loading . . . Presentation Highlights Risks of White-Labeled IoT Devices in Security and Compliance The presentation by Rob King, Director of Applied Research at runZero, focuses on the prevalence of white-labeled IoT devices—particularly security cameras and network equipment—manufactured by companies like Dahua and Hikvision but rebranded under names such as Honeywell, Bosch, Hyundai, and Lorax. These devices are often banned in government and critical infrastructure networks in Canada and the U.S. due to national security risks, yet thousands remain deployed under alternate branding. The talk demonstrates methods to identify these devices, including analyzing MAC addresses, HTTP headers, SSL certificates, discovery protocols (SNMP, WSD, MDNS, SIP), and proprietary protocols like Dahua’s DHIP and Hikvision’s SADP. Regional variances in firmware versions were also highlighted, showing how devices sold in specific countries may have different security profiles or regulatory compliance, with rare versions in North America often originating from auctions or personal imports. The speaker emphasized that white-labeling obscures the true manufacturer, complicating compliance with bans at federal, provincial, and state levels. Tools like Wireshark were recommended for network analysis to detect these devices. The conclusion stressed the importance of verifying device provenance to avoid legal, policy, or cybersecurity risks. https://www.cyberhub.blog/article/25348-presentation-highlights-risks-of-white-labeled-iot-devices-in-security-and-compliance
