Csl Dualcom Cs2300-R Vulnerabilities

[james.wilson]

do you think insurers, end users or installers will be concerned with your findings?

[norman]

Insurers, end users no.

Installers, maybe

[james.wilson]

id of thought insurers and installers would be. end users less so as they are relying on someones insurance. their own or the installers

[norman]

Insurers in the whole don't have a clue.

[james.wilson]

agreed

[cybergibbons]

The problem in that respect is, where does the liability fall?

A lot of installers see that a product has been third-party tested, and you'll assume it's good. I'd wager that a lot of those installers don't realise that a large part of the standard is self-declared i.e. it's essentially worthless.

The insurers are similar. They've taken it on trust that the products comply with the standard.

Most end-users view the alarm and signalling as a grudge purchase. They don't care - unless they have a large estate of property they want to protect. That's why some of the bigger customers have had pen-tests done on systems.

After today though, it seems a number of insurers are going to start asking questions around signalling.

[Dick]

Insurers in the whole don't have a clue.

Bag and cat spring to mind though. Things might and should change. As an end user I'd be livid with the findings too. Having said that, I'm not an end user of said equipment and I'm not surprised with what CG has released.

[james.wilson]

i know as an approved installer any approval falls onto them on all kit installed. ie your nsi cert makes you liable for all approvals, assuming what you fitted is compliant at the very least puts that compliance claim back on the installer

[BUSTER]

Does anyone know if any Dualcoms have ever been compromised?

[james.wilson]

no i personally dont.

 

But would you fit another knowing the above?