cybergibbons Posted May 14, 2013 Posted May 14, 2013 I've had some really good feedback from this forum, rather than the usual "it's like that because it's always been like that" attitude that the other alarm forums seem to have. So - a fairly simple question - why do manufacturers and installers restrict access to manuals and codes? I've not yet had an alarm panel that I couldn't get a manual for (though, some of them have required a degree of social engineering). There's no magic bullet to disable these alarms in the manuals. There's more than enough rope for a DIY or inquisitive user to hang themselves, but they'd need a code anyway? As for codes, surely these are never left as default? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
MrHappy Posted May 14, 2013 Posted May 14, 2013 So - a fairly simple question - why do manufacturers and installers restrict access to manuals and codes? The engineering code is defined in the standard for use by the co. My code is not exclusive per site, should I give it to one I have in fact given them access to many sites. The manual is the copy write of the manufacture its not mine to give away or distribute electronic copies, paper copies with products are still there with low end products as co. these are normally removed before the products go on site. Leave a manual & you'll have the sub asking silly questions or tinkering with the system Mr Veritas God
matthew.brough Posted May 14, 2013 Posted May 14, 2013 As for codes, surely these are never left as default? You sure about that? www.securitywarehouse.co.uk/catalog/
cybergibbons Posted May 14, 2013 Author Posted May 14, 2013 The engineering code is defined in the standard for use by the co. My code is not exclusive per site, should I give it to one I have in fact given them access to many sites. The manual is the copy write of the manufacture its not mine to give away or distribute electronic copies, paper copies with products are still there with low end products as co. these are normally removed before the products go on site. Leave a manual & you'll have the sub asking silly questions or tinkering with the system That raises two interesting points. 1. Copyright on manuals and technical documentation isn't clear-cut, especially in the UK and with electronic documentation. If you aren't profiting from it and you aren't claiming it is your own, merely distributing, then I don't think you are in the wrong. 2. Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites? You sure about that? Well, no, I know they are left as default. But surely it is easier to protect systems by changing the pins (which is fairly easy to do, and definitely works) than it is to try and restrict the spread of documents? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
james.wilson Posted May 14, 2013 Posted May 14, 2013 The biggest issue to me is they contain defaulting information. In the wrong hands this is useful info. As we are a security site i want to limit potential perps using them for this purpose. As you have found the average end user doesn't care as they are unaware of the security aspects of various systems. They also think we are as service providers stopping access to systems from a commercial viewpoint. This is not the case securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
GalaxyGuy Posted May 14, 2013 Posted May 14, 2013 2. Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites? Agreed, codes are not secured in panels. Anyone gaining access to hardware could potentially publish all codes. Second hand panels on Ebay, takeovers, Etc. Eng access normally needs to be authorised by a manager user.
matthew.brough Posted May 14, 2013 Posted May 14, 2013 Same engineer code across an installers entire base is not uncommon. Individual site engineer codes and pin of the day are quite rare. Some of the bigger installers I know have had the same engineer code for 10+ years and it becomes common knowledge amongst competitors as engineers move around, friend of a friend etc. On a personal not I wouldn't be upset if an end user had a copy of the ATS engineer manual. Without the codes it is pretty useless to them and the complexity of the panel is no use to them. If I had engineering manuals for my car, wouldnt mean I could do the job of the mechanic. The only issue is the defaulting info and other info that could assist defeating. www.securitywarehouse.co.uk/catalog/
cybergibbons Posted May 14, 2013 Author Posted May 14, 2013 So it sounds like it is more to protect against finger poking by users rather than a real security measure? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
matthew.brough Posted May 14, 2013 Posted May 14, 2013 So it sounds like it is more to protect against finger poking by users rather than a real security measure? From my point, yes. Most end users struggle with set unset and alert acknowleging in so I'd be conceared about an end user reading the engineer guide, reading it can jump through hoops and see features that are not comliant with the rules then asking for them and explaining why not or what they want is going to cost ten times what they they want to pay etc etc www.securitywarehouse.co.uk/catalog/
Joe Harris Posted May 14, 2013 Posted May 14, 2013 Is one code across multiple sites common practice? Nearly every alarm I have worked with stores the codes in NV memory and can be read out if you take the panel apart. So if a low-risk site was compromised and the code retrieved, could that harm high-risk sites? It's good to see you looking at this with the same perspective that I take and the last sentence is one that echoes my finding There is a long, drawn out process of education and understanding ahead sadly...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.