Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity

By John Honovich, Published Aug 06, 2019, 12:04pm EDT

For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and manufacturing of 'Honeywell' branded IP cameras.

free image3

Now, after years of silence, Honeywell has spoken to IPVM, explaining what they are doing to address the NDAA ban, the release of their 30 series IP cameras, their cybersecurity process and whether any Dahua-OEMed Honeywell cameras have the Dahua wiretapping vulnerability.

Executive *******

********* **** ******** ** OEM *** '***********' *** '*****' ****** **** ***** while ****** ***'**' *********** **** ****** ************ Vivotek. ********, ********* **** the ***** ***** ***** series ******** * ****** chip **** ****** ***** cameras ** *** **** they **** ******** ** 2900-1 ************* *********** *** the ***** ****.

**** ********* ** ********** this ******** ** ********* a ***** **** ******* in ************ *** *******. On *** ***** ****, this ****** ** ******** from *** ********* *** the ********* ****** ** Dahua ******** ***** ****** buyers ** **** ** inadvertently ********** **** ****** products. ********, ***** ****** a ***-***** *** ********* the ****, ** ***** leaves ********* ********* ** other ************* ****** *** IP ****** *********, * notable ******** *** * company **** *** ***** heavily ** *** **** few ***** ** ***** security ***** (*.*.,********* *******************).

Wiretapping *************

********* **** ** ***** August *, ****:

** *** ******* ** determine *****, ** ***, cameras *** ******** ** this ************* *** *** working ******* **** ***** on ************ *** ********* firmware *****.

**** ** * *******. Dahua **** ***** ****, at ***** *** ****** and ********* ** ******** on ****** *** ***** IPVM ******** *** ********* still *** *** ********** if **** *** ********. While ***** *** **** made **** ***** ** delaying, ** ********** ** still *********'* ************** *** picking *****.

Background ***** ******

*** ***** ***** **** our********* ***** ******* ** Gov ****** ******* ***** Surveillance***** *** ******* *****:

Honeywell ************* ***********

********* **** * ***** case ** **** *** what **** *** ***** for *************.

*** ***** ****** ******* have * ****** ******* in ****** *** ** their ******* ****** **** Honeywell **********:

*** ********* ***** ****** cameras **** *****-** ****** chipsets ** ******* ******** tampering **********. ************, *** crypto ******** *** ********* store ********** ************, ****** key *** ******* **** in * ****** ****** environment. **** ******* ********-***** encryption *** ******* ****** is ********* *** *** entire ****** ** ******* against ***** ******* *** tampering. ********* ********* ******** leading ***** ********** *** protection ***** ** **; for *******, ********* **** and ***** ************* **** HTTPS, ****** ******** *** firmware ********** *** ********** against ******* ********* ** tampering ****** ******** *******, signed ***** ********* *** application ******** ******* ********* while ********* ** ************* VA ********* ******* *******.

** ********, ********* **** that *** ***** *** cameras ** *******:

******** **** ********** ***** on *** ****** *********** faced ** * ********** product ** ******** ** well ** *** ********* features *** ******** *****

******** ************ *** ******** controls ***** ** ******** standards *** ********** **** as *****, ***/*** **/*****, ISO *****, *** ***, GDPR, *****, ********** ***** laws *** ***********, *** others ********* ** *** product ** ******** *** the ******** **** **********

******* ****** ***********

****** ********

****** ******, ******* ** Design, *** ****** ****** standards *** *********

****** **** ******** (****** code ********) ** ******* secure ****** *** ****** practices

****** ******** ** ******** open ****** ***** *** potential ***************

*** ******** ** ******* a ****** *** ************* penetration ******* *******. ** some *****, ********** *********** security ******* ** ********* for ******** ********. *** criteria *** **** ********** testing – ** **** as ***** ******** ** offerings *** ******** *** this – ** *******-**** proprietary ***********.

* ****** **** ********** Policy **** ******** ******** mitigation ********* ***** ** severity

****** *** ******** ** cybersecurity ** ****** ********** prior ** ******* ********

********* ******* *** ******** notification *** ******** *******

** *** ***** ****, as *** *********** ************* delay *****, **** *** still ******* ********* ** Dahua ** ****** **** issues.

********, ********* ********** **** the ***** ****** *** a ** ****-* *************.

*******, **** ** **** for *** **** ********* equIP ******. ***** *****-**** Essentials ****** *** ** chip, ** ** *************, etc.

NDAA **** *** *********

********* ********* ****:

**** **** ** *********** a ******* ** ***** additional ****** ** *** market ***** **** ****** federal ******** *** *** other ********** ** ******** Honeywell *******, **** *** 30 ****** ****, **** are ******** *** *** as **** ** ***** systems ***** ****** **** NDAA ****, ******* ***. The ** ****** ** the ***** ******* ** this *******. ** **** expand ***** ****** **** the **** ** ****** to **** **** ***** customers *** ****** *** video ******** **** **** from *********. ** **** continue ** ******** * range ** ******* *** those ********* *** ***’* require ***** ***** ******* to ****** **** **** 2019, ******* ***. ** are ********** ********* *** products ** ****** **** they **** *** ******** needs ** *** ********* for ***** *** ********.

********* *********** ****** ***** excited, ** ***** ***** on *** ****** ** LinkedIn ***** ** *** past ***** **** **:

***:

OEMing **** *******

*** ** ****** ** OEMed **** ******* ** the **** ****** *** both ********* *****:

********* ******** ** ******* on **** *** ** is ****-*******.

**** *** *** **** they *** "*********** *** 30 ****** ** *** mid-scale *****: ***** *********** and ***** ***** *** able ** **** ** the **** ****** ** us."

***** ** *** ****-***** analysis ** *** *** 3 ********* ***** *******:

*******

*** ******* ** *********'* IP ****** ******* ** much ********. *******, ** is ******* **** ** incredibly *** **** ** hiding ******* ****** *** Honeywell ****** ** ********** to ******** ** ** more *********** *** ********* about *** ******** *** cybersecurity.

** * **** ***, from * ****** ******** perspective, ** *** ************** that ********* ***** **** easy ******* ** *********** other ************'* *******. **** time ** *** ****.

**** ********* ********* ***** still ** ******** **** buying **** ****** ******** is * ******* *** Honeywell *** *********** ******* this ** ******* *** Dahua **** ****, **** using ***** *** ***-** sold ********, ********* ** Vivotek ********* ** ****** a ****** ************, ***.

Comments (10)

********, *** ********** ********** of *** ****** ******* marketplace (******** **** ****, blaster *****, *** ****-***-**** wiegand ******), ***** ** with *********** ***** ********.  Who ****** ***** **.

********* ******* **** **** description ** *** **** fides ** **** ****** chip.  *** ***** *******  that *** ****** ******** is *********.  *** *** not *** **** *** an *** ********* ****** Element ** ***** ** that ****** (** **** it's ****-*** ** ******** else.)  **'** ******** ** believe * ******* **** is ********* ***** ********** was ** ** *** crypto ******** **** *** device ** *** ******* in *** ******* ******* in ******** *** ****'* ok?  ** *** **** me ** ***** **** you **** ** **** me **** ****** ******** paperwork.  (*** ****** ****** that ******* ***** ****** you ********* ******** ****** know **** *** **** the ******** ***** **** up.)

 

Agree
Disagree
Informative
Unhelpful
Funny: 2

********, *** ********. ** is ***** * ***** camera *** ** ** still ** ********** ******, with ** ******* *** chip, **** ** ********* so ***** ** ****** justification ** *** ***** cameras. * ***** ** is **** ********* ****** a ********* *** ***’* see *** ***** ** buying ***** *** ******* when *** **** **** can ** ****** ****** for * ***** ***** and ****** ****** *******.

Agree
Disagree
Informative
Unhelpful
Funny

** ***** *** **** screwed ** ** *** talking ***** ****, * don't **** *** **** or **** *** *** the ******. 

Agree
Disagree
Informative
Unhelpful
Funny

***** ** ******** *******/********* of ********, * ********** your ********** ********** ***** 😜.  *'* ***** ** use *** ********** ********** riff ** ******* (*** know....like ** *** ** events **** ****).

Agree
Disagree
Informative
Unhelpful
Funny: 1

“****** ******** ** ******* firmware ********* **********.”

*** **** *** **** impacts **** *** ******* of *** ********?

*** ******-******* **** **** will ****** **** ******* against ***-********* ****** ********... unless **** ****** ******** Hue’s ******* ** ************ bundling *** ******* ******* key **** *** ********...

****** ****** ******** ***** it * *** ****** to ******** ********* ** modified ****, * ****** see *** ** ***** possibly ****** * ******** file **** *** ***************?

****** ** **** **** knowledgeable **** ** **** to *** ** ****?

 

Agree
Disagree
Informative
Unhelpful
Funny

* ******* *** ***** digital ******* ********** ******* to ********** *** ** the ****** ** ** should **** ****-*******.  * agree **** ** *** introduce ** ******* ****** the ****** ****** ***** you *** *** ** with * ********* ****** exploitable ****** ***** ********* in *** *******.  **** would ** *** **'* apropos ** ** ********** vendor ********** ********* ** crazy ****** **** ****.***, right?

Agree: 1
Disagree
Informative
Unhelpful
Funny

******* ******* **** *** HiSilicon?

Agree
Disagree
Informative
Unhelpful
Funny

** ** **** *************, they ** *** ********* chips, ***** *** ************ in *****.  ***** ** (consumers *** ****** ** video ********) *** ********* drive *** ****** *** other ************* ** *** cost **** **** ***** ago, ******* **** **** or * **** **** alternative **** ****.

* ** ******* **** sudden "******** *** ***** source ** ******" ******** can **** **** ******* innovation ** ***** *********.  I **** ** **** the ************ *** ******** to ****** ********* ** sources.  ** ****** *** quick ** ****** *** go **** ** *** "allure ** *** *****" that ***** ** ** skilled ** ********.

**** ***** ****** ****** fronts: 

*** *** *** ******** from ***** ****** *********

******* ***** *********.

******* ******** ****** *** self ******* **** ********

**** ******* *** ***:

********* ***** *** **** Costco ****, *** ***** out *** ** **********.

********* ****, ******* *** High *****, ***** ********.

*** **** ******** ****, killing ****** *** ******* America

** ************** ****

 

***** ** *** ***, they **** **** ***** world *********.  ** *** can **** **** ****, keep ****** "*** *****".

 

Agree
Disagree: 1
Informative: 1
Unhelpful
Funny

** ****** ** **** that *** *********** ** the ********* (**** *********) Series ** ******* *** not **** *****. *** purpose ** ** *********** a ********** ********* ******. Thus ** ********* *****. 

Agree
Disagree
Informative
Unhelpful
Funny

***** ****. * ******* Honeywell *** ******* *********** sources.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 6,938 reports, 926 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports