3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits]By: John Honovich, Published on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and transparency.
Now, nearly a month after IPVM reported on that, Dahua's most well-known OEM, Honeywell, still cannot say whether their devices are vulnerable to it. We first asked Honeywell on August 2nd and they responded on the 6th:
We followed up again and they replied on the 13th:
We followed up yet again and they replied on the 20th:
We followed up for at least the 3rd time this week and no response.
The Problem With OEMing
While Honeywell is the most known of Dahua's various OEMs, this underscores the problem of OEMing generally:
Have these various companies fixed the vulnerability from Dahua? Has Dahua reached out to all of them? How many of these OEMs even care? Historically, the answer, too often, has been no.
Of course, Honeywell is much, much bigger than typical OEMs and, as they explained to us recently, Honeywell aims to meet higher cybersecurity standards.
Unfortunately, they are failing to do so here. If or when they do respond on this, we shall update this note.