Jump to content
Security Installer Community

Recommended Posts

Posted

Nope. Since I never registered, it's clear the bulk of the database is just a copy'n'paste of all existing customers?

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Posted

Fareham and Worthing? Both there.

 

Pentested means penentration testing, i.e. you get someone who knows how to hack to have a crack at your systems. I'd argue that even ARCs should be having them done (I've done a few now, and found a lot of problems, most easily fixed), but signalling providers with centralised receiving, like CSL and WebWayOne, should definitely be pentested.

The report is about the encryption and general security of the CSL CS2300 signalling units.

ah i see so im assuming thats all the grade shifts then?

 

Part Numbers
CS 2200 DualCom GPRS G2 (+ SIM Card, NVM) and CS2058 box aerial).
CS 2210 DualCom GPRS G2 (+ SIM Card, NVM) and CS2057 ext. aerial).
CS 2300 As CS2200 but to Grade 3 standard
CS 2310 As CS2210 but to Grade 3 standard
CS 2400 As CS2200 but to Grade 4 standard
CS 2410 As CS2210 but to Grade 4 standard

I'm guessing none of you were contacted to tell you your data might have been leaked?

No

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Posted

I'm guessing none of you were contacted to tell you your data might have been leaked?

 

My details ain't on there ;)

 

I had a conversation with the pyronix rep about the sim in Enfocrer home app demo kit,

Looked in the risco store then looked at the CSL M2M website & played with postcodes,

 

Didn't like something so never signed up,

Mr th2.jpg Veritas God

Posted

ah i see so im assuming thats all the grade shifts then?

 

Part Numbers
CS 2200 DualCom GPRS G2 (+ SIM Card, NVM) and CS2058 box aerial).
CS 2210 DualCom GPRS G2 (+ SIM Card, NVM) and CS2057 ext. aerial).
CS 2300 As CS2200 but to Grade 3 standard
CS 2310 As CS2210 but to Grade 3 standard
CS 2400 As CS2200 but to Grade 4 standard
CS 2410 As CS2210 but to Grade 4 standard

No

 

So here is a big part of the problem.

I have 13 boards marked CS2300, made between 2009 and 2013. Firmware version varies. They all suffer from the same issues.

CSL still sell the CS2300 boards marked GradeShift.

 

They say the ones I am testing are not used in the field. I can't see anyway you tell the difference.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

Im sure we can find one from the field but surly a 2300 is a 2300?

 

Well, we'll see what CSL say when the report and vulns are released.

I'll be blunt - I've met with the standards bodies and they are not competent to test the encryption standards. It might be EN50136-1 certified, but the whole bit on encryption is very likely to be self-declared by the signalling provider.

Not sure if this wants splitting out?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.