Jump to content
Security Installer Community

Risco Agility 3


paul44

Recommended Posts

Posted

I'd much rather have a system where I can update the firmware than one I can't, and as part of that, the manufacturer needs to be open to dealing with reports of problems.

 

Online firmware updates are a bit scary. There's a lot that can go wrong, and it's a big opening for attacks.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

I'd much rather have a system where I can update the firmware than one I can't, and as part of that, the manufacturer needs to be open to dealing with reports of problems.

 

Online firmware updates are a bit scary. There's a lot that can go wrong, and it's a big opening for attacks.

I agree, it can be done but we have to be vary careful. In the mean time we have very few updates so flash dongles and MSX cards still work for us. We will get there.

Posted

Online firmware updates are a bit scary

 

how so?

I agree, it can be done but we have to be vary careful. In the mean time we have very few updates so flash dongles and MSX cards still work for us. We will get there.

On your panels I was under the impression it was board changes or msx cards for firmware upgrades? You now have a flash dongle?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Posted

how so?

On your panels I was under the impression it was board changes or msx cards for firmware upgrades?

So was I, hence why we just ripped a ton of them out.

www.securitywarehouse.co.uk/catalog/

Posted

how so?

On your panels I was under the impression it was board changes or msx cards for firmware upgrades? You now have a flash dongle?

Okay, what was the EuroOne platform now Euro162 has MSX cards and that is the only way to update the firmware. The newer panels Euro46 and Enforcer can be flashed via the RS232 port but the flash dongle is not released and it should be done by one of our reps in the field. So normally advice from product support is to swap the PCB as that is faster. But the facility is there and we are developing it.

Posted

how so?

 

Lots of reasons:

1. It's an opening that wasn't there before to the heart of the system.

2. Quite a lot of systems don't do any checksum or validation of the firmware

3. Firmware updates can and do fail - leaving you with a system that doesn't work.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

3. is true but its the old 'could get hit by a bus tomorrow' argument isn't it?

 

I've never had an update on a panel result in an unusable panel - yet.

If I did it would just as much a PIA if updated manually or automated though.

 

I would worry that, if automated, manufacturers might be tempted to produce a much

higher volume of less well tested releases though.

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Posted

Lots of reasons:

1. It's an opening that wasn't there before to the heart of the system.

2. Quite a lot of systems don't do any checksum or validation of the firmware

3. Firmware updates can and do fail - leaving you with a system that doesn't work.

1, this isn't an autoupdate, ie you have to upload the firmware using the software. This means it can be done locally and remotely. Ive upgraded hkc panels over local usb and remotely via pstn

2, but to get access to the menus etc the system is already compromised

3, true but tat is the case with any update system

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Posted

I've seen enough badly implemented update systems (not on alarms) that really can't handle an update that doesn't go quite right. That's the advantage of being onsite - often the update is done using an ISP header which allows you to recover even if things go wrong.

 

The same is true for BIOS updates on a lot of PCs. Some PCs have dual BIOS flash which means if one doesn't work after an update, it can fallback to a backup.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.