Honeywell Dahua Backdoor Statement

By: John Honovich, Published on Mar 14, 2017

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's complete statement to IPVM:

Honeywell takes security very seriously. We use ISA 62443-3-3 as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

********* **** ***** ***** ************ products *** *** **** affected ** ******** ********, ********* ** ********* and **** *******.

**** ** ********* ******** and **** **************** *****'********* ********* ** ****:

********* ***** ******** **** seriously. ** *** *** *****-*-* ** * ***** *** security ** *** *** products. ** **** **** a ****** ******* ** handle ********* *************** ** ******** products. ** **** ********** all *********** ******** ******* and ******** ** **** to ******** ***** ******** devices. ** **** ********* firmware ******* **** ******* the ********* *************** *** are ** *** ******* of ******* ****. *** ****** ******** updates **** ** ********* to ********* ** *** of *****. ** ** identify ***** ******** ******* we **** ******** ****** customers **** ******** ********** dates.

********* *** *********:

********* ***** ******** **** seriously.

*******, ********* **** **** *** Chinese ************ **** * bad ***** ******** ***** record (*****) *** ******* one (*********) *** ** ***** ** *** ******* government *** **** *** * bad ***** ******** ***** record. **** ******* ********* ***********'* ******** ******* **** *********'* security ************ ****.

** **** ********* ******** updates

********* **** *** ******* these ******** *******. **** come **** *****.

[***************]

*** ******* ********** *** failure ** **** **** Dahua ** ********* ** speak. ** ********, ***** we ******** **** ** would ******* ** **** even ** **** ******** no *******, ******* ** *** verified **** *** *** test *******, ******* **** statement *** *** ****** choice.

Products ********

**** **** ******* *** knowledge ** ********* ******, we ******** **+ ****** impacted ****** * ******:

Follows FLIR *********

********* ** *** ****** Dahua *** ******* ** issue * *********, *************'* ***** ********* **** week. *******, ****'* ********* was **** **** ********** both ** ****** ***** directly *** ********* ******* about **** ********* ****** do *** **** **** was *****.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...
CheckMySystems Company Profile on Aug 14, 2019
CheckMySystems says that too many users respond, "I get an email when something is wrong" when talking about their video system maintenance plan,...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact