3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits]

By John Honovich, Published Aug 27, 2019, 10:12am EDT

The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and transparency.

IPVM Image

Now, nearly a month after IPVM reported on that, Dahua's most well-known OEM, Honeywell, still cannot say whether their devices are vulnerable to it. We first asked Honeywell on August 2nd and they responded on the 6th:

IPVM Image

We followed up again and they replied on the 13th:

IPVM Image

We followed up yet again and they replied on the 20th:

IPVM Image

We followed up for at least the 3rd time this week and no response.

The Problem With OEMing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

While Honeywell is the most known of Dahua's various OEMs, this underscores the problem of OEMing generally:

IPVM Image

Have these various companies fixed the vulnerability from Dahua? Has Dahua reached out to all of them? How many of these OEMs even care? Historically, the answer, too often, has been no.

Of course, Honeywell is much, much bigger than typical OEMs and, as they explained to us recently, Honeywell aims to meet higher cybersecurity standards.

Unfortunately, they are failing to do so here. If or when they do respond on this, we shall update this note.

Update Honeywell Finally Admits

IPVM Image

2 reports cite this report:

Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has...
Comments (26) : Members only. Login. or Join.
Loading Related Reports