When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product.
The same goes for easily 100 different 'manufacturers' as we covered in our Dahua OEM directory and Hikvision OEM directory.
Axis is taking aim at this in their cybersecurity training program. Axis highlights the usual weaknesses of default passwords and out of date software, but goes on to describe OEM/ODM products as risky choices for customers concerned about cyber security.
Axis describes their development/manufacturing approach as one where the customer receives a genuine product, implying that products sold under other well-known brands (e.g., Honeywell) may not actually be the engineering effort of those companies:
In this report we analyze Axis' claims of OEM risk.
Axis *** ******** **** ******
** **** ** *********** ******** ******* ************* ******(****: ************ ********), **** ********** ********* risks **** ***/*** *******, ***** *** manufacturer ******* *** ******* ***** ***** own ***** *** **** ******* ******* to ******* ** ******** *****:
**** **** ** ****, *** *******, Dahua ******** **** ******************(*** ****** ******) ***** *** ***** a***** ******** ************* *** ********. ***** *********, *** **** ******, found ********** ********* ** ***** ** update ******** *** ***** ********, ******* them ****** ** ******* ******** ******** for ******* ******** *******.
In ***** *********** ********
**** **** ** ** ******* *** benefits ** **-***** ***********, ****** **** control **** ******* *********** *** ******* to ******* ** ******** ******:
***** ** ** ***** ******** ** in-house ***********, *** *** ***** ***** that * ******* **** ******** *** own ******** ***** ** **********, ** great *****, *** ** *** ********. By ********, **** **** **** ****** to ******* ***** *** ******** ** 'their' *******, ****** ******** ** ****** the *** *** **** / ******* to *** ****.
No *** ******
*** ********, ******* ********* ********** ** OEMed, *** **** ***************. ******, ********* and *****, *** '*******' ***** *** software **** *** ******* ***************, ********* backdoors. **** *** *** *** ***************, though **** ****** ** *******, *.*.,*** **** **** ******** **************** *** **** ************* ****** ** **** ***************.
Dahua / ********* ******** ****
***** *** ********* ****** ******** ** a *********** ****** ** ******/************, ********* several ***** ******** ***** (****, *********, Interlogix, *********, ***** ******)
** **** *****, **** ** ***** brands **** **** ***** ************** ** portions ** *** ******* ** ** features/integrations. **** *** **** ** ********** taxing *** *****/********* **** **** **** a ************* ********* * ******** *****/******, as ** *** ****** ** ******** software ****** ******* ** ** ******* and ******** ** ***** *************/************.
Many ***** ******* ****
***** ***** *** ********* ******** ** the **** ****** ** ******, ***** are ****** ** ***** ************* *** OEM ** ******* *********, **** ******* code *** ******** ****** ****** ******* their ********. *** *******, ****** ******* ******* ************ ***'* ****************** ** ********** ***** *** *** and *** **** **** ** **** of * *** ****** ******.
Benefit *** *** - ***** ****
**** *** *** ***** ***** **** their ***** ********* **** **** **** charges. *** *******, ******* '*************' *** pay $** ** **** *** ***** level *** *******, *** **** **** anything ********* **** ****.
**********, ******* **** **** (** ***** manufacturers ******** ***** *** ******** **** as ********, *****, ****, ***.) **** to ** **** ********* *** ********** specifications. ****** ********-********* ************* *** ***** be ********* **** *** ***** ******* is **********, ***** ******* ******-********* ********* may ****** ******** ******** *** * product **** *** ***** * **% hardware *******, ************ ** ** ** from * ********** ***** ****** (***, FLIR, *********, ***.).
OEM/ODM **** *** ********* ****
****** ******* * ******* ** ***'* does *** **** ** ** ********** insecure, ******* *************** **** ***** ** the "********" ******* *** ****** ** be ****** **** ** *** *** versions *** ** **** ********* ** more ********* *** **** ********* ** get *****.
Assessing ************* ****
************* ***** *** ********** * ****** of * ***** *****'* ********** ** the *****, *** **** * ****** of *** ************ *** *******. ********* is *** **** ********** ** ** "owner-developer" *******, *** *** *** ** the ***** ************* ***** *******. **********, companies **** ********* **** ********** ** nothing *** ***/*** ********, **** ** far ******* ** ******* ******** **** are ********** **** ** ******** ***************. This ***** ** *** ** ***** products ***** **** ******** **** *********, better *********** *********, ** * *********** of ****.
