Jump to content
Security Installer Community

Hello From A Security Researcher

cybergibbons

By cybergibbons
in Introduce Yourself

Recommended Posts

Scotmod Newbie

Scotmod

Posted
Posted

There's any number of scenarios.

* One system is vulnerable to a replay attack from a pin from a wireless keypad. I don't know if the wireless keypads are commonly installed, if they are, that is an issue.

* Simulating a detector and causing it to show in fault/tamper can prevent system from being armed.

* I can actively jam one or more detectors without triggering the alarm on some systems.

I don't think discussing the details around specific alarms is a good idea in a public forum though.

 

No no that's fine. But what i'm going to get at next applies to wired systems.

 

* Simulating a detector and causing it to show in fault/tamper can prevent system from being armed. - Ripping off the magnet from the D/C on the final door also achieves the same. Your hoping to cause enough frustration to the user that they leave it unset rather than wait for the engineer.

 

* I can actively jam one or more detectors without triggering the alarm on some systems. - While set or unset? With any wired system it can be done too. Substitution isn't covered until grade 4 if i'm correct. 

 

I'm just interested in the process of disabling a system while armed without causing any alarm. Is this basically what you can achieve? 

 

For the level of grading however the thief is more likely to use a knife to obtain the keys and fob or smash and grab. However the basis for your research is warranted. 

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

It is worth pointing out the bit where CG mentioned Responsible disclosure

 

The link will explain to anyone unfamiliar with the term and it is worth highlighting that nobody wants us to end up with systems that are more vulnerable in any way - we all want the same end goal.  More secure and effective systems

Thanks Joe. What you say is true - I unequivocally do not want to sell a device to stop alarms working on ebay. I am saying that this is possible, and I am surprised it has not been done before.

I don't just think this applies to grade 2 wireless panels. What if issues exist in wired grade 4 panels? What would happen if you could easily disarm any redcare system? There really isn't a mechanism to report issues, and there isn't a culture where investigating them is encouraged.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
james.wilson Mentor

james.wilson

Posted
Posted

There is a mechanism. Here at tsi. Redcare is one of the better system ie gsm not secure. But there are better from a security point of view. Signalling the issue is seperate to detection. By the sounds of things i thought your concentration was detection and defeating at the lower grades?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

* Simulating a detector and causing it to show in fault/tamper can prevent system from being armed. - Ripping off the magnet from the D/C on the final door also achieves the same. Your hoping to cause enough frustration to the user that they leave it unset rather than wait for the engineer.

Requires prior access to the property. A properly installed DC should not have an external magnet. I suspect a user would inspect the sensor with the issue and see physical tampering. A key problem with wireless is you can spend a long time outside the property playing with the system. You don't even need to be present - I have a proof of concept device which can be left for days gathering arm/disarm commands for later replay.

* I can actively jam one or more detectors without triggering the alarm on some systems. - While set or unset? With any wired system it can be done too. Substitution isn't covered until grade 4 if i'm correct. 

Again, you need access to the property and time for a wired system. I can do this from outside the property, enter, mask the detector, and get on with my business.

 

I'm just interested in the process of disabling a system while armed without causing any alarm. Is this basically what you can achieve? 

On some alarm systems yes. One alarm system can be crashed using malformed packets. The system is split into two - one microprocessor dealing with wireless comms and another for the normal alarm features. The wireless microprocessor hangs. The other one doesn't know what to do and just sits there, armed, but not doing anything. Manufacturer has not responded to this.

For the level of grading however the thief is more likely to use a knife to obtain the keys and fob or smash and grab. However the basis for your research is warranted. 

Again, I agree that the typical burglary doesn't involve alarm bypass. But look back 10 years, and the typical BMW theft didn't use some pretty advanced techniques to bypass the immobiliser. The playing field and players change all of the time.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept