3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits]

Published Aug 27, 2019 14:12 PM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and transparency.

IPVM Image

Now, nearly a month after IPVM reported on that, Dahua's most well-known OEM, Honeywell, still cannot say whether their devices are vulnerable to it. We first asked Honeywell on August 2nd and they responded on the 6th:

IPVM Image

We followed up again and they replied on the 13th:

IPVM Image

We followed up yet again and they replied on the 20th:

IPVM Image

We followed up for at least the 3rd time this week and no response.

The Problem With OEMing

While Honeywell is the most known of Dahua's various OEMs, this underscores the problem of OEMing generally:

IPVM Image

Have these various companies fixed the vulnerability from Dahua? Has Dahua reached out to all of them? How many of these OEMs even care? Historically, the answer, too often, has been no.

Of course, Honeywell is much, much bigger than typical OEMs and, as they explained to us recently, Honeywell aims to meet higher cybersecurity standards.

Unfortunately, they are failing to do so here. If or when they do respond on this, we shall update this note.

Update Honeywell Finally Admits

IPVM Image

Comments are shown for subscribers only. Login or Join