Honeywell IP Cameras Most Widely Used China-Made Products In US Government Networks

With billions in defense contracts, Honeywell says the US government trusts it because “There’s no room for compromise when it comes to national security.”

Yet, for years, Honeywell sold secretly relabelled video surveillance from banned PRC manufacturer Dahua, becoming the most common PRC-made devices in US government networks, according to a new study.

In 2018, IPVM showed that Honeywell’s video surveillance products, both hardware and software, were actually Dahua products:

This practice is called various names – including white-labeling, relabelling, and OEMing.

For example, Dahua and Honeywell device’s web interfaces were virtually identical, as shown below:

Large companies like Honeywell OEM to profit from their trusted brands with minimal effort and enable untrusted companies like Dahua to increase sales. Secrecy around the true manufacturer is critical to these arrangements.

Only four years later, after Congress passed the FCC ban in 2022, did Honeywell drop Dahua “proactively addressing a potential supply chain issue” – but only after unloading its inventory.

Honeywell’s Dahua Most Common PRC Device in US Government

In April 2024, Forescout’s Vedere Labs published a study of PRC-manufactured technology on US networks. It found the most common PRC-manufactured devices on US government networks are relabeled Honeywell cameras, accounting for 11.5%:

By comparison, tiny numbers of Hikvision and Dahua (not Honeywell brand) devices were found despite these devices being far more common among end users generally.

The disproportionate number of Honeywell devices indicates that US government users are being deceived into trusting the brand.

In a follow-up report, Forescout argues that pricing-focused procurement practices and white-labeling / OEMing are responsible for this increase.

Report Sampled 7.5 Million US Devices

Forescout analyzed 7.5 million devices on US networks using its network scanning appliance that “identifies all the devices on your network…providing risk-based device management, threat/vulnerability detection, and so on” for “around 3000 customers, both government and commercial,” its Head of Security Research Daniel dos Santos told IPVM. Some customers chose to “share some anonymized data,” giving Forescout insight into devices, including their OUIs, on a wide range of networks.

As dos Santos explained, this is just a fraction of networked devices in the US. Forescout’s data nonetheless offers rare insight into government and commercial networks and could provide reasonably accurate figures on trends among such organizations.

Honeywell is at Fault, Should Alert End Users

End-users have a right to know who manufactures their products and to decide for themselves how that information impacts their security decisions. The US government banned Dahua procurement over security concerns in 2018.

As a major federal contractor, Honeywell was fully aware of the US government’s concerns, which IPVM also raised with them numerous times. Honeywell operates four key nuclear weapons sites and sells a wide range of military equipment.

Honeywell itself asserts that government end users trust its brand (rightly or wrongly). The company knew that in relabeling Dahua – even software – as Honeywell, US government end users would trust it and buy it. As such, Honeywell brought about this situation due to years of knowing indifference, and should alert the US government and the public.

None of this is hypothetical. In 2019, the US Army’s Fort Gordon planned to purchase banned Honeywell. In 2021, IPVM found banned Honeywell listed for sale on the US government’s procurement marketplace GSA Advantage. Plus, as this report shows, Honeywell PRC / Dahua-made devices are still widely used in US government networks.

No Response From Honeywell

We contacted Honeywell four times over two weeks, but the company never responded.