** **** ** ***** ******** ******, Axis ******** * **** ** ********* to *** ********* *********:
** *******, ***** *** **** *********, and *** **** *** ** ********* should ** ***** ** *** ********* manufacturer/brand, ********** ** ******* ******.
Assume ********** ***** ****** *********
** ************ ** ***** ************ ************* *************** and *************, *************** **** **** ***** ** several *****/********* ******, ********* ****. ***** should *** ****** ***** ******** ****** product *************** ***** ****** ** *** manufacturing ******** ****.
*******, ** ** ***** **** ***** products, *********, ******** *** **** ** vulnerabilities *** ******** ** ********** ** them.
"As part of their training module, Axis provides a list of questions to ask potential suppliers:"
Is it just assumed a suppler will answer these questions honestly? In lieu of outright lying, it seems they would at the very least be vague if answering in the negative if they felt it would jeopardize a deal.
Tony, that is a good question.
In some cases, like asking about backdoors, it may be hard to dispute a given answer, however it would still be helpful to ask (and document the response) in case of any future vulnerabilities. How you deal with a manufacturer that gave you incorrect data would vary depending on the situation, but I think you would be better off than never having asked.
Other items, like penetration test results should be shareable and reproducible.
Is it just assumed a supplier will answer these questions honestly? In lieu of outright lying
If you want something more factual / verifiable, ask: Has there been any DHS ICS-CERT advisories on your company's products?
The problem with OEM as an integrator is that it's hard to know if the same vulnerabilities affect the OEM as the name brand manufacturers. As an example, Hikvision has changed and updated their login/password procedures over the past couple of years but not all OEMs have followed this path which means there could be authentication differences yet it's very hard to know where the changes take place and if particular OEMs are actually affected by vulnerabilities found.
In both the Dahua and Hikvision recent security issues, I'm seeing OEMs that don't even know about the issue and have yet to receive or release new firmware let alone let their customers know about it.
It makes it hard to pick suppliers because, on one hand, the OEMs we work with tend to be very responsive and extremely helpful compared to working with Dahua or Hikvision directly. Yet when problems like security issues arise, OEMs can fall short in handling it in a short time if at all.
Hikvision has changed and updated their login/password procedures over the past couple of years but not all OEMs have followed this path
Good example. Related: ADI Finally Fixes Hikvision OEM'd Security Risk
If you buy axis you are buying axis that is unless you buy canon which is axis but not axis... well it's kinda axis but also....
;)
The issue with Axis is they offer no great benefit over the major chinese manufactured cameras to justify the costs.
Nothing against Axis, they are just overpriced and they are obviously feeling the pressure to respond to the asian manufacturers via their training module as well as their recently poor attempt to offer low cost cameras to compete with these manufacturers. They still do well with project based jobs but losing ground with the everyday integrator.
This isn't entirely accurate. Axis has software the just works, vs some of the software available from Dahua and Hikvision that either doesn't always work, or is very difficult at best.
One example is that ability to quickly administer firmware updates. Axis Camera Management is a really good tool. Dahua and Hikvision have utilities to update firmware too, but not as easily.
If you really want to go a step further, Avigilon makes it even easier. It's automatic.
Some of these don't matter when you are managing under 16 cameras and they all the same model. But when you manage hundreds of units of varying models, tools like this are essential.
I'd also add, there is no way to patch the firmware of an OEM / ODM's hikvision or dahau, with out going through the OEM. I have more faith in hikvision being able to patch their cameras directly than 95% of their OEMs.
That's not 100% correct either. You can flash Dahua with DH or General firmware on any device. It doesn't matter who the OEM is either. You can flash DH firmware on a Flir if you want to.
You can flash DH firmware on a Flir if you want to.
Have you verified that specifically?
Yes, Speco too. Probably other brands too, but can't think of them at the moment. I've flashed various non-branded OEM (General) with DH firmware too. The one and only thing you have to be careful with is NTSC vs PAL on anything analog. IP doesn't seem to make a difference, maybe unless you are using the analog output on an IP device.
