Honeywell Dahua Backdoor Statement

By: John Honovich, Published on Mar 14, 2017

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's [link no longer available] complete statement to IPVM:

[link no longer available]Honeywell takes security very seriously. We use ISA 62443-3-3 [link no longer available] as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

********* **** ***** ***** ************ products *** *** **** affected ** ******** ********, ********* ** ********* and **** *******.

**** ** ********* ******** and **** ********* ******* Flink's [**** ** ****** available] ******** ********* ** IPVM:

[**** ** ****** *********]********* takes ******** **** *********. We *** *** *****-*-* [**** ** ****** available] ** * ***** *** security ** *** *** products. ** **** **** a ****** ******* ** handle ********* *************** ** ******** products. ** **** ********** all *********** ******** ******* and ******** ** **** to ******** ***** ******** devices. ** **** ********* firmware ******* **** ******* the ********* *************** *** are ** *** ******* of ******* ****. *** ****** ******** updates **** ** ********* to ********* ** *** of *****. ** ** identify ***** ******** ******* we **** ******** ****** customers **** ******** ********** dates.

********* *** *********:

********* ***** ******** **** seriously.

*******, ********* **** **** *** Chinese ************ **** * bad ***** ******** ***** record (*****) *** ******* one (*********) *** ** ***** ** *** ******* government *** **** *** * bad ***** ******** ***** record. **** ******* ********* ***********'* ******** ******* **** *********'* security ************ ****.

** **** ********* ******** updates

********* **** *** ******* these ******** *******. **** come **** *****.

[***************]

*** ******* ********** *** failure ** **** **** Dahua ** ********* ** speak. ** ********, ***** we ******** **** ** would ******* ** **** even ** **** ******** no *******, ******* ** *** verified **** *** *** test *******, ******* **** statement *** *** ****** choice.

Products ********

**** **** ******* *** knowledge ** ********* ******, we ******** **+ ****** impacted ****** * ******:

Follows FLIR *********

********* ** *** ****** Dahua *** ******* ** issue * *********, *************'* ***** ********* **** week. *******, ****'* ********* was **** **** ********** both ** ****** ***** directly *** ********* ******* about **** ********* ****** do *** **** **** was *****.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Top Hikvision Proponent Nelly's "GoSwift" Elsewhere on May 03, 2019
Sean Nelson [link no longer available] of Nelly's Security has made a name for himself and his company as a proponent of Hikvision, such as this...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Wyze Massive Data Leak on Dec 26, 2019
Wyze has exposed millions of user's data, as reported by Twelve Security, and confirmed by IPVM, who has spoken with Twelve Security and reviewed...

Most Recent Industry Reports

Intersec 2020 Show Report on Jan 20, 2020
IPVM is in Dubai for Intersec, the Middle East's largest security conference. In this report, we cover the main booths and issues out of the...
Clearview AI Alarm - NY Times Report Says "Might End Privacy" on Jan 20, 2020
Over the weekend, the NY Times released a report titled "The Secretive Company That Might End Privacy as We Know It" about a company named...
Favorite Camera Manufacturer 2020 on Jan 20, 2020
The past 2 years of US bans and sanctions have shaken the video surveillance industry but what impact would this have on integrators' favorite...
Severely Impacted Mercury Security 2020 Leap Year Firmware Issue on Jan 17, 2020
One of the largest access controller manufacturers has a big problem: February 29th. Mercury Security, owned by HID, is alerting partners of the...
Apple Acquires XNOR.ai, Loss For The Industry on Jan 16, 2020
Apple has acquired XNOR.ai for $200 million, reports GeekWire. This is a loss for the video surveillance industry. XNOR.ai stunned the industry...
Installation Course January 2020 - Last Chance on Jan 16, 2020
Thursday, January 16th is your last chance to register for the Winter 2020 Video Surveillance Installation Course. This is a unique installation...
Halo Smart Vape Detector Tested on Jan 16, 2020
The Halo Smart Sensor claims to detect vaping, including popular brand Juul and even THC vapes. But how well does it work in real world...
PRC Government Entity Now Controlling Shareholder of Infinova / March Networks on Jan 16, 2020
A PRC government entity is now the controlling shareholder of US security manufacturer Infinova as well as its wholly-owned subsidiary March...
Network Cabling for Video Surveillance on Jan 15, 2020
In this guide, we explain the fundamentals of network cabling for video surveillance networks, how they should be installed, and the differences in...
ONVIF [Un]Trashed Statement, Confirms Dahua and Hikvision Still Suspended on Jan 15, 2020
ONVIF has 'trashed' the suspension statement for Dahua, Hikvision, Huawei, etc. but confirms to IPVM that those companies are all still...