sixwheeledbeast Posted April 24, 2021 Posted April 24, 2021 We are talking about a security system here, having back door use once code in them all would be a serious exploit. Just like a back door in encryption seems logical to governments until this back door is then exploited worldwide or used against them. Engineering code is no customer lock in (for these panels) you can change to a different maintainer without it. It protects the company from users changing parts of the programming which may cause the system to fail, it's in the regulations that the engineer code is to be kept secure by the company for this reason. Also as your jobbing electrician knows you can decommission the system without any codes, so I fail to see the issue. Quote
meditek Posted April 24, 2021 Author Posted April 24, 2021 No more crackable than the present used a lot user and engineer codes (which are probably all the same for all this model). Nobody's managed to crack Apple's Iphone access codes yet despite putting the FBI onto it. My issue is entirely about being left with a system still controlled by ADT after I cancelled my contract and being asked to pay for release. If they were concerned about software rights they would have a system in place to wipe it as one does with a hard disk if you're selling it. I was under the impression that Honeywell designed the software and ADT simply used it so it's odd that they can claim intellectual property rights. Quote
norman Posted April 24, 2021 Posted April 24, 2021 Honeywell design the architecture, the programming is ADT. There is an argument that if you'd planned better you could have had the work done or even down powered on your last inspection visit. Quote Nothing is foolproof to a sufficiently talented fool.
sixwheeledbeast Posted April 24, 2021 Posted April 24, 2021 It's not controlled by ADT at all it's yours. The payment is for an engineer visit to remove it for you, not release from contract. Anyone concerned about security is unlikely to sell there used hard drive even "wiped". Remote panel wiping would be another backdoor that you would not want as a customer in a system, if the customer wished to use the system while they found another maintainer they would have no system if the outgoing maintainer wiped everything on cancellation. Honeywell maybe the manufacturer but they don't program them, each system is bespoke. You can purchase a computer with it's software (OS/BIOS/EFI) and then make your own programmes or languages and have there own licenses for example. Yes we are talking about tiny embedded systems but its still similar. The panel is the barebones and useless in default state without an engineer knowledgable to programme it for that systems design, you purchase a "security system" from the alarm company not a DIY kit or individual components. 1 Quote
PeterJames Posted April 24, 2021 Posted April 24, 2021 1 hour ago, meditek said: No more crackable than the present used a lot user and engineer codes (which are probably all the same for all this model). Nobody's managed to crack Apple's Iphone access codes yet despite putting the FBI onto it. My issue is entirely about being left with a system still controlled by ADT after I cancelled my contract and being asked to pay for release. If they were concerned about software rights they would have a system in place to wipe it as one does with a hard disk if you're selling it. I was under the impression that Honeywell designed the software and ADT simply used it so it's odd that they can claim intellectual property rights. The problem is in order to wipe it, or do anything to it they have to send someone to site, and they dont have engineers that work for nothing, nor vehicles that do not require any fuel or maintenance to get the engineer to your property, or any admin staff that work for free to organise it, and so on. To have engineer codes per customer would be a real ball ache, we have all thought about this over the years a code based on postcode or customer number. The thing here is, if this was the case and ADT gave out engineer codes to customers when they canceled their contracts it would not be long before the method of how the codes are generated is worked out, leaving all ADT customer vulnerable. ADT have a responsibility for all their customer, and less so for the ones that leave (they are no longer a customer) Later panels can be programmed remotely and panels can be defaulted remotely, but this is a fairly new development, and probably not available when your panel was installed. ADT are not try to scam you, they are protecting their customers, and you are welcome to pay someone else to disable it, or try to disable it yourself, or just leave it where it is and not use it Quote
meditek Posted April 24, 2021 Author Posted April 24, 2021 7 minutes ago, PeterJames said: The problem is in order to wipe it, or do anything to it they have to send someone to site, and they dont have engineers that work for nothing, nor vehicles that do not require any fuel or maintenance to get the engineer to your property, or any admin staff that work for free to organise it, and so on. To have engineer codes per customer would be a real ball ache, we have all thought about this over the years a code based on postcode or customer number. The thing here is, if this was the case and ADT gave out engineer codes to customers when they canceled their contracts it would not be long before the method of how the codes are generated is worked out, leaving all ADT customer vulnerable. ADT have a responsibility for all their customer, and less so for the ones that leave (they are no longer a customer) Later panels can be programmed remotely and panels can be defaulted remotely, but this is a fairly new development, and probably not available when your panel was installed. ADT are not try to scam you, they are protecting their customers, and you are welcome to pay someone else to disable it, or try to disable it yourself, or just leave it where it is and not use it Quote
meditek Posted April 24, 2021 Author Posted April 24, 2021 Programming..Have to say I was under the impression Honeywell supplied the bare bones and the engineer simply added the muscle etc. I was in IT programming from the mid 70's so I'm interested in what language the engineer writes the program in and how he accesses the hardware because I'll probably have a fiddle when it's out? Incidently, by wipe I mean't a proper one that takes a few days like the US gov standards. SSD's are lump hammer material though. Peter, leaving it where it is and not using it would suit me but BT are swapping our phone to cable which it will react to as I suppose it would when the battery finally dies. Power outages set it bleeping and we have 2-3/annum. Re the customer wipe code I suggested. Generation could be by the customer himself at installation thus the method of generation would be random as is the customers access code. As they do a lot of management online, I asked whether they could neutralise it online. NO. I have to say most of the security reasons applied to revealing the engineer's code are equally true of the customer code imho. Incidently, I found and lost a Gov report suggesting that Engineer codes must be unique to the installation though whether that is the law yet I don't know. Quote
sixwheeledbeast Posted April 24, 2021 Posted April 24, 2021 It's still a non-issue. The customer isn't allowed engineering codes for reasons already explained above, plus you can do what you need to without it anyway. It could be decommissioned without it being removed completely. Engineering back doors or remote neutralising solutions into this stuff is a bad idea and simply not needed. If you had an external box like most non-ADT systems in the UK you would physically have to get up to it anyway. Quote
PeterJames Posted April 24, 2021 Posted April 24, 2021 2 hours ago, meditek said: Re the customer wipe code I suggested. Generation could be by the customer himself at installation thus the method of generation would be random as is the customers access code. If the customer had the engineer code from the start, you move liability of the system working as it should to the customer. No insurance company will ever accept it because there is always going to be the worry that the customer deciding to meddle with the system themselves when say they want to move a detector due to decorating. They go into engineer and unwittingly they reprogram the system so that it doesnt work in the event of a burglary. What do you think they will do when they are burgled and the alarm didnt work? I can hear my customers now saying "I have been paying all that money each year and the system didnt work when I was broken into, my insurance wont pay out so what are you going to do about it?" Then from the engineers point of veiw, I know that I would not feel happy being the last person to service an alarm system knowing full well that the customer has the ability to faff around in engineer mode after I have gone. The last engineer on site could get accused of sabotaging the alarm system (inside job) if a customer defaulted zones unwittingly then a burglary was to happen. As others have tried to point out, when you buy a security system, you are not just buying a few items that someone screws to the wall, you are buying an assurance that it will do what it was intended to do. Anyone can screw bits to the wall, programming and testing it to work correctly and understanding how the programming works is another matter. If you want to know the engineer code of your alarm, fit it yourself or use a non accredited company to install it, you wont have anyone to sue if it fails to operate, but when you decide to get rid of it you wont have this problem. Anyway all of this is by the by as you have a man with a hammer coming to sort it for you. Have you told your insurer that you no longer have an alarm btw? Quote
norman Posted April 24, 2021 Posted April 24, 2021 1 minute ago, PeterJames said: Anyway all of this is by the by as you have a man with a hammer coming to sort it for you. Have you told your insurer that you no longer have an alarm btw? To summarise ^^^ Quote Nothing is foolproof to a sufficiently talented fool.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.