Jump to content
Security Installer Community

Multiple Serious Vulnerabilities In Rsi Videofied's Alarm Protocol

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

cybergibbons Newbie

cybergibbons

Posted
Posted

As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

 

 

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Dick Newbie

Dick

Posted
Posted

"In summary, the protocol is so broken that it provides no security, allowing an attacker to easily spoof or intercept alarms."

Diabolical.

datadiffusion Newbie

datadiffusion

Posted
Posted

SD1 dialler


As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

 

My impression of RSI is that they have a team of about 2 people in the UK

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

How much other gear is insecure?

 

Who knows. As you all told me, who cares about the RF side. Look at the signalling side. I started and it's not good. Risco, Visonic, CSL and Videofied have all attempted to go further than SIA etc. and they have made massive errors.

 

What I don't get is how badly broken it is. These are not subtle issues - the Videofied work took me less than 3 hours from start to finish. I spent more time trying to contact them and writing the blog post than actually doing the work.

 

I gave up on the UK side and tried the French and US contacts, still nothing. It took CERT to get them talking.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

skywalker Newbie

skywalker

Posted
Posted

As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

you should plan a high profile heist...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept