Bosch Dropping Dahua

By John Honovich, Published Feb 13, 2020, 10:04am EST (Info+)

Bosch has confirmed to IPVM that it is in the process of dropping Dahua, over the next year, as both IP camera contract manufacturer and recorder ODM / OEM.

IPVM Image

Inside this note, we share feedback from Bosch, examine the driving forces (specifically US government ban / NDAA) and how this impacts both Dahua and Bosch going forward.

For background, see Bosch 3000i Cameras Tested and Bosch Divar NVR Tested vs Dahua.

Bosch *********

***** ********* ** **** ****:

***** ** ******* ** ********* *** IP ****** ******* ********* ****** ****. As **** ** **** ********* ********* plan, ** *** ******* ** ********** partners ******* ** ***** *** ****** production ************ ** *** ************* **** in ****, ********. ** *** *** current *****, ** ***-****, ** **** start ******** ** ******* **** *** manufacturing *********. ****** *** *** ** 2020, ** **** ******** *** ********* and ******** **** ***-******* ************ ** cameras ** *** *.*. ******. ** already *********, ** ** *** *** any ********* ******** ** *** ** cameras.

*** ****, ** ** *** **** a ******** ******** *** ********* ** DVRs ** *** *********. ** *** working **** * *** ******* ** explore ** *********** ********; *******, *** project ** *** ********* ***.

Background ***** / ***** ***********

****** **** ***** ************ *********, ***** has ***** ********** ***** ******** (*.*.,************ ******** *** ****).

*******, ***** *** ****** **** ***** in * ****:

(*) ***** ******** ************* ** ***** a ****** ** *****-**** ***** ******** (models ** ********* ** ********* ******** ********* **** ******). ***** cameras ***** *** *****'* ********, ***-******* SoC, **********, ******, ***. *** **** are ******** / ********* ** * Dahua *******.

(*) ***** *** / **** ******* lower-cost ********* **** *****. ****** *** cameras, ***** ***** ******* ** *** some ******* ** ***** ******** / software ****** **** **** ****** ******** construction *** ******** ************ (***:***** ***** *** ****** ** *****.)

Problems *** *****

*** **** *** ******** * ******** for *****:

  • ***** ** ***** ****** **** ***** firmware / ********, **** *** ******** by *****. *** **** ***** *** a *********** ** ******** '********' ** Dahua. ***** ***** ************* *** ** argue **** ***** **** ********* *** cameras *** ** **** ***** ** risky *** ***** ***** *********** *** still ***** ** ********** ** ******* the ***. ******** ***** ** ****** simpler *** **** *****.
  • *** ***** ********* ****** ********* **** under *** **** ***, **** *** those **** * **** ******* ************** of *** ****. ***** ***** ** banned *** ********** ***. ***** ***** recorders *** *** ****** **** *** certainly *** ***** ** *** **********, carrying **** ******** ***** *** *********.
  • *** '*********' ********* *** ******** ********** and **************** / *********** ** *** ***** House. ***** ****** ** ***** ***** subject ***** ** ******* ******** *** their ******* ******** **** *** ** government.

Impact *** *****

** *** ***** ****, ** ****** presents ****** ******** ** ***** ***** to ****** *** ** *****. ********, Dahua's ****** *** ****** ***** **** what ***-***** ******* *****. *******, ***** is *** * ***** ***** ******** so ***** ** ***** ****** *******, it ******** ******* *****'* ******* ***********.

Impact *** *****

***** **** ******** ** *******, ************** inside ** *** ***, *************** * ******* ** ********* ******** in ********, ***** *** ** ********** ****** ******* *********.

** ********, ***** ** *** * very ***** ******** *** *****. *** Bosch ******** ***** ** ******** ** greater ********** ***** ** ************ ****** in *** **** ***** ****** ************* (whether ************ **** ***** ** ********** end-users) ************ ******** ********** **** *****.

Comments (13)

I think the language they use in interesting. They are looking for other partners, indicating that they do not and will not make the products with their name on it. It sounds like Bosch wants to be a software provider that uses OEM/ODM/contract manufacturing for the hardware side. I know that Bosch is doing a big push for cybersecurity, but does that work to develop the software but still rely on someone else for the OEM production and/or design of the hardware?

Agree: 4
Disagree: 4
Informative: 3
Unhelpful
Funny

They are looking for other partners, indicating that they do not and will not make the products with their name on it.

That's not correct or at least misleading. They also said:

adding production capabilities in our manufacturing site in Ovar, Portugal.

They are definitely manufacturing many of their own products in their own facility.

but still rely on someone else for the OEM production

What they did with Dahua and the recorders is definitely risky. But what they do with a regular contract manufacturer is safe, akin to what Axis does with SVI, a contract manufacturer they use in Thailand.

Agree
Disagree
Informative: 3
Unhelpful
Funny

There is no greater safety than building, owning, and operating your own manufacturing plant.

Agree: 2
Disagree
Informative
Unhelpful
Funny

I think that is exactly opposite. Bosch has never been a real "software company/provider" and probably never will be. They do much better in designing and developing their own hardware and that is where the main focus is. Moving forward, the Bosch cameras will migrate to Android platform, which will minimize a need for their own software/firmware development, and that is why the Security And Safety Things (SAST, Security and safety camera systems in an IoT-World) "sturtup" was created. SAST will provide the OS and all additional components can be loaded as separate apps. So, that shows me the plan of moving away of the software development in the house.

Agree
Disagree: 1
Informative: 3
Unhelpful
Funny

Bosch cameras will migrate to Android platform, which will minimize a need for their own software/firmware development, and that is why the Security And Safety Things (SAST, Security and safety camera systems in an IoT-World) "sturtup" was created.

But Bosch and SAST are developing software on top of Android. It's not like they just put Android on the camera and said, "there you go".

So, that shows me the plan of moving away of the software development in the house.

To the contrary, SAST shows me that Bosch is spending money on developing a software platform that is built on Android but more than Android.

Agree
Disagree
Informative: 4
Unhelpful
Funny

But Bosch and SAST are developing software on top of Android. It's not like they just put Android on the camera and said, "there you go".

SAST is "developing an Android clone" optimized for cameras and probably other IoT devices, but they are developing OS for devices and not something on top of OS. For SAST, it is a goal to "put SASTdroid on camera and say there you go!", but "you" means a camera manufacturer, not an end-user.

Saying that, Bosch will be focusing on the Android device drivers development for SASTdroid only, which is obviously much smaller task than developing everything by themselves (as they are doing it now).

Agree
Disagree: 1
Informative
Unhelpful
Funny

obviously much smaller task than developing everything by themselves (as they are doing it now).

Disagree. The much bigger task is actually building the IOT specific App Store and infrastructure to support that, there’s a lot of software development involved in delivering that.

As for them doing “everything by themselves” now, I also disagree. Whether it is Axis, Bosch, Hikvision, etc., they all use an extensive amount of open source software.

Agree: 3
Disagree
Informative
Unhelpful
Funny

The much bigger task is actually building the IOT specific App Store and infrastructure to support that, there’s a lot of software development involved in delivering that.

That is the SAST's responsibility and Bosch device firmware developers has nothing to do with that. And yes, I am separating SAST and Bosch as two different organisations (even one owns another one, but it is irrelevant in this context).

As for them doing “everything by themselves” now, I also disagree. Whether it is Axis, Bosch, Hikvision, etc., they all use an extensive amount of open source software.

I am not talking about every line of code, it is too obvious for anyone involved in the software development. I am talking about the bigger blocks like OS, device drivers, analytics plugins, etc. There is no "reused" OS on any Bosch camera right now, everything from low to top level has been written by the firmware developers (and yes, using a few OSS components in some places where necessary).

Agree
Disagree
Informative
Unhelpful
Funny

There is no "reused" OS on any Bosch camera right now,

Your claim is that Bosch has developed its own OS for its IP cameras, without using any unix/linux distribution?

Agree
Disagree
Informative: 1
Unhelpful
Funny

Well, there is no real OS on these cameras as we understand term "OS" and definitely no unix/linux of any flavor. It does not mean there is no implementation of similar to OS functionality, it is all low-level device specific implementation. And for many years that was and still is one of important advantages (especially from the sales people perspective) - the generic unix/linux back-doors and hacks are not applicable to Bosch camera firmware. However, there is a problem with that as well - you have to implement (including use of OSS components) everything (network protocols, security, encryption, different hardware components support, etc.) by yourself, which is getting harder and more complicated every year. That is actually one of the reasons to finally move to the external generic OS and Android has been chosen for that.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Does the recent article about the proposed White House banning of integrators from government projects if they use banned Chinese products on non-government projects also apply to manufacturers such as Bosch?

If Bosch will still use Dahua products in the future, does the entire line therefore get banned?

Agree
Disagree
Informative: 2
Unhelpful
Funny

#2, as we said in that post, the White House has not clarified or explained what they mean by 'use', so we cannot be sure. We will update as we find more details / information from the US government.

Agree
Disagree
Informative: 2
Unhelpful
Funny

I wonder if any reasonable thought has gone into device security?

security is not just a layer on top, it should be baked in from design upwards.

The idea of a camera or NVR running an Android clone is a scary one...

Almost every week we hear of new exploits of android based cellphones...

If code is reused (which it will be for cost and time reasons), even if open source it could spell disaster!

There are many Android zero days that are potentially exploited by law enforcement and security services worldwide.

We have been known to say “if something looks like a rose and smells like a rose, then it’s probably a rose”. This does not apply in this case

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports