Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity

By: John Honovich, Published on Aug 06, 2019

For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and manufacturing of 'Honeywell' branded IP cameras.

free image3

Now, after years of silence, Honeywell has spoken to IPVM, explaining what they are doing to address the NDAA ban, the release of their 30 series IP cameras, their cybersecurity process and whether any Dahua-OEMed Honeywell cameras have the Dahua wiretapping vulnerability.

Executive *******

********* **** ******** ** OEM *** '***********' *** '*****' ****** **** ***** while ****** ***'**' *********** **** ****** ************ Vivotek. ********, ********* **** the ***** ***** ***** series ******** * ****** chip **** ****** ***** cameras ** *** **** they **** ******** ** 2900-1 ************* *********** *** the ***** ****.

**** ********* ** ********** this ******** ** ********* a ***** **** ******* in ************ *** *******. On *** ***** ****, this ****** ** ******** from *** ********* *** the ********* ****** ** Dahua ******** ***** ****** buyers ** **** ** inadvertently ********** **** ****** products. ********, ***** ****** a ***-***** *** ********* the ****, ** ***** leaves ********* ********* ** other ************* ****** *** IP ****** *********, * notable ******** *** * company **** *** ***** heavily ** *** **** few ***** ** ***** security ***** (*.*.,********* *******************).

Wiretapping *************

********* **** ** ***** August *, ****:

** *** ******* ** determine *****, ** ***, cameras *** ******** ** this ************* *** *** working ******* **** ***** on ************ *** ********* firmware *****.

**** ** * *******. Dahua **** ***** ****, at ***** *** ****** and ********* ** ******** on ****** *** ***** IPVM ******** *** ********* still *** *** ********** if **** *** ********. While ***** *** **** made **** ***** ** delaying, ** ********** ** still *********'* ************** *** picking *****.

Background ***** ******

*** ***** ***** **** our********* ***** ******* ** Gov ****** ******* ***** Surveillance***** *** ******* *****:

Honeywell ************* ***********

********* **** * ***** case ** **** *** what **** *** ***** for *************.

*** ***** ****** ******* have * ****** ******* in ****** *** ** their ******* ****** **** Honeywell **********:

*** ********* ***** ****** cameras **** *****-** ****** chipsets ** ******* ******** tampering **********. ************, *** crypto ******** *** ********* store ********** ************, ****** key *** ******* **** in * ****** ****** environment. **** ******* ********-***** encryption *** ******* ****** is ********* *** *** entire ****** ** ******* against ***** ******* *** tampering. ********* ********* ******** leading ***** ********** *** protection ***** ** **; for *******, ********* **** and ***** ************* **** HTTPS, ****** ******** *** firmware ********** *** ********** against ******* ********* ** tampering ****** ******** *******, signed ***** ********* *** application ******** ******* ********* while ********* ** ************* VA ********* ******* *******.

** ********, ********* **** that *** ***** *** cameras ** *******:

******** **** ********** ***** on *** ****** *********** faced ** * ********** product ** ******** ** well ** *** ********* features *** ******** *****

******** ************ *** ******** controls ***** ** ******** standards *** ********** **** as *****, ***/*** **/*****, ISO *****, *** ***, GDPR, *****, ********** ***** laws *** ***********, *** others ********* ** *** product ** ******** *** the ******** **** **********

******* ****** ***********

****** ********

****** ******, ******* ** Design, *** ****** ****** standards *** *********

****** **** ******** (****** code ********) ** ******* secure ****** *** ****** practices

****** ******** ** ******** open ****** ***** *** potential ***************

*** ******** ** ******* a ****** *** ************* penetration ******* *******. ** some *****, ********** *********** security ******* ** ********* for ******** ********. *** criteria *** **** ********** testing – ** **** as ***** ******** ** offerings *** ******** *** this – ** *******-**** proprietary ***********.

* ****** **** ********** Policy **** ******** ******** mitigation ********* ***** ** severity

****** *** ******** ** cybersecurity ** ****** ********** prior ** ******* ********

********* ******* *** ******** notification *** ******** *******

** *** ***** ****, as *** *********** ************* delay *****, **** *** still ******* ********* ** Dahua ** ****** **** issues.

********, ********* ********** **** the ***** ****** *** a ** ****-* *************.

*******, **** ** **** for *** **** ********* equIP ******. ***** *****-**** Essentials ****** *** ** chip, ** ** *************, etc.

NDAA **** *** *********

********* ********* ****:

**** **** ** *********** a ******* ** ***** additional ****** ** *** market ***** **** ****** federal ******** *** *** other ********** ** ******** Honeywell *******, **** *** 30 ****** ****, **** are ******** *** *** as **** ** ***** systems ***** ****** **** NDAA ****, ******* ***. The ** ****** ** the ***** ******* ** this *******. ** **** expand ***** ****** **** the **** ** ****** to **** **** ***** customers *** ****** *** video ******** **** **** from *********. ** **** continue ** ******** * range ** ******* *** those ********* *** ***’* require ***** ***** ******* to ****** **** **** 2019, ******* ***. ** are ********** ********* *** products ** ****** **** they **** *** ******** needs ** *** ********* for ***** *** ********.

********* *********** ****** ***** excited, ** ***** ***** on *** ****** ** LinkedIn ***** ** *** past ***** **** **:

***:

OEMing **** *******

*** ** ****** ** OEMed **** ******* ** the **** ****** *** both ********* *****:

********* ******** ** ******* on **** *** ** is ****-*******.

**** *** *** **** they *** "*********** *** 30 ****** ** *** mid-scale *****: ***** *********** and ***** ***** *** able ** **** ** the **** ****** ** us."

***** ** *** ****-***** analysis ** *** *** 3 ********* ***** *******:

*******

*** ******* ** *********'* IP ****** ******* ** much ********. *******, ** is ******* **** ** incredibly *** **** ** hiding ******* ****** *** Honeywell ****** ** ********** to ******** ** ** more *********** *** ********* about *** ******** *** cybersecurity.

** * **** ***, from * ****** ******** perspective, ** *** ************** that ********* ***** **** easy ******* ** *********** other ************'* *******. **** time ** *** ****.

**** ********* ********* ***** still ** ******** **** buying **** ****** ******** is * ******* *** Honeywell *** *********** ******* this ** ******* *** Dahua **** ****, **** using ***** *** ***-** sold ********, ********* ** Vivotek ********* ** ****** a ****** ************, ***.

Comments (10)

********, *** ********** ********** of *** ****** ******* marketplace (******** **** ****, blaster *****, *** ****-***-**** wiegand ******), ***** ** with *********** ***** ********.  Who ****** ***** **.

********* ******* **** **** description ** *** **** fides ** **** ****** chip.  *** ***** *******  that *** ****** ******** is *********.  *** *** not *** **** *** an *** ********* ****** Element ** ***** ** that ****** (** **** it's ****-*** ** ******** else.)  **'** ******** ** believe * ******* **** is ********* ***** ********** was ** ** *** crypto ******** **** *** device ** *** ******* in *** ******* ******* in ******** *** ****'* ok?  ** *** **** me ** ***** **** you **** ** **** me **** ****** ******** paperwork.  (*** ****** ****** that ******* ***** ****** you ********* ******** ****** know **** *** **** the ******** ***** **** up.)

 

********, *** ********. ** is ***** * ***** camera *** ** ** still ** ********** ******, with ** ******* *** chip, **** ** ********* so ***** ** ****** justification ** *** ***** cameras. * ***** ** is **** ********* ****** a ********* *** ***’* see *** ***** ** buying ***** *** ******* when *** **** **** can ** ****** ****** for * ***** ***** and ****** ****** *******.

** ***** *** **** screwed ** ** *** talking ***** ****, * don't **** *** **** or **** *** *** the ******. 

***** ** ******** *******/********* of ********, * ********** your ********** ********** ***** 😜.  *'* ***** ** use *** ********** ********** riff ** ******* (*** know....like ** *** ** events **** ****).

“****** ******** ** ******* firmware ********* **********.”

*** **** *** **** impacts **** *** ******* of *** ********?

*** ******-******* **** **** will ****** **** ******* against ***-********* ****** ********... unless **** ****** ******** Hue’s ******* ** ************ bundling *** ******* ******* key **** *** ********...

****** ****** ******** ***** it * *** ****** to ******** ********* ** modified ****, * ****** see *** ** ***** possibly ****** * ******** file **** *** ***************?

****** ** **** **** knowledgeable **** ** **** to *** ** ****?

 

* ******* *** ***** digital ******* ********** ******* to ********** *** ** the ****** ** ** should **** ****-*******.  * agree **** ** *** introduce ** ******* ****** the ****** ****** ***** you *** *** ** with * ********* ****** exploitable ****** ***** ********* in *** *******.  **** would ** *** **'* apropos ** ** ********** vendor ********** ********* ** crazy ****** **** ****.***, right?

******* ******* **** *** HiSilicon?

** ** **** *************, they ** *** ********* chips, ***** *** ************ in *****.  ***** ** (consumers *** ****** ** video ********) *** ********* drive *** ****** *** other ************* ** *** cost **** **** ***** ago, ******* **** **** or * **** **** alternative **** ****.

* ** ******* **** sudden "******** *** ***** source ** ******" ******** can **** **** ******* innovation ** ***** *********.  I **** ** **** the ************ *** ******** to ****** ********* ** sources.  ** ****** *** quick ** ****** *** go **** ** *** "allure ** *** *****" that ***** ** ** skilled ** ********.

**** ***** ****** ****** fronts: 

*** *** *** ******** from ***** ****** *********

******* ***** *********.

******* ******** ****** *** self ******* **** ********

**** ******* *** ***:

********* ***** *** **** Costco ****, *** ***** out *** ** **********.

********* ****, ******* *** High *****, ***** ********.

*** **** ******** ****, killing ****** *** ******* America

** ************** ****

 

***** ** *** ***, they **** **** ***** world *********.  ** *** can **** **** ****, keep ****** "*** *****".

 

** ****** ** **** that *** *********** ** the ********* (**** *********) Series ** ******* *** not **** *****. *** purpose ** ** *********** a ********** ********* ******. Thus ** ********* *****. 

***** ****. * ******* Honeywell *** ******* *********** sources.

Read this IPVM report for free.

This article is part of IPVM's 6,534 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Honeywell Warns of Huawei, Advocates Futureproofing on Aug 31, 2020
For years, Honeywell has profited from OEMing Dahua and using Huawei...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
The Guide To The NDAA Video Surveillance Ban / Blacklists on Aug 24, 2020
This 25-page guide provides a reference to the NDAA ban and blacklist. The US...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on...
Hanwha and Hikvision Selling H.265 Without HEVC Licensing on Aug 19, 2020
IPVM has confirmed that Hanwha and Hikvision do not have H.265 licenses from...
Hikvision Impossible 30 People Simultaneously Fever Claim Dupes Baldwin Alabama on Sep 01, 2020
The Alabama school district which spent $1 million on Hikvision fever cameras...
Warning: Panasonic i-PRO Deceives About NDAA Compliance on Aug 18, 2020
IPVM has determined that Panasonic i-PRO has deceived about its NDAA...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
White House Expands Dahua Hikvision Blacklist To Federal Funding [Final Rule Reverses] on Aug 13, 2020
The White House is expanding the NDAA to blacklist anyone who "uses" banned...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...