Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity

By: John Honovich, Published on Aug 06, 2019

For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and manufacturing of 'Honeywell' branded IP cameras.

free image3

Now, after years of silence, Honeywell has spoken to IPVM, explaining what they are doing to address the NDAA ban, the release of their 30 series IP cameras, their cybersecurity process and whether any Dahua-OEMed Honeywell cameras have the Dahua wiretapping vulnerability.

*** *****, ********* *** depended ** *****, * company **** * **** cybersecurity ***** ****** *** now ****** ** *** US ****, *** *** development **************** ** '*********' ******* IP *******.

free image3

***, ***** ***** ** silence, ********* *** ****** to ****, ********** **** they *** ***** ** address *** **** ***, the ******* ** ***** 30 ****** ** *******, their ************* ******* *** whether *** *****-***** ********* cameras **** ******** *********** *************.

[***************]

Executive *******

********* **** ******** ** OEM *** '***********' *** '*****' ****** **** ***** while ****** ***'**' *********** **** ****** ************ Vivotek. ********, ********* **** the ***** ***** ***** series ******** * ****** chip **** ****** ***** cameras ** *** **** they **** ******** ** 2900-1 ************* *********** *** the ***** ****.

**** ********* ** ********** this ******** ** ********* a ***** **** ******* in ************ *** *******. On *** ***** ****, this ****** ** ******** from *** ********* *** the ********* ****** ** Dahua ******** ***** ****** buyers ** **** ** inadvertently ********** **** ****** products. ********, ***** ****** a ***-***** *** ********* the ****, ** ***** leaves ********* ********* ** other ************* ****** *** IP ****** *********, * notable ******** *** * company **** *** ***** heavily ** *** **** few ***** ** ***** security ***** (*.*.,********* *******************).

Wiretapping *************

********* **** ** ***** August *, ****:

** *** ******* ** determine *****, ** ***, cameras *** ******** ** this ************* *** *** working ******* **** ***** on ************ *** ********* firmware *****.

**** ** * *******. Dahua **** ***** ****, at ***** *** ****** and ********* ** ******** on ****** *** ***** IPVM ******** *** ********* still *** *** ********** if **** *** ********. While ***** *** **** made **** ***** ** delaying, ** ********** ** still *********'* ************** *** picking *****.

Background ***** ******

*** ***** ***** **** our********* ***** ******* ** Gov ****** ******* ***** Surveillance***** *** ******* *****:

Honeywell ************* ***********

********* **** * ***** case ** **** *** what **** *** ***** for *************.

*** ***** ****** ******* have * ****** ******* in ****** *** ** their ******* ****** **** Honeywell **********:

*** ********* ***** ****** cameras **** *****-** ****** chipsets ** ******* ******** tampering **********. ************, *** crypto ******** *** ********* store ********** ************, ****** key *** ******* **** in * ****** ****** environment. **** ******* ********-***** encryption *** ******* ****** is ********* *** *** entire ****** ** ******* against ***** ******* *** tampering. ********* ********* ******** leading ***** ********** *** protection ***** ** **; for *******, ********* **** and ***** ************* **** HTTPS, ****** ******** *** firmware ********** *** ********** against ******* ********* ** tampering ****** ******** *******, signed ***** ********* *** application ******** ******* ********* while ********* ** ************* VA ********* ******* *******.

** ********, ********* **** that *** ***** *** cameras ** *******:

******** **** ********** ***** on *** ****** *********** faced ** * ********** product ** ******** ** well ** *** ********* features *** ******** *****

******** ************ *** ******** controls ***** ** ******** standards *** ********** **** as *****, ***/*** **/*****, ISO *****, *** ***, GDPR, *****, ********** ***** laws *** ***********, *** others ********* ** *** product ** ******** *** the ******** **** **********

******* ****** ***********

****** ********

****** ******, ******* ** Design, *** ****** ****** standards *** *********

****** **** ******** (****** code ********) ** ******* secure ****** *** ****** practices

****** ******** ** ******** open ****** ***** *** potential ***************

*** ******** ** ******* a ****** *** ************* penetration ******* *******. ** some *****, ********** *********** security ******* ** ********* for ******** ********. *** criteria *** **** ********** testing – ** **** as ***** ******** ** offerings *** ******** *** this – ** *******-**** proprietary ***********.

* ****** **** ********** Policy **** ******** ******** mitigation ********* ***** ** severity

****** *** ******** ** cybersecurity ** ****** ********** prior ** ******* ********

********* ******* *** ******** notification *** ******** *******

** *** ***** ****, as *** *********** ************* delay *****, **** *** still ******* ********* ** Dahua ** ****** **** issues.

********, ********* ********** **** the ***** ****** *** a ** ****-* *************.

*******, **** ** **** for *** **** ********* equIP ******. ***** *****-**** Essentials ****** *** ** chip, ** ** *************, etc.

NDAA **** *** *********

********* ********* ****:

**** **** ** *********** a ******* ** ***** additional ****** ** *** market ***** **** ****** federal ******** *** *** other ********** ** ******** Honeywell *******, **** *** 30 ****** ****, **** are ******** *** *** as **** ** ***** systems ***** ****** **** NDAA ****, ******* ***. The ** ****** ** the ***** ******* ** this *******. ** **** expand ***** ****** **** the **** ** ****** to **** **** ***** customers *** ****** *** video ******** **** **** from *********. ** **** continue ** ******** * range ** ******* *** those ********* *** ***’* require ***** ***** ******* to ****** **** **** 2019, ******* ***. ** are ********** ********* *** products ** ****** **** they **** *** ******** needs ** *** ********* for ***** *** ********.

********* *********** ****** ***** excited, ** ***** ***** on *** ****** ** LinkedIn ***** ** *** past ***** **** **:

***:

OEMing **** *******

*** ** ****** ** OEMed **** ******* ** the **** ****** *** both ********* *****:

********* ******** ** ******* on **** *** ** is ****-*******.

**** *** *** **** they *** "*********** *** 30 ****** ** *** mid-scale *****: ***** *********** and ***** ***** *** able ** **** ** the **** ****** ** us."

***** ** *** ****-***** analysis ** *** *** 3 ********* ***** *******:

*******

*** ******* ** *********'* IP ****** ******* ** much ********. *******, ** is ******* **** ** incredibly *** **** ** hiding ******* ****** *** Honeywell ****** ** ********** to ******** ** ** more *********** *** ********* about *** ******** *** cybersecurity.

** * **** ***, from * ****** ******** perspective, ** *** ************** that ********* ***** **** easy ******* ** *********** other ************'* *******. **** time ** *** ****.

**** ********* ********* ***** still ** ******** **** buying **** ****** ******** is * ******* *** Honeywell *** *********** ******* this ** ******* *** Dahua **** ****, **** using ***** *** ***-** sold ********, ********* ** Vivotek ********* ** ****** a ****** ************, ***.

Comments (10)

Rodney Thayer

Smithee Solutions LLC | 08/07/19 11:57am

********, *** ********** ********** of *** ****** ******* marketplace (******** **** ****, blaster *****, *** ****-***-**** wiegand ******), ***** ** with *********** ***** ********.  Who ****** ***** **.

********* ******* **** **** description ** *** **** fides ** **** ****** chip.  *** ***** *******  that *** ****** ******** is *********.  *** *** not *** **** *** an *** ********* ****** Element ** ***** ** that ****** (** **** it's ****-*** ** ******** else.)  **'** ******** ** believe * ******* **** is ********* ***** ********** was ** ** *** crypto ******** **** *** device ** *** ******* in *** ******* ******* in ******** *** ****'* ok?  ** *** **** me ** ***** **** you **** ** **** me **** ****** ******** paperwork.  (*** ****** ****** that ******* ***** ****** you ********* ******** ****** know **** *** **** the ******** ***** **** up.)

 

John Honovich

IPVM | In reply to Rodney Thayer | 08/07/19 12:06pm

********, *** ********. ** is ***** * ***** camera *** ** ** still ** ********** ******, with ** ******* *** chip, **** ** ********* so ***** ** ****** justification ** *** ***** cameras. * ***** ** is **** ********* ****** a ********* *** ***’* see *** ***** ** buying ***** *** ******* when *** **** **** can ** ****** ****** for * ***** ***** and ****** ****** *******.

Rodney Thayer

Smithee Solutions LLC | In reply to John Honovich | 08/07/19 01:02pm

** ***** *** **** screwed ** ** *** talking ***** ****, * don't **** *** **** or **** *** *** the ******. 

Avatar

Jonathan Lawry

Trecerdo, LLC | In reply to Rodney Thayer | 08/09/19 09:56am

***** ** ******** *******/********* of ********, * ********** your ********** ********** ***** 😜.  *'* ***** ** use *** ********** ********** riff ** ******* (*** know....like ** *** ** events **** ****).

Undisclosed Integrator #1

08/07/19 01:01pm

“****** ******** ** ******* firmware ********* **********.”

*** **** *** **** impacts **** *** ******* of *** ********?

*** ******-******* **** **** will ****** **** ******* against ***-********* ****** ********... unless **** ****** ******** Hue’s ******* ** ************ bundling *** ******* ******* key **** *** ********...

****** ****** ******** ***** it * *** ****** to ******** ********* ** modified ****, * ****** see *** ** ***** possibly ****** * ******** file **** *** ***************?

****** ** **** **** knowledgeable **** ** **** to *** ** ****?

 

Rodney Thayer

Smithee Solutions LLC | In reply to Undisclosed Integrator #1 | 08/08/19 10:44am

* ******* *** ***** digital ******* ********** ******* to ********** *** ** the ****** ** ** should **** ****-*******.  * agree **** ** *** introduce ** ******* ****** the ****** ****** ***** you *** *** ** with * ********* ****** exploitable ****** ***** ********* in *** *******.  **** would ** *** **'* apropos ** ** ********** vendor ********** ********* ** crazy ****** **** ****.***, right?

Undisclosed Manufacturer #2

08/08/19 09:11am

******* ******* **** *** HiSilicon?

Avatar

Dennis Raefield

Security Integration, inc. | 08/08/19 12:10pm

** ** **** *************, they ** *** ********* chips, ***** *** ************ in *****.  ***** ** (consumers *** ****** ** video ********) *** ********* drive *** ****** *** other ************* ** *** cost **** **** ***** ago, ******* **** **** or * **** **** alternative **** ****.

* ** ******* **** sudden "******** *** ***** source ** ******" ******** can **** **** ******* innovation ** ***** *********.  I **** ** **** the ************ *** ******** to ****** ********* ** sources.  ** ****** *** quick ** ****** *** go **** ** *** "allure ** *** *****" that ***** ** ** skilled ** ********.

**** ***** ****** ****** fronts: 

*** *** *** ******** from ***** ****** *********

******* ***** *********.

******* ******** ****** *** self ******* **** ********

**** ******* *** ***:

********* ***** *** **** Costco ****, *** ***** out *** ** **********.

********* ****, ******* *** High *****, ***** ********.

*** **** ******** ****, killing ****** *** ******* America

** ************** ****

 

***** ** *** ***, they **** **** ***** world *********.  ** *** can **** **** ****, keep ****** "*** *****".

 

Undisclosed Manufacturer #3

In reply to Dennis Raefield | 08/13/19 01:06am

** ****** ** **** that *** *********** ** the ********* (**** *********) Series ** ******* *** not **** *****. *** purpose ** ** *********** a ********** ********* ******. Thus ** ********* *****. 

Avatar

Dennis Raefield

Security Integration, inc. | In reply to Undisclosed Manufacturer #3 | 08/18/19 12:54pm

***** ****. * ******* Honeywell *** ******* *********** sources.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...

Most Recent Industry Reports

"Fever Camera" Show Starts Tuesday on May 31, 2020
IPVM is excited for the world's first "Fever Camera" show, to be held this Tuesday, June 2nd and Wednesday the 3rd from 11am to 3pm EDT, giving you...
Proxy Presents Mobile Credentials For BLE Devices and Access on May 29, 2020
Proxy presented Mobile Credentials For BLE Devices and Access at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...
ISC West 2020 Moves To The Basement on May 29, 2020
The twice cancelled/postponed show will now not only be held in a different month (October) but on a different floor, moving down to the...
Integrators Avoiding Coronavirus Air Travel on May 29, 2020
IPVM asked integrators if air travel is part of their 2020 plans to see how significantly Coronavirus will impact future...
Viakoo Presents Cyber Hygiene for Cameras on May 28, 2020
Viakoo presented its 'Cyber Hygiene' and 'Service Assurance' products at the April 2020 IPVM New Products show. Inside this report: A...
Seek Scan Thermal Temperature Screening System ReTested on May 28, 2020
Now that IPVM has tested Dahua, Hikvision, and Sunell, we are returning to Seek, the first blackbody system we tested and retested it with our...
Directory of 110 "Fever" Camera Suppliers on May 28, 2020
This directory provides a list of "Fever" scanning thermal camera providers to help you see and research what options are available. There are...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers use. The US FDA clearly categorizes them as medical devices and...
Wyze Raises $10 Million And Seeks Services Expansion on May 27, 2020
Wyze has raised $10 million, the company's first disclosed raise since the $20 million announced at the beginning of 2019. Inside this note,...
Startup Videoloft Presents Cloud Storage on May 27, 2020
Videoloft presented offsite cloud storage at the May 2020 IPVM Startups show. A 30-minute video from Videoloft including IPVM...