MrHappy Posted May 14, 2013 Posted May 14, 2013 rather than a real security measure? reading the chip & finding clear codes within the hex in an attempt to use on another system is quite a way off a real world concern. Code wise, beyond using an app to have a unique eng + udl code per site to which can only reveal codes within the proximity of the site using gprs (which I suspect a cyber gibbon could screw with) & logging to tie use with job sheets Mr Veritas God
cybergibbons Posted May 14, 2013 Author Posted May 14, 2013 reading the chip & finding clear codes within the hex in an attempt to use on another system is quite a way off a real world concern. Code wise, beyond using an app to have a unique eng + udl code per site to which can only reveal codes within the proximity of the site using gprs (which I suspect a cyber gibbon could screw with) & logging to tie use with job sheets I can't work out where the line is between real world concern and theoretical. I know it's going to differ from one person to another. There's a market for encryption, rolling code, FHSS etc. Do these protect against anything real world? Personally, if I was implementing something for engineer codes in a modern alarm, I'd use a one-time-password system. There's plenty of implementations that could run on embedded hardware. I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
sixwheeledbeast Posted May 14, 2013 Posted May 14, 2013 cybergibbons, on 14 May 2013 - 2:58 PM, said: Personally, if I was implementing something for engineer codes in a modern alarm, I'd use a one-time-password system. There's plenty of implementations that could run on embedded hardware. Pin of the day is this type of setup.However only certain panels have this and not many use it. From a backward compatible POV (panels without POTD) it's probably best to have a different code per site. If you create a company algorithm and use a customer ID number to generate the engineers code. This will stop all your other sites being compromised in this way.
Lwillis Posted May 14, 2013 Posted May 14, 2013 guardall have POTD functionality but thats the only one i know of.
MrHappy Posted May 14, 2013 Posted May 14, 2013 I can't work out where the line is between real world concern and theoretical. I know it's going to differ from one person to another. In the real world attacking the alarms is now quite rare. I had a system masked with silicon on the sensors (old BS one replaced with G3 anti mask ones) & Magnets pulled off doors to prevent setting. Those who have a swag bag & a striped jumper, tend to be in & out of premisese Personally, if I was implementing something for engineer codes in a modern alarm, I'd use a one-time-password system. There's plenty of implementations that could run on embedded hardware. I doubt you would ever be able to implement anything of the sort within a alarm co. due to multipal differnet hardward & legacy equipment Mr Veritas God
sjsturner Posted May 14, 2013 Posted May 14, 2013 Most robberies here are done to sites that have guarding company not policed ones, one site the other month got done and they had nearly 30 mins , needless to say they were long gone.
cybergibbons Posted May 14, 2013 Author Posted May 14, 2013 In the real world attacking the alarms is now quite rare. I had a system masked with silicon on the sensors (old BS one replaced with G3 anti mask ones) & Magnets pulled off doors to prevent setting. Those who have a swag bag & a striped jumper, tend to be in & out of premisese I doubt you would ever be able to implement anything of the sort within a alarm co. due to multipal differnet hardward & legacy equipment So is there absolutely no chance that disabling the alarm will happen at grade 3 and 4? I never buy into the argument that things should stay like they are because it's how they've always been, I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
sixwheeledbeast Posted May 14, 2013 Posted May 14, 2013 In the real world attacking the alarms is now quite rare. I had a system masked with silicon on the sensors (old BS one replaced with G3 anti mask ones) & Magnets pulled off doors to prevent setting. Correct this is about as clever as "clever burglars" get. As I have said before other than above removing the external and hiding around the corner. Not to say it's a bad thing to make things better.
MrHappy Posted May 14, 2013 Posted May 14, 2013 So is there absolutely no chance that disabling the alarm will happen at grade 3 and 4? Outside of a nerd lab ? I'd say no. I never buy into the argument that things should stay like they are because it's how they've always been, The subscribers desire is to fulfil the minimum insurance requirements, if a local jeweller in the city centre is happy enough to have their ADT system flashing its strobe for weeks on end advertising it is requiring resetting, upselling a system thats harder to defeat in "nerd lab" it pretty much a non starter Mr Veritas God
cybergibbons Posted May 14, 2013 Author Posted May 14, 2013 Outside of a nerd lab ? I'd say no. The subscribers desire is to fulfil the minimum insurance requirements, if a local jeweller in the city centre is happy enough to have their ADT system flashing its strobe for weeks on end advertising it is requiring resetting, upselling a system thats harder to defeat in "nerd lab" it pretty much a non starter I'm kind of struggling to see what the point of the higher grade alarms is then, if all the additional functionality doesn't actually protect against any real world risk? Surely the insurers can't have defined grades that are totally pointless? I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Recommended Posts
Archived
This topic is now archived and is closed to further replies.