ONVIF Suspends Huawei

By John Honovich, Published Sep 20, 2019, 08:14am EDT (Info+)

Huawei has been 'suspended', and effectively expelled, from ONVIF so long as US sanctions remain on the mega Chinese manufacturer.

ONVIF suspends Huawei_2

Inside this note, we examine what happened and what this means for the unprecedented step of being removed from the video surveillance industry's global interoperability standard.

What ********

********* * ********* **, **** ***** to ******* ****** "*********************************" ******:

** **** ** *** ****, *** listing ******************** **., ***. (“******”) *** ** ***-** ********** **as “****** ****” companies by the US Government has necessitated a series of actions by *****. **** *********** ** ** “****** List” *******bars *** ******** ** ****** **** ********* ** ** ********** that is subject to the US Export Administration Regulations. Following a discussion within the Steering Committee, and after conferring with legal counsel, *****placed until this matter is resolved. As such, ********* *** ********* *** **********do *** **** ****** ** *** forums, tools, specifications, and documents, works in progress, or any other material either confidentially held by ******* ********* **** ***************. **** *****’s ********* *** *** ** ******* ** *********** ** ****** ********-****** ****** ** ** *********** ****** the*************** ** **** ******. ** ************ these ******* *** ***** ********.********* **** *******refrain **** **********, ******* ** ************* **** , and ensure that ******** *** * ********* ** *************** ***** ** ************* ******* ** non-public************** ***********. ** *** **** *** ongoing ******* ** ********** **** *** be ********* *** ** *** ***** reflectors *** ****** ****** ************************. [******** *****]

**** ******* *** ** ********************* ****** ** *** ****, ******* them ** *** ****** ****.

***** ******** ** ******* *** ******* clarification ** **** **** ***** ** why ** *** ****.

Huawei ***** ************

****** *** **** ** ***** '****' member *** *****. '****' ** *** highest-paid ***** ***** ** *** ***** ********** **. ****** ** ***** ****** as ** ****** ****** ** *****'* website *****:

****** **** ** ********* ** *****, given *** ***** **** *********.

****** *** *** *************** ********** ********, **** *** **** ****** **** approved ******* ** ********* ****:

Impact ** **********

***** ** ****** ********** ** ******** to *** *** ***** ********* *** to **** ***'* ******** ** ***** conformant, ****** **** **** ***** ****** elements.

********, ****** **** **** ***** *** access **** *** *********** ** ***** standards, ********* ***** **** *** ************ done.

******: ***** **** **** ******** ****** cameras **** *** ***** ********** **** remain ** *** ******** **** *** new **** **** ***, ** **** as **** *** *********.

******'* ******** ********** ******** **** ****** on *** ******* ** ***** ******** achieved *********** ***** ** *** ** government ******. ***** *** **********, ****** does *** **** ****** ** ****** resources **** ** *** **** **** to ****** *** ***********.

*******,*****'* ********* ************** *** ********* *** ******* *** ******* ***** own ******** ** ********* **** ******** supporting ***** ** ****** *** ******* ONVIF *** *** ********** ** **** the ***** *********.

********, ****** ** **** ******* ** selling ***** *** ***-**-*** *********, ********* to ****** ***** **** *** **** dependent ** *** ***** ***** ************.

Rationale *** ********** - *******

** ******* *** ********* *** *** suspension *** ******* ******** ** ************ ONVIF ****, ****** ***** ***** **** not *******, ** ****** ** *******.

***** ** * ** ***-****** (*** ***** **** ********* *******) ***** ************ ******** ****** ******* to ********* *** ****** ******* *** licensed ** ********** **** ***** ****, as ************* **** ** ***** *************:

** *** ****** **** ** ************ are ******** **** *** ** ********** of ******** ***** *******, **** ***** result ** *** ********** / ******* of *****. ***** *** ****** **** the ** ********** ** ******** ***** this, ******* **** ****.

Dahua *** ********* ******** ****

***** ********** *** **** *********** *** same **** ** **************** ***** *** *********. ** ****, if **** ********, ***** ***** **** likely ******* ***** *** *********.

Outlook ************* *** ***********

*** ****** ****** ** ****** *************. ONVIF ** ** *** ** ********* their *** ********* *** *********** ****** that ** *** ****** **** *** Huawei ** ******** ******** ** ***** ONVIF.

*** ******** ****** *** ** **** significant. ** ** *********** ******** **** a ***** ******** ************ ******* ** US ********* ** **********, **** ** us. *** ** ******* **** *** impact ** ********* *** ** ************ severe *** *****.

Update - ********* **** ****** ************* *****

************** *** *********,****** *** **** ********* **** *** Forum ** ******** ******** *** ******** Teams (*****). *************, *** ***** **** *** defending ****** ******* *** ** ********* for **** **********:

*** *********** ********* **** ** *** sale ** ********, ************ ******** ****** protection, ****** *** ******, *** **** others, *** ***** ********** ********* ******* explicit ********* ** ********, ******* ********* or ****** *********** ***** ** *****.FIRST ********** ************ ** **** ******* ********** *** *************, to enable the truly global incident response capability, which we and other organizations represent. [emphasis added]

***** ********** ***** ********* ** *** reason:

***** ********* ************ *** ****** ** changes **** ** *** ** ****** Administration *********** (***), ** ****** ****** up ** * ******** ***** ** had ** ******* ******'* ********** ** order ** ****** ** **** ***** evolving ***********

****** *****,***** **** * ****** ********* ** the ******.

Comments (32)

should we not mention that ONVIF is still ultimately controlled by its founders (and Hik competitors), Axis, Bosch and Sony?

Agree
Disagree: 2
Informative: 6
Unhelpful: 1
Funny: 1

You can mention it but this move clearly has zero to do with Axis, Bosch, and Sony. Also, why are you mentioning Hikvision here when Hikvision is still a full member and only Huawei has been suspended.

Agree: 8
Disagree
Informative
Unhelpful: 1
Funny

my bad, Huawei, not Hik, yet.

but why does this “clearly have zero to do with Axis, Bosch, and Sony”?

you say that

Following a discussion within the Steering Committee, and after conferring with legal counsel, ONVIF placed Huawei’s membership into suspension until this matter is resolved -Emphasis added.

and from ONVIF’s website

furthermore, you say the rationale is unclear

We believe the rationale for the suspension are patents relating to technologies ONVIF uses, though since ONVIF will not comment, we cannot be certain.

it may have zero to do with Axis et al, but disclosing that the controlling body determining the suspension are comprised of competitors, seems consistent with typical journalistic practices.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

As I mentioned / alluded to in the post:

To the extent that US technologies are involved that the US Department of Commerce deems covered, this could result in the suspension / removal of ONVIF. ONVIF has spoken with the US Department of Commerce about this, sources tell IPVM.”

There is no evidence to support any video surveillance manufacture competitors being involved in this. There is evidence to support that the US government drove this and is doing this across many areas that Huawei is involved in.

Agree
Disagree
Informative: 4
Unhelpful
Funny

We believe the rationale for the suspension are patents relating to technologies ONVIF uses, though since ONVIF will not comment, we cannot be certain.

i see a total of one US patents listed by ONVIF. the patent owner is a Japanese company. are there more i’m missing?

imo, that is a relatively flimsy justification for the action.

There is evidence to support that the US government drove this and is doing this across many areas that Huawei is involved in.

there may be evidence that the US drove this, but is the extent of your evidence that sources say “ONVIF has spoken with Department of Commerce”? were they contacted/pushed by Commerce?

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

there may be evidence that the US drove this, but is the extent of your evidence

Lol, what is your evidence that this is a conspiracy by Axis, Bosch, and Sony to strong-arm Huawei out of ONVIF? To be clear, that is one hell of a more interesting and entertaining story but there's no evidence nor even plausible theory behind it.

Department of Commerce has been talking to and directing various US organizations about Huawei. We have good sources that say Department of Commerce did the same with ONVIF.

Also, keep in mind ONVIF is totally toothless, this is not an organization that makes strong stands or makes power moves historically. They can't get enough consensus to stop mass misuse of ONVIF claims and now you think they are trying to suspend rivals?

