Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity

By: John Honovich, Published on Aug 06, 2019

For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and manufacturing of 'Honeywell' branded IP cameras.

free image3

Now, after years of silence, Honeywell has spoken to IPVM, explaining what they are doing to address the NDAA ban, the release of their 30 series IP cameras, their cybersecurity process and whether any Dahua-OEMed Honeywell cameras have the Dahua wiretapping vulnerability.

*** *****, ********* *** depended ** *****, * company **** * **** cybersecurity ***** ****** *** now ****** ** *** US ****, *** *** development **************** ** '*********' ******* IP *******.

free image3

***, ***** ***** ** silence, ********* *** ****** to ****, ********** **** they *** ***** ** address *** **** ***, the ******* ** ***** 30 ****** ** *******, their ************* ******* *** whether *** *****-***** ********* cameras **** ******** *********** *************.

[***************]

Executive *******

********* **** ******** ** OEM *** '***********' *** '*****' ****** **** ***** while ****** ***'**' *********** **** ****** ************ Vivotek. ********, ********* **** the ***** ***** ***** series ******** * ****** chip **** ****** ***** cameras ** *** **** they **** ******** ** 2900-1 ************* *********** *** the ***** ****.

**** ********* ** ********** this ******** ** ********* a ***** **** ******* in ************ *** *******. On *** ***** ****, this ****** ** ******** from *** ********* *** the ********* ****** ** Dahua ******** ***** ****** buyers ** **** ** inadvertently ********** **** ****** products. ********, ***** ****** a ***-***** *** ********* the ****, ** ***** leaves ********* ********* ** other ************* ****** *** IP ****** *********, * notable ******** *** * company **** *** ***** heavily ** *** **** few ***** ** ***** security ***** (*.*.,********* *******************).

Wiretapping *************

********* **** ** ***** August *, ****:

** *** ******* ** determine *****, ** ***, cameras *** ******** ** this ************* *** *** working ******* **** ***** on ************ *** ********* firmware *****.

**** ** * *******. Dahua **** ***** ****, at ***** *** ****** and ********* ** ******** on ****** *** ***** IPVM ******** *** ********* still *** *** ********** if **** *** ********. While ***** *** **** made **** ***** ** delaying, ** ********** ** still *********'* ************** *** picking *****.

Background ***** ******

*** ***** ***** **** our********* ***** ******* ** Gov ****** ******* ***** Surveillance***** *** ******* *****:

Honeywell ************* ***********

********* **** * ***** case ** **** *** what **** *** ***** for *************.

*** ***** ****** ******* have * ****** ******* in ****** *** ** their ******* ****** **** Honeywell **********:

*** ********* ***** ****** cameras **** *****-** ****** chipsets ** ******* ******** tampering **********. ************, *** crypto ******** *** ********* store ********** ************, ****** key *** ******* **** in * ****** ****** environment. **** ******* ********-***** encryption *** ******* ****** is ********* *** *** entire ****** ** ******* against ***** ******* *** tampering. ********* ********* ******** leading ***** ********** *** protection ***** ** **; for *******, ********* **** and ***** ************* **** HTTPS, ****** ******** *** firmware ********** *** ********** against ******* ********* ** tampering ****** ******** *******, signed ***** ********* *** application ******** ******* ********* while ********* ** ************* VA ********* ******* *******.

** ********, ********* **** that *** ***** *** cameras ** *******:

******** **** ********** ***** on *** ****** *********** faced ** * ********** product ** ******** ** well ** *** ********* features *** ******** *****

******** ************ *** ******** controls ***** ** ******** standards *** ********** **** as *****, ***/*** **/*****, ISO *****, *** ***, GDPR, *****, ********** ***** laws *** ***********, *** others ********* ** *** product ** ******** *** the ******** **** **********

******* ****** ***********

****** ********

****** ******, ******* ** Design, *** ****** ****** standards *** *********

****** **** ******** (****** code ********) ** ******* secure ****** *** ****** practices

****** ******** ** ******** open ****** ***** *** potential ***************

*** ******** ** ******* a ****** *** ************* penetration ******* *******. ** some *****, ********** *********** security ******* ** ********* for ******** ********. *** criteria *** **** ********** testing – ** **** as ***** ******** ** offerings *** ******** *** this – ** *******-**** proprietary ***********.

* ****** **** ********** Policy **** ******** ******** mitigation ********* ***** ** severity

****** *** ******** ** cybersecurity ** ****** ********** prior ** ******* ********

********* ******* *** ******** notification *** ******** *******

** *** ***** ****, as *** *********** ************* delay *****, **** *** still ******* ********* ** Dahua ** ****** **** issues.

********, ********* ********** **** the ***** ****** *** a ** ****-* *************.

*******, **** ** **** for *** **** ********* equIP ******. ***** *****-**** Essentials ****** *** ** chip, ** ** *************, etc.

NDAA **** *** *********

********* ********* ****:

**** **** ** *********** a ******* ** ***** additional ****** ** *** market ***** **** ****** federal ******** *** *** other ********** ** ******** Honeywell *******, **** *** 30 ****** ****, **** are ******** *** *** as **** ** ***** systems ***** ****** **** NDAA ****, ******* ***. The ** ****** ** the ***** ******* ** this *******. ** **** expand ***** ****** **** the **** ** ****** to **** **** ***** customers *** ****** *** video ******** **** **** from *********. ** **** continue ** ******** * range ** ******* *** those ********* *** ***’* require ***** ***** ******* to ****** **** **** 2019, ******* ***. ** are ********** ********* *** products ** ****** **** they **** *** ******** needs ** *** ********* for ***** *** ********.

