Id like to know how the popular units do. Ideally I guess youll be doing others. If you need me to send you anything let me know

http://blogs.computerworld.com/18776/mobile_phone_eavesdropping_made_easy_hackers_crack_gprs_encryption

 

Maybe there is something else on top, i don't know, but there must be another level of DualCom encryption, i would imagine linked to the Gemini servers?

Interestingly the connection from arc to Gemini relies totally on an IPSec von with a static key to encrypt the data. I found it a bit poor they require a VPN to the arcs network to provide a secure link and with a static key, I'd it wasn't immensely secure.

matt id like cg to delve into it all on the signalling platforms without you if im honest.

matt id like cg to delve into it all on the signalling platforms without you if im honest.

I don't see how I could assist? He's way more brainy in that department than me.

I think IPSEC with a static key isn't that bad as the key is used to set up a link with per-session key, so replays etc. are protected again.

I guess this is going to be one of the issues with CSL Dualcom - because of the centralised Gemini platform, I'm not going to be able to look at a device in operation properly. I can probably spoof a server to respond in the way it expects.

I guess this is going to be one of the issues with CSL Dualcom - because of the centralised Gemini platform, I'm not going to be able to look at a device in operation properly. I can probably spoof a server to respond in the way it expects.

Someone could send you a live production unit

Wouldn't CSL Dualcom have a fit if they knew that tampered with hardware was being connected to their network?

 

To start with I'm probably just going to change the interface to the M2M module so it connects to something I have control over, should be able to see a lot.

Wouldn't CSL Dualcom have a fit if they knew that tampered with hardware was being connected to their network?

 

To start with I'm probably just going to change the interface to the M2M module so it connects to something I have control over, should be able to see a lot.

That's an interesting question. The way I see it is if I have a production unit that I am paying for, is it any of dualcoms business if i monitor traffic on it? On my webway I do it all the time.

I had a similar discussion with Chiron. As I have access to all by databases I was very surprised when Chiron announced that I aren't allowed to see the data in my SQL database on my server on my network that iris uses. You seem to get a huge variety of responses to seeing under the hood depending on who the vendor is.

I'm not sure, I guess it depends on the contract. Not even sure if you actually really "own" the unit as such?

 

What happens if there is a hole like in SIA-HS where you can masquerade as any other customer? Then it might cause real problems. They could interpret it as hacking as well.

 

No response from the email though, so not anyway of knowing for sure.