OEMs, Dump Dahua
OEMs, get smart and dump Dahua.
Dahua OEMs to many companies including some big brands (e.g. FLIR, Honeywell and Tyco).
Dahua has proven to be a terrible decision:
- The backdoor
- The unfixed backdoor with terrible communication
- Dahua competing against its own OEM partners
Dahua's backdoor is simply the coup de grace.
Dahua has shown that it does not care about cybersecurity in how it has handled past events, e.g. a few months ago with Mirai. But the OEMs, especially the bigger publicly traded companies have significant legal exposure in an environment where cyber awareness and concerns are increasing rapidly.
The backdoor creates a special problem, since it provides such a simple way for hackers to target their products.
The icing on the proverbial cake is that Dahua has been terrible communicating with its OEMs, as numerous partners have confirmed to IPVM. The OEM partners have essentially been kept in the dark, with no clarity about which of their devices are impacted or when Dahua will release a fix.
Granted, Dahua is so dysfunctional that are struggling to simply deal with it on their own but the OEMs partners are handcuffed by Dahua's inability to solve nor even communicate their (lack of) progress.
Competing Against Partners
The classic OEM model was meant to combine a company with an established brand and channel infrastructure (i.e., OEM) with a company specializing in manufacturing but without direct sales (e.g., Dahua and Hikvision). Of course, both Dahua and Hikvision want to have it both ways.
China Dahua just a few months ago, claimed to be a 'California Treasure' to push its own sales, which surely many OEMs and Californians found disconcerting.
Dahua has been ramping up its direct branded sales and now aims for 200 employees in the US to compete against its OEMs. Granted this backdoor and the problems that follow will impede Dahua's ambitions but it is illogical and destructive for an OEM to be competing head to head against its own supplier.
Software Not Appreciated
The China mentality, certainly in this industry, is hardware is valuable and software is just a necessary evil given away for free to sell hardware.
Unfortunately, cyber security increases the value of well developed, backdoor-free, software.
If Dahua did not intentionally put this backdoor in, as they claim, the existence of it plus their response should show Dahua's problems in developing software.
Video surveillance, unfortunately for OEMs, is a software based, IP networked product and, as such, needs to be treated with the care of professional software development, not simply finding a Chinese hardware manufacturer who will sell for cheap and toss in whatever software they scrounge together.
OEMs, indeed, should seriously consider only offering hardware with their own (or properly vetted) software so they can ensure the quality and integrity of it.
As long as Dahua can ride the China economic boom (see their $550 million China government project as an example), they will continue to make money but they have shown repeatedly, capped by the backdoor, that they make a poor partner that deserves the door.