Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.
Here is Honeywell Security and Fire President Michael Flink's [link no longer available] complete statement to IPVM:
[link no longer available]Honeywell takes security very seriously. We use ISA 62443-3-3 [link no longer available] as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.
Analyzing the statement:
Honeywell takes security very seriously.
However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.
We have developed firmware updates
Honeywell does not develop these firmware updates. They come from Dahua.