Jump to content
Security Installer Community


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by cybergibbons

  1. TBH, I would prefer self-certified, as it shows that self-certification isn't all it's cracked up to be. Is it possible to tell what has been done? To be blunt, I don't understand how some alarms are standards compliant as they just don't seem to detect jamming.
  2. Can't see any reason why it wouldn't work. Just be aware that the adapters get warm, and don't like being covered. I'd provide for means of power cycling without climbing into the loft, if possible.
  3. I'd like to properly demonstate that graded wireless alarms aren't immune to jamming and replay attacks. In 2012/2013, I found that a Cooper iON alarm could be jammed and replayed, as it uses 1-waay RF and the protocol seems pretty legacy. What other 1-way alarms are on the market? Texecom is 2-way, Pyronix is 2-way, HKC is 2-way.
  4. Obviously you can't judge value of good inside from size of house, but there are several 5/6 bedroom houses in Ealing and Hounslow with Yale alarms.
  5. Ah, ok. I mean, given that the jamming works (and works well), then I think that would be the attack chosen. Only downside to it is that you don't get confirmation the alarm is disarmed, you need to hope for the best. The replay is awkward as well, as capturing the signal requires you are there when the alarm is armed or disarmed (you can modify one signal to the other easily). That means planning, and the last few "psychology of a burglar" things I have read suggest there is rarely any planning beyond driving round the area beforehand.
  6. They'd be in a pretty weak position, given they OKed me releasing the issues.
  7. 1. It's really not just Yale that have the issue. Anything that isn't 2-way suffers from the issue, including the graded stuff. If you take a look at a number of systems, they aren't 2-way. 2. The jammers are available from China for £50.
  8. Not all signals you see are jammers, but the boxes the police are recovering are. 25W would be horrific in a built up area for these things. 500mW is already enough!
  9. In that instance, Domonial in a new build. They hadn't paid for maintenance, and were asking if I could recover the log from the panel. I can't even vaguelly work these panels out even with an engineers code. Quoted £500 to have a look but they weren't interested.
  10. There's evidence of jammers being used a lot for car theft now, the police are finding them fairly regularly, and a few court cases have had them submitted as evidence. Basic jammers though, just sending a signal all of the time. Thing that is puzzling is that, as far as I know, the police haven't recovered any of the gizmos used to get past the more advanced security. Plenty of CCTV footage of thieves walking up to cars and stepping in though. Yep. Unfortunately the people who contacted me wanted me to look into it for free, so it was just emails back and forth.
  11. That's about the upper limit, but with a mix of £20s and £10s, normally a lot less. The ones in banks tend to be filled with more. Look at these muppets though - spent months digging a tunnel to net a couple of thousand: http://www.manchestereveningnews.co.uk/news/greater-manchester-news/mole-gang-dig-100ft-tunnel-679754
  12. I dunno, the houses with them on are getting bigger and bigger, and some of the amazon reviews talk of big installs. The PIN etc, yeah, not likley. The jamming though, really easy, reliable and cheap. I'd love to say much more expensive alarms can't be jammed, but a fair few can. So far in the last 4 years, I've had 8 people approach me about break-ins without alarms going off. One of them I would definitely put down to mental health issues, one was a wired alarm, but the other 6 look credible. Hard to say really. Just think manufacturers should all be pulling their weight here,
  13. They seem to have had a bit of an odd history with alarms, looks like they were a bit more like ADT a long while back, then went to just consumer, and are now back trying some pro installs.
  14. That was the earliest one I could see - 1993-ish. Were there any others around that time?
  15. Last week I presented at IFSEC on the issues with wireless alarms, especially the cheap ones. It was received quite well, but we weren't allowed to name names. We've published a blog post about it now: https://www.pentestpartners.com/blog/alarm-systems-alarmingly-insecure-oh-the-irony/ The short of it - easy to jam, easy to replay disarm signals, you can sniff the PIN over-the-air if you use a remote keypad, you can brute-force the PIN as well. I reported these issues to Yale 4 years ago. However, they seem to be getting more and more popular as time goes on.
  16. We've just published a blog about why these alarms are not great. Stick with graded wireless or wired if possible. If you look on my personal site, you can see what I think of the various systems. https://www.pentestpartners.com/blog/alarm-systems-alarmingly-insecure-oh-the-irony/ The short of it - easy to jam, easy to replay disarm signals, you can sniff the PIN over-the-air if you use a remote keypad, you can brute-force the PIN as well. I reported these issues to Yale 4 years ago.
  17. We're planning on publishing something about securing DVRs and IP cameras in the next month or so... sorry for the delay.
  18. Yeah, happy to write something up. Short of time at the moment.
  19. I can hopefully clarify a bit. Your own computer can be used as a pivot as well. It probably would be used as a pivot if you are running XP, with no firewall, no antivirus, out-of-date software, and you didn't care when it started crawling to a halt and the cursor started moving of it's own accord. That's pretty much what a DVR is - out of date OS, with no firewall, no antivirus, no updates, and you can't actually see what it is doing. Personally, I would make sure that I wasn't responsible for security issues with the DVR. I don't know the solution though, it's something we are working
  20. These attacks regularly happen against routers and are automated and embedded on far more sites than you'd imagine.
  21. If I embed an image link in a web page or email: And you visit that site, the request will be made to the DVR and it will act on it. I can't see the response, but that doesn't matter. So you might have the DVR on another IP. WebRTC will allow me to find your PCs IP. I can then scan the rest of the IPs for the DVR, maybe checking for an image on the login page. Then change ps for the reverse shell command. The DVR will then connect to my server and allow me to control it. This would only be stopped by outbound firewalling, which is rare on home and small busi
  22. Samsung DVRs have known issues: https://www.andreafabrizi.it/?exploits:samsung:dvr https://www.kb.cert.org/vuls/id/882286 http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html I'm about to publish a vulnerability across many of their IP cameras as well. Hikvision haven't been too bad when reporting vulnerabilities. Their cameras are so-so, still making a lot of mistakes but nothing awful. Not looked at a DVR of theirs.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.