Executive *******
********* **** ******** ** *** *** '***********' *** '*****' ****** **** ***** ***** ****** the'**' *********** **** ****** ************ *******. ********, Honeywell **** *** ***** ***** ***** series ******** * ****** **** **** normal ***** ******* ** *** **** they **** ******** ** ****-* ************* certificate *** *** ***** ****.
**** ********* ** ********** **** ******** is ********* * ***** **** ******* in ************ *** *******. ** *** other ****, **** ****** ** ******** from *** ********* *** *** ********* OEMing ** ***** ******** ***** ****** buyers ** **** ** ************* ********** NDAA ****** ********. ********, ***** ****** a ***-***** *** ********* *** ****, it ***** ****** ********* ********* ** other ************* ****** *** ** ****** offerings, * ******* ******** *** * company **** *** ***** ******* ** the **** *** ***** ** ***** security ***** (*.*.,********* *******************).
Wiretapping *************
********* **** ** ***** ****** *, 2019:
** *** ******* ** ********* *****, if ***, ******* *** ******** ** this ************* *** *** ******* ******* with ***** ** ************ *** ********* firmware *****.
**** ** * *******. ***** **** about ****, ** ***** *** ****** and ********* ** ******** ** ****** 2nd ***** **** ******** *** ********* still *** *** ********** ** **** are ********. ***** ***** *** **** made **** ***** ** ********, ** ultimately ** ***** *********'* ************** *** picking *****.
Background ***** ******
*** ***** ***** **** ************ ***** ******* ** *** ****** Chinese ***** ***************** *** ******* *****:
Honeywell ************* ***********
********* **** * ***** **** ** IPVM *** **** **** *** ***** for *************.
*** ***** ****** ******* **** * crypto ******* ** ****** *** ** their ******* ****** **** ********* **********:
*** ********* ***** ****** ******* **** built-in ****** ******** ** ******* ******** tampering **********. ************, *** ****** ******** and ********* ***** ********** ************, ****** key *** ******* **** ** * highly ****** ***********. **** ******* ********-***** encryption *** ******* ****** ** ********* for *** ****** ****** ** ******* against ***** ******* *** *********. ********* developed ******** ******* ***** ********** *** protection ***** ** **; *** *******, encrypted **** *** ***** ************* **** HTTPS, ****** ******** *** ******** ********** for ********** ******* ******* ********* ** tampering ****** ******** *******, ****** ***** analytics *** *********** ******** ******* ********* while ********* ** ************* ** ********* enabled *******.
** ********, ********* **** **** *** Dahua *** ******* ** *******:
******** **** ********** ***** ** *** threat *********** ***** ** * ********** product ** ******** ** **** ** the ********* ******** *** ******** *****
******** ************ *** ******** ******** ***** on ******** ********* *** ********** **** as *****, ***/*** **/*****, *** *****, PCI ***, ****, *****, ********** ***** laws *** ***********, *** ****** ********* on *** ******* ** ******** *** the ******** **** **********
******* ****** ***********
****** ********
****** ******, ******* ** ******, *** Secure ****** ********* *** *********
****** **** ******** (****** **** ********) to ******* ****** ****** *** ****** practices
****** ******** ** ******** **** ****** usage *** ********* ***************
*** ******** ** ******* * ****** and ************* *********** ******* *******. ** some *****, ********** *********** ******** ******* is ********* *** ******** ********. *** criteria *** **** ********** ******* – as **** ** ***** ******** ** offerings *** ******** *** **** – is *******-**** *********** ***********.
* ****** **** ********** ****** **** requires ******** ********** ********* ***** ** severity
****** *** ******** ** ************* ** senior ********** ***** ** ******* ********
********* ******* *** ******** ************ *** security *******
** *** ***** ****, ** *** wiretapping ************* ***** *****, **** *** still ******* ********* ** ***** ** assess **** ******.
********, ********* ********** **** *** ***** series *** * ** ****-* *************.
*******, **** ** **** *** *** more ********* ***** ******. ***** *****-**** Essentials ****** *** ** ****, ** UL *************, ***.
