james.wilson Posted November 23, 2015 Posted November 23, 2015 id of thought that security on a security signalling device is pretty damn important Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
cybergibbons Posted November 23, 2015 Author Posted November 23, 2015 id of thought that security on a security signalling device is pretty damn important Me too. This is the thing though - it keeps on getting back to "is it being exploited". I have no idea. Neither do CSL. But fundamentally, the device doesn't comply with the standards it claims to. How many of you know the PIN that secures the SMS functionality on Dualcoms in your estate? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Dick Posted November 23, 2015 Posted November 23, 2015 technically its down to installer as thats the final cert issued All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment. 1 Quote
cybergibbons Posted November 24, 2015 Author Posted November 24, 2015 All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment. There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer. As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
cybergibbons Posted November 24, 2015 Author Posted November 24, 2015 I'm still really confused about CSL's product lines. I looked at units that are marked CS2300-R. CSL claim there are only 600 of these in the field. But then this box: http://www.ebay.co.uk/itm/272052537074?ru=http%3A%2F%2Fwww.ebay.co.uk%2Fsch%2Fi.html%3F_from%3DR40%26_sacat%3D0%26_nkw%3D272052537074%26_rdc%3D1 That is a G4 Gradeshift with a Worldsim - marked CS2300-R... Surely there are more than 600 of these? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Dick Posted November 24, 2015 Posted November 24, 2015 There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer. As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though. Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained. Quote
cybergibbons Posted November 24, 2015 Author Posted November 24, 2015 Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained. Ask the question to Redcare, Emizon or WebWayOne - have you been pentested? We already know what one of them will say. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
Dick Posted November 24, 2015 Posted November 24, 2015 Ask the question to Redcare, Emizon or WebWayOne - have you been pentested? We already know what one of them will say. What, and take your fun away, never!! I've stayed away from 'this' technology on purpose waiting for this day of reckoning. Whichever the way you look at it it'll only get worse, or more entertaining, before it gets better. Quote
sixwheeledbeast Posted November 24, 2015 Posted November 24, 2015 That is a G4 Gradeshift with a Worldsim - marked CS2300-R... Surely there are more than 600 of these? I guess it depends on what your calling CS2300-R. Take your ebay example this shows a "CS2300-R" but the product part number is CS2412. It doesn't seem easy to tell which products your vulnerabilities relate to from these CS numbers. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.