Vulnerabilities In Ip Alarm Signalling Protocols

[james.wilson]

I think if the way some so called high end comms devices mechanisms were known then a lot of people would worry about their preffered supplier. Then worry about who would get sued 'if' the break in occurs,

[ccbrennan]

Just to brighten your day ... the slippery slope of reducing security, non compliant installation, no encryption and long reporting times would result in a less well managed system, with more incidents. Whilst end users could benefit from "lower costs" the reduction is returned to the installer/keyholder/insurer as a cost which they have to bear - that's whey there are standards there to help the professionals sell a service instead of a bag of nuts and bolts.

 

A simple and very sad tale below which is in the press now ... in summary a family buys their 14 year old boy a bike, the brakes are not tightened correctly, the boy ends up out of control down a hill and is killed on the A4 by a van. Nobody saw it coming, but if the basics had been got right ... none of this would have happened.

 

Get the core of the solution right. Stick to it. Nobody gets hurt.

 

 

Kadian Harding inquest: Coroner raises bike safety concerns

Kadian, from Steep, in Hampshire had been out on a ride with his family when the accident happened

Continue reading the main story Related Stories

• Brake had failed before cyclist died
• Fatal cyclist 'had brakes concerns'

The coroner for Wiltshire and Swindon is to ask accident prevention charity Rospa to highlight the need for brake safety on bicycles after a boy's death.

David Ridley made his comments at the hearing into the death of 14-year-old Kadian Harding who was hit by a van in July last year.

The front brake failed as Kadian, from Steep, Hampshire, cycled down a hill near Marlborough.

Mr Ridley recorded a narrative verdict at the inquest in Salisbury.

He said he would contact the Royal Society for the Prevention of Accidents detailing the "lessons learned" to see if anything can be done to raise the awareness of getting a bike checked before it is first ridden.

Summing up at the inquest Mr Ridley said the front brake suffered a "complete catastrophic failure" due to the pinch bolt "more likely than not being sufficiently tight" and causing the cantilever not to function at all.

'Perfectly safe'

Kadian had been out on a bike ride with his family on the day he died.

He was riding down a steep path with five other people, including his father and aunt, when he was unable to stop as he approached the busy A4.

During two days of evidence, the inquest heard the teenager had taken the bicycle to a shop close to his home in Hampshire on at least two occasions in the weeks before his death.

On the day he died, Kadian had taken the bicycle to a shop in Marlborough, having been told to get the brakes checked by his father.

Mr Thomas Harding, an experienced cyclist, told the hearing: "I specifically said 'we are really concerned about the brakes. You must get the front and back brakes looked at.'

"He said they looked over all the brakes and replaced a cable. I didn't have a go [on the bike] but I did try both front and back brakes.

"I noticed they were much firmer."

Philip Birkett, owner of Acceler8, said Kadian had asked him to look at the gears and the rear brakes.

"I stand by my work and everything I did was correct. When that bike left the shop it was in a perfectly safe condition," he said.

 

 

[cybergibbons]

By the way, if anyone at WebWayOne thinks the post has anything dodgy in, I'll change it. None of the statements refer specifically to your system, they are just inferences, but I could see how someone could link them.

[cybergibbons]

So the WebWayOne doesn't use ARM, it's a Freescale Coldfire processor. Some of these have a really good hardware encryption block that does AES and DES very easily and quickly. I don't think I've looked at two bits of alarm equipment with the same processor in it!

[ccbrennan]

I haven't seen anything "dodgy" in your posts. This is a great subject. As an ATS provider we have to be able to sell a secure solution in volume.

 

The cost of the solution is a combination of development, hardware, software, support services and administration (hardware invoicing and ongoing billing). 

 

As a service provider you can build in alot of unforeseen cost by having too many variants of a solution. That's why we build a core platform that's as secure as we can make it for the money. Just so happens that by selecting the right hardware footprint you can pack in alot of security and still meet the market price points.

 

Getting the AES or other encryption standard in there is the first part - but you then have to manage the key creation, distribution and 24 hour "randomised" (lets not get started on what constitutes random) key change.

 

We often say "if it was that easy we'd have finished this thing years ago" (generally referring to creating a pins only IP clone of a Redcare or CSL. However integration and the solution management of any signalling technology (PSTN, GPRS, 3G, Wi-Fi, IP) requires rigour and the right communications professionals.

[cybergibbons]

That's another point - a lot of systems have fallen over on encryption before due to poor random number generation (calling rand() with a fixed seed isn't uncommon).