Honeywell Dahua Backdoor Statement

Author: John Honovich, Published on Mar 14, 2017

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's complete statement to IPVM:

Honeywell takes security very seriously. We use ISA 62443-3-3 as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

********* **** ***** ***** ************ ******** *** *** **** ******** by ******** ********, ********* ** ********* *** **** *******.

**** ** ********* ******** *** **** **************** *****'********* ********* ** ****:

********* ***** ******** **** *********. ** *** ********-*-*** * ***** *** ******** ** *** *** ********. ** also **** * ****** ******* ** ****** ********* *************** ** existing ********. ** **** ********** *** *********** ******** ******* *** continue ** **** ** ******** ***** ******** *******. ** **** developed ******** ******* **** ******* *** ********* *************** *** *** in *** ******* ** ******* ****. *** ****** ******** ******* will ** ********* ** ********* ** *** ** *****. ** we ******** ***** ******** ******* ** **** ******** ****** ********* with ******** ********** *****.

********* *** *********:

********* ***** ******** **** *********.

*******, ********* **** **** *** ******* ************ **** * *** cyber ******** ***** ****** (*****) *** ******* *** (*********) *** is***** ** *** ******* ************* **** *** * *** ***** ******** ***** ******. **** follows ********* ***********'* ******** ******* **** *********'* ******** ************ ****.

** **** ********* ******** *******

********* **** *** ******* ***** ******** *******. **** **** **** Dahua.

[***************]

*** ******* ********** *** ******* ** **** **** ***** ** corporate ** *****. ** ********, ***** ** ******** **** ** would ******* ** **** **** ** **** ******** ** *******, because ** *** ******** **** *** *** **** *******, ******* this ********* *** *** ****** ******.

Products ********

**** **** ******* *** ********* ** ********* ******, ** ******** 40+ ****** ******** ****** * ******:

Follows **** *********

********* ** *** ****** ***** *** ******* ** ***** * statement, *************'* ***** ********* **** ****. *******, ****'* ********* *** **** **** ********** **** ** naming ***** ******** *** ********* ******* ***** **** ********* ****** do *** **** **** *** *****.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

ONVIF Favorability Results 2019 on Mar 15, 2019
In the past decade, ONVIF has grown from a reaction to the outside Cisco-lead PSIA challenge, to being the de facto video surveillance standard...
Hanwha Aerospace / Techwin Korean Tax Evasion Raid on Mar 15, 2019
A Hanwha group subsidiary was raided as part of a tax evasion probe. While a Korean news media report listed the raided entity as 'Hanwha...
Installation Course - Last Chance on Mar 14, 2019
Today is the last chance to register for the March Installation course. This is a unique installation course in a market where little practical...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US Drafting Separate Rule for NDAA Dahua/Hikvision 'Blacklist' on Mar 14, 2019
The most debated provision of the NDAA ban of Dahua, Hikvision, Huawei, et al. is the so-called 'blacklist' provision which would ban any company...
OpenALPR Acquired By Mysterious Novume on Mar 13, 2019
Startup OpenALPR has been acquired by Novume, a company virtually unknown in the industry. While there are many LPR providers (see our directory),...
Milestone Machine Learning Camera Auto-Setting Examined on Mar 13, 2019
Milestone wants to improve image quality using Machine Learning to solve the problem of "a camera doesn't know what it is being used for",...
Integrator Profitability Bonuses - Statistics on Mar 13, 2019
While winning projects typically gets the most attention, how profitable those jobs turn out to be is key to the long-term success of integrators....
ADT Stock Drops After Announcing Loss And Amazon Delay on Mar 12, 2019
ADT's stock price dropped significantly after reporting heavy losses and delays in its Amazon partnership, as seen in the screenshot below: In...
Pelco GFC 4K Dome Camera Tested (IMP831-1ERS) on Mar 12, 2019
Pelco has finally released their first 4K IP camera, after years of competitors' releases. Is this move too late? Or is their new GFC Professional...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact