.
It actually illustrates how significant this problem is, that the Federal government with its "26+ intelligence agencies" can be so easily duped into violating its own purchasing ban.
We have 26+ intelligence agencies and can't find an OEM seller?
Apparently, the answer is yes."
-OR-
It isn't actually as important of an issue as we are being led to believe, or there is more to it then the picture being painted is showing...
I would disagree that it isn't an important issue. But it wouldn't surprise me if some of the people pushing it as a big issue are doing it more for political reasons than because they actually care about security.
And people wonder why millions of Americans don't trust the government to make decisions for them on other aspects of their lives, like healthcare? They can't even police their own decision making that is directly affected by the very laws they have enacted.
It is awesome that IPVM publishes the truth about so many things. It is a sorely missed attribute in today's journalism. Thank you.
Wait, didn't the the U.S. embassy in Venezuela close in 2016?
It's probably like our Afghanistan adventure. We are gonna get out... in 2016.. well really 2018... but I mean 2020..... but this time for real, we will be out by 2022.
I have hundreds of brand new in box Interlogix cameras I could sell them cheap if it weren't being declared illegal to do so.
I was under the impression that Carrier (formerly known as UTC Fire & Security in EU) created their own firmware for the Truvision product family.
That was the 'impression' that they liked to give but our testing showed that was not the case unless you mean by 'own firmware' firmware that was cosmetically changed to show their brand / difference in colors. You can see our test reports that prove this - Interlogix Vs Hikvision Tested and UTC Interlogix Series 6 Tested
The only reason I can think of for specifying Truvison cameras is that they (like I) have Truvision NVRs and the tight integrations are desired (settings management, edge analytics, etc). That is why we were buying Truvision cameras rather than say Axis. Perhaps these sites have a larger problem (as we do) which is legacy equipment and compatibility needs.
After 6 years of false starts we are finally procuring a replacement VMS but that is more because Truvision support in US was dropped rather than our independent resolve to get off of Truvision. The multi million $ budget required has been a high bar to clear when the existing system kept chugging along with no year over year costs for licensing.