Skip to content
View in the app

A better way to browse. Learn more.
Security Installer Community

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Vulnerabilities In Ip Alarm Signalling Protocols

cybergibbons
in Members Lounge (Public)

Featured Replies

the interesting claim- send an alarm for all systems at the ARC w/o revealing an IP(I assume range of accounts on mass or randoms a/c) just need to know the receivers IP & ports no.s

if the protocol is weakness it won't just be the one manufacturer?

Edited by MrHappy

Mr th2.jpg Veritas God

  • Replies 95
  • Views 17.8k
  • Created
  • Last Reply
  • Author

As far as I know, the protocol is mainly used by Alphatronics gear, ENAI make receivers that support the protocol.

 

It doesn't look like the receiver cares about the source IP - only what is in the packet at a higher level.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Well - part of the problem is that those that rely on IP signalling don't seem to want to say what they use. Some deny using it, others won't comment.

As MrHappy has shown, Alphatronics own systems use it. 

 

ENAI who are also big in NL make receivers for this protocol.

I think it's the best kept secret which 2 IP signalling platforms we use. :proud:

www.securitywarehouse.co.uk/catalog/

  • Author

I guess the thing is, how would anyone know if the protocol the use is actually secure or not? If they weren't, could they be updated?

Matt, I know at least one of the people you use takes security very seriously. Would still be interesting to have a go at their signalling though!

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

I have no security concerns at all our preferred signalling is webwayone

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

  • Author

Yes, they are who I think are taking it seriously.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

I guess the thing is, how would anyone know if the protocol the use is actually secure or not? If they weren't, could they be updated?

Matt, I know at least one of the people you use takes security very seriously. Would still be interesting to have a go at their signalling though!

If you want to try a stress test I'd be more than happy to provide you with a unit into our receivers.

www.securitywarehouse.co.uk/catalog/

I have no security concerns at all our preferred signalling is webwayone

 

The nerd in the video was asking for kit to play with, you sending him some new toys ?

Mr th2.jpg Veritas God

Ill send stuff to test yes

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Even the top end TCD's can be compromised. Many are Linux based and once root is gained and init reset watchdogs bypassed, then a whole host of information is available to a would be attacker.

 

Nothing is 100% secure.  :(

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.