Comments like this should be grounds for expulsion from IPVM.
Opinions are one thing. Outright and blatant stupidity is another.
That's an easy shot, coming from someone hiding behind an undisclosed tag.
Not at all. Your posts are frequently great for a laugh.
Mostly, I'm thankful that you use your real name, company name, and photo so that I know exactly who to never consider doing business with in the future!
What a shame. Hate to miss out on doing business with what seems to be a pleasurable gentlemen or lady or whatever you are. I think i will just let axis have that pleasure.
Comments like this should be grounds for expulsion from IPVM.
Yes but you'll do better in the future, I'm sure...
Outright and blatant stupidity is another.
That's out of line and unfair. Feel free to disagree but calling someone stupid is ad hominem and unprofessional.
Apparently it was the original comment "The issue with Axis is they offer no great benefit over the major chinese manufactured cameras to justify the costs." that is grounds for expulsion. Someone is a bit too thin skinned apparently.
I was looking for something about someones mom or their ethnic heritage, but it was seriously just that comment.....
Axis should consider bringing on more companies to relable their products. Axis support for smaller integrators is terrible, this is why their product never took off for us. I called several times and could never get anyone to come out and train us because we were new to IP video and they didn't take us seriously. In the last 5 years we've now sold thousands of IP cameras. It was a loss for Axis. On the other hand we've worked with people who relable other cameras, because they're smaller I've found they paid more attention to us and provided the support we needed in the beginning to get moving. I am of the opinion of Axis sold their products through a few reputable firms who relabled them and provided their own support they could reach some integrators they would not normally reach. I could be totally wrong but that's my 2 cents.
Axis offers training all over the world. Did you sign up and attend any of the training events?
I'm not going to drive two hours and spend a day in training to learn about their product line. I've had dozens of camera manufacturers and VMS providers come to our office and spend an hour with us. At the time we were not looking for a full training just someone to quickly go over the product line and help us understand how project registration worked and a few other things, including their own VMS. Basically I wanted someone at Axis to sell me Axis. When I started looking at product lines I had never heard of Axis before.
I would have to disagree with the lack of support for the smaller integrator. I had an issue with two Axis camera shortly after a firmware upgrade. They randomly froze. I logged into my Axis account, followed the instructions, and got a reply shortly after. They sent a different version of the firmware and briefly explained the issue. I generally never need support from most manufacturers. It's really only when things go wrong or products fail do you really need support and that's when you discover how good or bad a manufacturer's support is. I found that Axis was responsive and better than some of the others I've experienced.
The only time I might need camera support is if there is a new product or a unique product offered that may need some assistance to see if it would work for a particular scenario.
As far as training goes, I prefer web training when available.
I've never had a bad experience with Axis Support. Come to think of it, I've not had many experiences with Axis Support in general in 15 years. I guess that says something.
Maybe I'm alone in the fact that I want a relationship with the company I am doing business with. We hardly call tech support for any of the dozens of manufacturers we offer.
I'm not saying Axis doesn't have good tech support (I've never needed it), only that they might benefit from using companies who will relabel their products and provide some sales people on the ground to push it locally.
With the exception of Ubiquiti, I refuse to offer a product without first meeting with someone first. Even if it's a web meeting. I want to talk to someone. Currently, Axis doesn't have much of a local sales force, and I would venture to guess they're losing a lot of deals to companies who do. I have personally sold thousands of IP Cameras now, less than 50 of those were Axis. Had Axis or a company who relabeled Axis showed up; maybe they would have gotten that business.
I realize the focus of the article is Axis is saying they don't relabel other cameras. My point and I should have been more clear is that Axis MIGHT consider allowing other companies to relabel their product IF they're not going to strengthen their local sales force. As great as they are if new integrators don't know about their product they're not going to sell it.
I refuse to offer a product without first meeting with someone first. Even if it's a web meeting. I want to talk to someone.
I believe that's an important and widely held position amongst integrators. It is also one of the things that Hikvision has done right. They have hired a lot of sales people and made them accessible to mid size and smaller integrators, an underserved market.
Axis, at least it appears to me, is more focused on larger integrators and pulling in larger end users.
Not sure where you are located, but I know we have 2 AXIS guys in Michigan that are easy to get in touch with. I would think it is like that all over? Have you tried reaching out to them again? I just find it hard to believe that if there was an opportunity to sell more cameras they would pass it up. https://www.axis.com/us/en/partners
In the last few years we have standardized on Axis enterprise wide. I have over 1500 Axis cameras globally and our service rates have dropped dramatically when compared to other manufacturers. The engineering and build quality are above and beyond all other cameras I have tested. Of course ease of installation, compatibility and image quality are other factors where Axis has exceeded expectations.
Axis has been relatively easy to install and so has Avigilon. When speaking about camera installation specifically, Dahua and Hikvision have caught up with a lot of their accessories. I find the manufacturer back boxes and compatibility with standard electrical boxes to help in installation. Dahua has one issue that they seem to be slowly changing. Some of their conduit KO's are M20 and some of their newer boxes have 1/2". For that we use M20 to 1/2" adapters. Hikvision seems to use 3/4" on all of their products.
I find it more difficult when a manufacturer makes a great product and then doesn't have the hardware to make it easy to install in many scenarios.
Hi Dwayne, could you give us an idea against which other manufacturers you have tested Axis?
Undisclosed Distributer,
That would be three of the top "undisclosed manufacturers".
You know who they are but I wouldn't dare to begin listing them in this thread.
Dwayne
As far as I remember Axis also OEM some of their models from Taiwanese manufacturer, at least in the past, do they stop all the OEMs now or they just hide it better than others?
Axis used to OEM from a Japanese manufacturer - Canon. I am not aware of any Taiwanese product though some of their product is certainly produced there.
Hmm.. you can easily find supporting information if you can read Chinese, the manufacturer I am referring to is a listed company in Taiwan and you can easily find public information as long as you search Axis + the manufacturer's name in Chinese. Here is one link for your reference, maybe you can google translate.
https://statementdog.com/insight/posts/42-%E5%BD%A9%E5%AF%8C(5489)-%E9%9D%A2%E5%B0%8D%E4%B8%AD%E5%9C%8B%E7%AB%B6%E7%88%AD%E7%9A%84%E5%AE%89%E6%8E%A7%E8%A8%AD%E5%82%99%E4%BB%A3%E5%B7%A5%E5%BB%A0
Of course, maybe they stop it now so they made that claim in this article, or it's not cameras but NVR or joysticker or some other accessories they are OEM from the manufacturer, but personally I don't believe so....
Dynacolor? That is only the test monitors and complimentary accessories - I'm not sure thats a fair comparison to companies above who do not engineer cameras and simply rebrand others.
AXIS used to be an OEM for other brands such as Canon but worked very hard to get out of that business once their own brand was sustainable.
Many accessories, such as lenses and joysticks are OEM or relabels (like many others in the industry). But their core camera business I believe is what we should be referring to. Of course, some of the core components of the camera are not manufactured by Axis, rather OEM/ODM, similar to how apple approaches their markets. Axis does a good job of taking ownership and saying they are a true manufacturer, vs. using contract manufacturing.
Maybe that is a point for a new discussion: What security manufacturers have their own manufacturing facilities to make PCBs, assemble components, perform optical testing. This is as opposed to a contract facility that may make cameras one day for Brand A, and then Mobile phones for Brand B the next day. Is this a requirement to be a top tier manufacturer, or just the MO of the new world order? Are there advantages/disadvantages to a company having their own manufacturing facility in terms of product price, quality, speed to market, etc....???
I don't know Axis offer in depth, but someone told me last year that their cheapest cameras are manufactured in "Asia". Is that true? If true, is it like a OEM/ODM or just is that they have a factory there?
Thanks.
Yes, they have manufacturing in several places - including China but these cameras are currently only for the chinese market. They also have some very specific products only for the Chinese market which you can't find on their english website. They have CLC's where the cameras are configured and tested in several locations throughout the world - but all cameras are axis products, axis designed and running axis software.
Yes, they have manufacturing in several places
We covered this here - Axis: Minimal Made In China Products, Ending This Year (Except For In China Sales)
