Honeywell Dahua Backdoor Statement

By John Honovich, Published Mar 14, 2017, 10:23am EDT (Info+)

Honeywell OEMs Dahua video surveillance products and has been affected by the Dahua backdoor, confirmed by Honeywell and IPVM testing.

Here is Honeywell Security and Fire President Michael Flink's [link no longer available] complete statement to IPVM:

[link no longer available]Honeywell takes security very seriously. We use ISA 62443-3-3 [link no longer available] as a basis for security in our new products. We also have a robust process to handle potential vulnerabilities in existing products. We have identified all potentially impacted cameras and continue to work to identify other impacted devices. We have developed firmware updates that address the potential vulnerabilities and are in the process of testing them. All camera firmware updates will be available to customers by end of March. If we identify other impacted devices we will promptly notify customers with expected resolution dates.

Analyzing the statement:

Honeywell takes security very seriously.

However, Honeywell OEMs from one Chinese manufacturer with a bad cyber security track record (Dahua) and another one (Hikvision) who is owned by the Chinese government and also has a bad cyber security track record. This follows Honeywell division ADI's problems dealing with Hikvision's security problems last year.

We have developed firmware updates

Honeywell does not develop these firmware updates. They come from Dahua.

*** ******* ********** *** ******* ** even **** ***** ** ********* ** speak. ** ********, ***** ** ******** them ** ***** ******* ** **** even ** **** ******** ** *******, because we *** ******** **** *** *** test *******, ******* **** ********* *** the ****** ******.

Products ********

**** **** ******* *** ********* ** Honeywell ******, ** ******** **+ ****** impacted ****** * ******:

Follows FLIR *********

********* ** *** ****** ***** *** partner ** ***** * *********, *************'* ***** ********* **** ****. *******, ****'* ********* *** **** more ********** **** ** ****** ***** directly *** ********* ******* ***** **** customers ****** ** *** **** **** was *****.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports