3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits]

By: John Honovich, Published on Aug 27, 2019

The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and transparency.

Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping

Now, nearly a month after IPVM reported on that, Dahua's most well-known OEM, Honeywell, still cannot say whether their devices are vulnerable to it. We first asked Honeywell on August 2nd and they responded on the 6th:

We followed up again and they replied on the 13th:

We followed up yet again and they replied on the 20th:

We followed up for at least the 3rd time this week and no response.

The Problem With OEMing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

While Honeywell is the most known of Dahua's various OEMs, this underscores the problem of OEMing generally:

Have these various companies fixed the vulnerability from Dahua? Has Dahua reached out to all of them? How many of these OEMs even care? Historically, the answer, too often, has been no.

Of course, Honeywell is much, much bigger than typical OEMs and, as they explained to us recently, Honeywell aims to meet higher cybersecurity standards.

Unfortunately, they are failing to do so here. If or when they do respond on this, we shall update this note.

2 reports cite this report:

Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Comments (26) : Members only. Login. or Join.

Related Reports

Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Alarm.com Suffers Outage on Jul 26, 2019
Alarm.com suffered a major outage this week, impacting its 5+ million customers. Inside, we examine what happened, what Alarm.com told IPVM and...
Manufacturer Favorability Guide 2019 on Jun 12, 2019
The 259 page PDF guide may be downloaded inside by all IPVM members. It includes our manufacturer favorability rankings and individual...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Top Hikvision Proponent Nelly's "GoSwift" Elsewhere on May 03, 2019
Sean Nelson [link no longer available] of Nelly's Security has made a name for himself and his company as a proponent of Hikvision, such as this...

Most Recent Industry Reports

JCI / Tyco Security Products Layoffs on Jun 05, 2020
Johnson Controls / Tyco Security Products has confirmed COVID-19 related layoffs, expanding upon the April coronavirus cuts the company previously...
EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...