Honeywell Dahua Backdoor Statement

By: John Honovich, Published on Mar 14, 2017

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's [link no longer available] complete statement to IPVM:

[link no longer available]Honeywell takes security very seriously. We use ISA 62443-3-3 [link no longer available] as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

********* **** ***** ***** ************ products *** *** **** affected ** ******** ********, ********* ** ********* and **** *******.

**** ** ********* ******** and **** ********* ******* Flink's [**** ** ****** available] ******** ********* ** IPVM:

[**** ** ****** *********]********* takes ******** **** *********. We *** *** *****-*-* [**** ** ****** available] ** * ***** *** security ** *** *** products. ** **** **** a ****** ******* ** handle ********* *************** ** ******** products. ** **** ********** all *********** ******** ******* and ******** ** **** to ******** ***** ******** devices. ** **** ********* firmware ******* **** ******* the ********* *************** *** are ** *** ******* of ******* ****. *** ****** ******** updates **** ** ********* to ********* ** *** of *****. ** ** identify ***** ******** ******* we **** ******** ****** customers **** ******** ********** dates.

********* *** *********:

********* ***** ******** **** seriously.

*******, ********* **** **** *** Chinese ************ **** * bad ***** ******** ***** record (*****) *** ******* one (*********) *** ** ***** ** *** ******* government *** **** *** * bad ***** ******** ***** record. **** ******* ********* ***********'* ******** ******* **** *********'* security ************ ****.

** **** ********* ******** updates

********* **** *** ******* these ******** *******. **** come **** *****.

[***************]

*** ******* ********** *** failure ** **** **** Dahua ** ********* ** speak. ** ********, ***** we ******** **** ** would ******* ** **** even ** **** ******** no *******, ******* ** *** verified **** *** *** test *******, ******* **** statement *** *** ****** choice.

Products ********

**** **** ******* *** knowledge ** ********* ******, we ******** **+ ****** impacted ****** * ******:

Follows FLIR *********

********* ** *** ****** Dahua *** ******* ** issue * *********, *************'* ***** ********* **** week. *******, ****'* ********* was **** **** ********** both ** ****** ***** directly *** ********* ******* about **** ********* ****** do *** **** **** was *****.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...

Most Recent Industry Reports

YCombinator AI Startup Visual One Tested on Apr 02, 2020
Startup Visual One, backed by Silicon Valley's powerful Y Combinator, aims to be "Your 24/7 Watchman" with advanced analytics and object...
Free IPVM Memberships For The Unemployed on Apr 02, 2020
IPVM is giving 3-month free memberships (regular price $99) for the unemployed, no questions asked. To get it, just contact us, your request...
Dahua Faked Coronavirus Camera Marketing on Apr 01, 2020
Dahua has conducted a coronavirus camera global marketing campaign centered around a faked detection. Now, Dahua has expanded this to the USA,...
Video Surveillance Trends 101 on Apr 01, 2020
This report examines major industry factors and how they could impact video surveillance in the next 5 - 10 years. This is part of our Video...
USA's Seek Scan Thermal Temperature System Examined on Apr 01, 2020
This US company, Seek, located down the road from FLIR and founded by former FLIR employees is offering a thermal temperature system for the...
Terrible Convergint Coronavirus Thermal Camera Recommendation on Apr 01, 2020
A week after Convergint disclosed falling revenue, pay and job cuts, Convergint is touting 'extensive research' that is either grossly incompetent...
The IPVM New Products Online Show April 2020 Opens With 40+ Manufacturers on Mar 31, 2020
IPVM is excited to announce the first New Products Online show, with 40+ manufacturers, to be held April 14 to the 16th, free to IPVM members,...
USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and branding itself as a "COVID 19 - AI BASED NON CONTACT THERMAL...
JCI Coronavirus Cuts on Mar 31, 2020
JCI has made coronavirus cuts, the company told employees in an email that IPVM has reviewed. Inside this note, we examine the cuts made, the...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door operators to fight the spread of coronavirus. This delivers...