********* *********** ****** ***** excited, ** ***** ***** on *** ****** ** LinkedIn ***** ** *** past ***** **** **:

***:

OEMing **** *******

*** ** ****** ** OEMed **** ******* ** the **** ****** *** both ********* *****:

********* ******** ** ******* on **** *** ** is ****-*******.

**** *** *** **** they *** "*********** *** 30 ****** ** *** mid-scale *****: ***** *********** and ***** ***** *** able ** **** ** the **** ****** ** us."

***** ** *** ****-***** analysis ** *** *** 3 ********* ***** *******:

*******

*** ******* ** *********'* IP ****** ******* ** much ********. *******, ** is ******* **** ** incredibly *** **** ** hiding ******* ****** *** Honeywell ****** ** ********** to ******** ** ** more *********** *** ********* about *** ******** *** cybersecurity.

** * **** ***, from * ****** ******** perspective, ** *** ************** that ********* ***** **** easy ******* ** *********** other ************'* *******. **** time ** *** ****.

**** ********* ********* ***** still ** ******** **** buying **** ****** ******** is * ******* *** Honeywell *** *********** ******* this ** ******* *** Dahua **** ****, **** using ***** *** ***-** sold ********, ********* ** Vivotek ********* ** ****** a ****** ************, ***.

Comments (10)

********, *** ********** ********** of *** ****** ******* marketplace (******** **** ****, blaster *****, *** ****-***-**** wiegand ******), ***** ** with *********** ***** ********.  Who ****** ***** **.

********* ******* **** **** description ** *** **** fides ** **** ****** chip.  *** ***** *******  that *** ****** ******** is *********.  *** *** not *** **** *** an *** ********* ****** Element ** ***** ** that ****** (** **** it's ****-*** ** ******** else.)  **'** ******** ** believe * ******* **** is ********* ***** ********** was ** ** *** crypto ******** **** *** device ** *** ******* in *** ******* ******* in ******** *** ****'* ok?  ** *** **** me ** ***** **** you **** ** **** me **** ****** ******** paperwork.  (*** ****** ****** that ******* ***** ****** you ********* ******** ****** know **** *** **** the ******** ***** **** up.)

 

********, *** ********. ** is ***** * ***** camera *** ** ** still ** ********** ******, with ** ******* *** chip, **** ** ********* so ***** ** ****** justification ** *** ***** cameras. * ***** ** is **** ********* ****** a ********* *** ***’* see *** ***** ** buying ***** *** ******* when *** **** **** can ** ****** ****** for * ***** ***** and ****** ****** *******.

** ***** *** **** screwed ** ** *** talking ***** ****, * don't **** *** **** or **** *** *** the ******. 

***** ** ******** *******/********* of ********, * ********** your ********** ********** ***** 😜.  *'* ***** ** use *** ********** ********** riff ** ******* (*** know....like ** *** ** events **** ****).

“****** ******** ** ******* firmware ********* **********.”

*** **** *** **** impacts **** *** ******* of *** ********?

*** ******-******* **** **** will ****** **** ******* against ***-********* ****** ********... unless **** ****** ******** Hue’s ******* ** ************ bundling *** ******* ******* key **** *** ********...

****** ****** ******** ***** it * *** ****** to ******** ********* ** modified ****, * ****** see *** ** ***** possibly ****** * ******** file **** *** ***************?

****** ** **** **** knowledgeable **** ** **** to *** ** ****?

 

* ******* *** ***** digital ******* ********** ******* to ********** *** ** the ****** ** ** should **** ****-*******.  * agree **** ** *** introduce ** ******* ****** the ****** ****** ***** you *** *** ** with * ********* ****** exploitable ****** ***** ********* in *** *******.  **** would ** *** **'* apropos ** ** ********** vendor ********** ********* ** crazy ****** **** ****.***, right?

******* ******* **** *** HiSilicon?

** ** **** *************, they ** *** ********* chips, ***** *** ************ in *****.  ***** ** (consumers *** ****** ** video ********) *** ********* drive *** ****** *** other ************* ** *** cost **** **** ***** ago, ******* **** **** or * **** **** alternative **** ****.

* ** ******* **** sudden "******** *** ***** source ** ******" ******** can **** **** ******* innovation ** ***** *********.  I **** ** **** the ************ *** ******** to ****** ********* ** sources.  ** ****** *** quick ** ****** *** go **** ** *** "allure ** *** *****" that ***** ** ** skilled ** ********.

**** ***** ****** ****** fronts: 

*** *** *** ******** from ***** ****** *********

******* ***** *********.

******* ******** ****** *** self ******* **** ********

**** ******* *** ***:

********* ***** *** **** Costco ****, *** ***** out *** ** **********.

********* ****, ******* *** High *****, ***** ********.

*** **** ******** ****, killing ****** *** ******* America

** ************** ****

 

***** ** *** ***, they **** **** ***** world *********.  ** *** can **** **** ****, keep ****** "*** *****".

 

** ****** ** **** that *** *********** ** the ********* (**** *********) Series ** ******* *** not **** *****. *** purpose ** ** *********** a ********** ********* ******. Thus ** ********* *****. 

***** ****. * ******* Honeywell *** ******* *********** sources.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Avigilon Launches 'Renewed Products Program' on Mar 19, 2019
There are lots of 'pre-owned' cars but pre-owned IP cameras? While such programs are common in other industries, in video surveillance, they are...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...

Most Recent Industry Reports

Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...