Honeywell Dahua Backdoor Statement

By: John Honovich, Published on Mar 14, 2017

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's [link no longer available] complete statement to IPVM:

[link no longer available]Honeywell takes security very seriously. We use ISA 62443-3-3 [link no longer available] as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

********* **** ***** ***** ************ products *** *** **** affected ** ******** ********, ********* ** ********* and **** *******.

**** ** ********* ******** and **** ********* ******* Flink's [**** ** ****** available] ******** ********* ** IPVM:

[**** ** ****** *********]********* takes ******** **** *********. We *** *** *****-*-* [**** ** ****** available] ** * ***** *** security ** *** *** products. ** **** **** a ****** ******* ** handle ********* *************** ** ******** products. ** **** ********** all *********** ******** ******* and ******** ** **** to ******** ***** ******** devices. ** **** ********* firmware ******* **** ******* the ********* *************** *** are ** *** ******* of ******* ****. *** ****** ******** updates **** ** ********* to ********* ** *** of *****. ** ** identify ***** ******** ******* we **** ******** ****** customers **** ******** ********** dates.

********* *** *********:

********* ***** ******** **** seriously.

*******, ********* **** **** *** Chinese ************ **** * bad ***** ******** ***** record (*****) *** ******* one (*********) *** ** ***** ** *** ******* government *** **** *** * bad ***** ******** ***** record. **** ******* ********* ***********'* ******** ******* **** *********'* security ************ ****.

** **** ********* ******** updates

********* **** *** ******* these ******** *******. **** come **** *****.

[***************]

*** ******* ********** *** failure ** **** **** Dahua ** ********* ** speak. ** ********, ***** we ******** **** ** would ******* ** **** even ** **** ******** no *******, ******* ** *** verified **** *** *** test *******, ******* **** statement *** *** ****** choice.

Products ********

**** **** ******* *** knowledge ** ********* ******, we ******** **+ ****** impacted ****** * ******:

Follows FLIR *********

********* ** *** ****** Dahua *** ******* ** issue * *********, *************'* ***** ********* **** week. *******, ****'* ********* was **** **** ********** both ** ****** ***** directly *** ********* ******* about **** ********* ****** do *** **** **** was *****.

Comments (0)

Login to read this IPVM report.

Related Reports

Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI,...
US DoD Declares "Can No Longer Do Business" With Contractors Using Dahua, Hikvision, Huawei on Apr 08, 2020
The US Department of Defense has confirmed to IPVM that they fully support...
Anyvision Layoffs on Mar 19, 2020
Anyvision has conducted a layoff, citing the impact of coronavirus, joining a...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Seek Scan Thermal Temperature Screening System Tested on May 28, 2020
Now that IPVM has tested Dahua, Hikvision, and Sunell, we are returning to...
Axis Discontinues Companion Hardware, Fully NDAA Compliant on Feb 03, 2020
Axis will be fully NDAA compliant, as the company has confirmed to IPVM it is...
The Insecure Verkada Access Control System on Jun 25, 2020
While Verkada touts the security of its system and that how their new door...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Detecting Coronavirus Fevers With Thermal Cameras on Mar 15, 2020
MAY 2020 Update: This post was our early examination of these systems being...
Dahua Buenos Aires Bus Screening Violates IEC Standards and Dahua's Own Instructions on Jun 30, 2020
Dahua has promoted Buenos Aires bus deployments as "solutions that facilitate...
Axxon Presents VMS 4.4 and AI Behavior Analytics on May 20, 2020
AxxonSoft presented its VMS 4.4 and AI behavior analytics at the April 2020...
Colombia's President Promotes Bad Hikvision Fever Camera Setup on Jun 17, 2020
Colombia's President Iván Duque has promoted a haphazard Hikvision fever...

Recent Reports

Taiwan Lilin NDAA Compliant Cameras Tested on Aug 13, 2020
Taiwan-based manufacturer Lilin is taking direct aim at Dahua and Hikvision...
White House Expands Dahua Hikvision Blacklist To Federal Funding on Aug 13, 2020
The White House is expanding the NDAA to blacklist anyone who "uses" banned...
Actual Coronavirus Testing Options Examined on Aug 13, 2020
Fever cameras have emerged as an indirect and flawed way to test for...
Video Analytics Online Show September 2020 Opened - Axis, Avigilon, Bosch, BriefCam, Genetec, Milestone + 30 More on Aug 12, 2020
IPVM's sixth online show will feature 35+ Video Analytics companies...
The German Company Powering Many China Temperature Tablets (Heimann) on Aug 12, 2020
Many fever tablet suppliers market German-made Heimann thermal sensors while...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Access Control Course Fall 2020 - Register Now on Aug 12, 2020
IPVM offers the most comprehensive access control course in the industry....
Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...