NDAA **** *** *********
********* ********* ****:
**** **** ** *********** * ******* to ***** ********** ****** ** *** market ***** **** ****** ******* ******** and *** ***** ********** ** ******** Honeywell *******, **** *** ** ****** line, **** *** ******** *** *** as **** ** ***** ******* ***** comply **** **** ****, ******* ***. The ** ****** ** *** ***** release ** **** *******. ** **** expand ***** ****** **** *** **** 12 ****** ** **** **** ***** customers *** ****** *** ***** ******** they **** **** *********. ** **** continue ** ******** * ***** ** cameras *** ***** ********* *** ***’* require ***** ***** ******* ** ****** with **** ****, ******* ***. ** are ********** ********* *** ******** ** ensure **** **** **** *** ******** needs ** *** ********* *** ***** and ********.
********* *********** ****** ***** *******, ** least ***** ** *** ****** ** LinkedIn ***** ** *** **** ***** such **:
***:
OEMing **** *******
*** ** ****** ** ***** **** Vivotek ** *** **** ****** *** both ********* *****:
********* ******** ** ******* ** **** but ** ** ****-*******.
**** *** *** **** **** *** "positioning *** ** ****** ** *** mid-scale *****: ***** *********** *** ***** equIP *** **** ** **** ** the **** ****** ** **."
***** ** *** ****-***** ******** ** how *** * ********* ***** *******:
*******
*** ******* ** *********'* ** ****** program ** **** ********. *******, ** is ******* **** ** ********** *** base ** ****** ******* ****** *** Honeywell ****** ** ********** ** ******** to ** **** *********** *** ********* about *** ******** *** *************.
** * **** ***, **** * purely ******** ***********, ** *** ************** that ********* ***** **** **** ******* by *********** ***** ************'* *******. **** time ** *** ****.
**** ********* ********* ***** ***** ** confused **** ****** **** ****** ******** is * ******* *** ********* *** potentially ******* **** ** ******* *** Dahua **** ****, **** ***** ***** for ***-** **** ********, ********* ** Vivotek ********* ** ****** * ****** manufacturer, ***.
Comments (10)
Undisclosed
Prowatch, the Battlestar Gallactica of the access control marketplace (complete with rust, blaster burns, and knob-and-tube wiegand wiring), shows up with respectable cyber defenses. Who woulda thunk it.
Noticably missing from your description is the bona fides of this crypto chip. You never mention that the crypto hardware is certified. You did not say they use an EAL certified Secure Element or words to that effect (or that it's FIPS-140 or anything else.) We're supposed to believe a company that is otherwise being distrusted was ok to add crypto hardware into the device at the factory in the foreign country in question and that's ok? If you want me to trust that you need to show me your crypto hardware paperwork. (And anyone giving that awesome cyber speech you obviously received should know this and know the question would come up.)
Create New Topic
Undisclosed Integrator #1
“crypto chipsets to provide firmware tampering protection.”
Not sure how this impacts upon the quality of the firmware?
The secure-enclave type chip will likely only protect against non-Honeywell issued firmware... unless they follow Phillips Hue’s example of accidentally bundling the private signing key with the firmware...
Whilst signed firmware makes it a lot harder to sideload malicious or modified code, I cannot see how it could possibly secure a firmware file that has vulnerabilities?
anyone on here more knowledgeable than me care to add to this?
Create New Topic
Undisclosed Manufacturer #2
Vivotek cameras dont use HiSilicon?
Create New Topic
Dennis Raefield
08/08/19 04:10pm
To my best understanding, they do use HiSilicon chips, which are manufactured in China. Seems we (consumers and buyers of video products) let HiSilicon drive out nearly all other manufacturers of low cost chip sets years ago, leaving only them or a high cost alternative like Sony.
I do believe this sudden "Anything but China source of supply" syndrome can only help restart innovation in other countries. I hope we have the perseverance and patience to demand diversity of sources. US buyers are quick to forget and go back to the "allure of low price" that China is so skilled at offering.
Read their newest attack fronts:
New 919 Jet aircraft from China Boeing knockoffs
Chinese Tesla knockoffs.
Chinese electric trucks and self driving Uber vehicles
They already won the:
Stainless steel BBQ from Costco wars, and drove out our US businesses.
Furniture wars, driving out High Point, North Carolina.
Low cost clothing wars, killing Mexico and Central America
5G infrastructure wars
China is not bad, they just want total world dominance. If you can live with that, keep buying "low price".
Create New Topic