Moreover, look at how Axis operates. From what we have seen, they were either afraid or uninterested in speaking out or lobbying for the NDAA ban, which has a far bigger effect on them. But, now, they are going to try to muscle out Huawei from ONVIF?

My best hypothesis is this: Commerce told ONVIF that Huawei needed to be out. ONVIF was terrified to do anything, likely afraid that they are placed between Huawei potentially suing them if they did anything or the US Gov if they did not. So ONVIF deliberated for months, with their attorneys, etc., before they made this move that would not even have been publicly disclosed without IPVM's reporting. yes/no?

Agree
Disagree
Informative: 2
Unhelpful
Funny

Lol, what is your evidence that this is a conspiracy by Axis, Bosch, and Sony to strong-arm Huawei out of ONVIF?

i never alleged a conspiracy.

my only point was that it should be noted for transparency sake that the people who ultimately decided that Huawei should be forced out were from Axis, Sony and Bosch, who are competitors.

many readers might not be aware of that, so better that they learn it from IPVM than from some Huawei rep.

standard journalistic move, even if one is not alleging a conspiracy, yes/no?

Agree: 1
Disagree
Informative
Unhelpful
Funny

standard journalistic move

One does not mention every element of an organization being reported. I did not address when ONVIF was founded or how many meetings they have or how many standards they have issued, etc. Why? Because I did not see any of that as being germane to why Huawei was suspended.

If I thought there was any chance that Axis, Bosch, Sony, etc. would have used this to attack Huawei, I would have prominently called this out.

You are free in the comments to bring it up (nothing's being hidden) and I am happy to address why I think it's not relevant.

Agree
Disagree
Informative
Unhelpful
Funny

One does not mention every element of an organization being reported.

ONVIF Chairman Criticizes Low Cost Cameras (Also, He Works At Axis)

:)

Agree
Disagree
Informative
Unhelpful
Funny

Agree
Disagree
Informative
Unhelpful
Funny: 5

my bad, Huawei, not Hik, yet.

yet?

Agree
Disagree
Informative
Unhelpful
Funny

So, the US Government applied the sanctions in May 2019, but it took until September for ONVIF to suspend Huawei? I'm thinking aloud here, but this suspension seems more reactive than proactive. I wonder what the tipping point was, or did it really take 4 months of talks and meetings with committees to pass the ONVIF suspension?

Agree: 1
Disagree
Informative
Unhelpful
Funny

i'm also curious why ONVIF approved a Huawei device on Sep 4th and then suspend them 2 weeks later.

Agree
Disagree
Informative: 2
Unhelpful
Funny

it may be an automatic approval from when a mfr uses the ONVIF compliance tool.

Agree: 1
Disagree
Informative: 3
Unhelpful
Funny

My guess is that ONVIF was suddenly pushed into this decision in some way. Industry organizations (ONVIF, SIA, etc.) do not seem to be very proactive in really caring about things like cyber security, device integrity, tariff compliance. I doubt that ONVIF came to this conclusion solely on their own and out of desire to "do the right thing".

Agree
Disagree
Informative
Unhelpful
Funny

Maybe China should do the same thing to Apple, that seems fair.

Agree
Disagree
Informative
Unhelpful
Funny

Do what? Suspend Apple from the China 'ONVIF'?

From everything we have seen inside China video surveillance organizations, it's controlled by China companies only with virtually no role for foreign companies.

Agree
Disagree
Informative
Unhelpful
Funny

well there’s always PSIA ;)

Agree
Disagree
Informative
Unhelpful
Funny

will “western” cameras that use Huawei’s SOESOC still be considered ONVIF compliant?

Agree: 1
Disagree
Informative: 6
Unhelpful
Funny

I think you are confused...those are ONLY in the minis which literally only work with the companion recorder and are not listed as ONVIF compliant anyways. They are not made to be cross platform compliant or anything else.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

good point about Axis camera companion, in particular. my bad in using that image.

however, the question above the picture was a general one, which you are encouraged to address.

related: Huawei Hisilicon Quietly Powering Tens of Millions of Western IoT Devices

Agree
Disagree
Informative
Unhelpful
Funny

Got it. Fair question in regard to other manufacturers that do use Hauwei in their more day to day cross platform cameras (Honeywell, etc).

The tough part about all of this discussion is that the bans are all treading into new waters and clear lines have not yet been drawn.

It seems they should have their ONVIF conformant tags pulled to match across the board but time will tell.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Update and hat tip to Charles for finding this: Huawei has been suspended from the Forum of Incident Response and Security Teams (FIRST). We added a section to the report addressing this.

Agree
Disagree
Informative
Unhelpful
Funny

do you think that ONVIF will take any action against other devices using Huawei SoCs, such as decompliance?

are you in contact with someone at ONVIF who might comment on this potentially impactful possibility?

Agree
Disagree
Informative
Unhelpful
Funny

ONVIF will take any action against other devices using Huawei SoCs

What? What can ONVIF do about Hisilicon SoCs? ONVIF cannot police their own trademark, what can they do about Huawei SoCs?

Agree
Disagree
Informative
Unhelpful
Funny

they could remove them from ONVIF conformant device list, just as the Huawei cameras will be.

from a national security standpoint, a huawei camera and a non-huawei camera with a huawei SoC present a similar threat.

and doing this might have a bigger impact than banning huawei cameras.

because, unlike huawei, who doesn’t have a significant us presence, other companies with devices powered by Huawei, like Honeywell for instance, do. and they might move to eliminate huawei powered product rather than forgo ONVIF compliance.

and unlike Crappy Cam, who can claim false ONVIF compliance with little fear of consequences, large us corporations are less likely to fraudulently claim compliance, not because of enforcement, but because of the possible negative image that would result.

so ONVIF does have some power, in this specific instance.

and if even a few of the bigger companies relying on Huawei were to transition to a reputable SoC supplier, this would do far more to reduce the NS threat, than delisting a company that does little business in the US. and also deny Huawei far more revenue than the loss of their US cameras.

wouldn’t that be an outcome that you would welcome?

actually, i am somewhat surprised by your surprise to this suggestion, and think it’s certainly worthy of discussion and a request for comment from ONVIF.

Agree
Disagree
Informative
Unhelpful
Funny

Date of publication of this article Sept. 6 ONVIF Exposure To "Devastating DDoS Attacks" Examined followed by suspension on Sept. 20 to me indicates the possibility that the hack was discovered and attributed to the Chinese in code they contributed to ONVIF?

Of course this will never come to light if true.

Agree
Disagree: 1
Informative
Unhelpful: 2
Funny

These two things are definitely unrelated. ONVIF issues specification, not code. It's up to individual companies to develop, share, steal code, etc.

Agree
Disagree
Informative
Unhelpful
Funny

For an open protocol organization is meaningless to follow EL, seems ONVIF a nose of WAX

Agree
Disagree
Informative
Unhelpful
Funny

UPDATE: ONVIF says that existing Huawei cameras that are ONVIF conformant will remain on the official list but new ones will not, so long as they are suspended:

Huawei's existing conformant products will remain on the website as those products achieved conformance prior to the US government action. Under the suspension, Huawei does not have access to member resources such as the test tool to submit for conformance.

Agree
Disagree
Informative
Unhelpful
Funny

Under the suspension, Huawei does not have access to member resources such as the test tool to submit for conformance.

could a Huawei OEM (if one exists or were to exist) submit a camera for testing?

Agree
Disagree
Informative
Unhelpful
Funny

This follows the US government sanctioning Huawei in May 2019, putting them on the entity list.

ultimately what may have precipitated the decision was the August 19 revision to the Temporary General License (TGL). the previous version of the TGL had language that seemed to possibly provide an relevant exemption:

  1. Continued operation of existing networks and equipment: Engagement in transactions necessary to maintain and support existing and currently fully operational networks and equipment, including software updates and patches, subject to legally binding contracts/agreements executed between third parties and Huawei and/or the 68 affiliates and third parties on or before May 16, 2019.

but this was clarified in the August TGL guidance, in particular:

The TGL also adds several exclusions to clarify that “end-devices such as general- purpose computing devices ... would not be considered to be part of an existing and ‘fully operational network’” and thus could not be patched or supported under this authorization. emphasis added

Agree
Disagree
Informative: 1
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports