Jump to content
Security Installer Community

Csl Dualcom Cs2300-R Vulnerabilities


Recommended Posts

id of thought that security on a security signalling device is pretty damn important

Me too.

This is the thing though - it keeps on getting back to "is it being exploited". I have no idea. Neither do CSL.

But fundamentally, the device doesn't comply with the standards it claims to.

How many of you know the PIN that secures the SMS functionality on Dualcoms in your estate?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

technically its down to installer as thats the final cert issued

All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment.

  • Downvote 1
Link to comment
Share on other sites

All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment.

There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer.

 

As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

I'm still really confused about CSL's product lines.

 

I looked at units that are marked CS2300-R. CSL claim there are only 600 of these in the field.

 

But then this box: http://www.ebay.co.uk/itm/272052537074?ru=http%3A%2F%2Fwww.ebay.co.uk%2Fsch%2Fi.html%3F_from%3DR40%26_sacat%3D0%26_nkw%3D272052537074%26_rdc%3D1

 

That is a G4 Gradeshift with a Worldsim - marked CS2300-R...

 

Surely there are more than 600 of these?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer.

 

As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though.

Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained.
Link to comment
Share on other sites

Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained.

 

Ask the question to Redcare, Emizon or WebWayOne - have you been pentested?

 

We already know what one of them will say.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Ask the question to Redcare, Emizon or WebWayOne - have you been pentested?

 

We already know what one of them will say.

What, and take your fun away, never!! I've stayed away from 'this' technology on purpose waiting for this day of reckoning. Whichever the way you look at it it'll only get worse, or more entertaining, before it gets better.
Link to comment
Share on other sites

That is a G4 Gradeshift with a Worldsim - marked CS2300-R...

 

Surely there are more than 600 of these?

 

I guess it depends on what your calling CS2300-R.

 

Take your ebay example this shows a "CS2300-R" but the product part number is CS2412.

 

It doesn't seem easy to tell which products your vulnerabilities relate to from these CS numbers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.