Jump to content
Security Installer Community

Csl's M2M Sim Registration Portal Database Leak


Recommended Posts

On 1st May this year, I found it was possible to dump the names, addresses, emails, usernames, and phone numbers of every single user of every single company who had registered on the CSL M2M SIM page. I did not push the investigation any further, but worse may have been visible.

 

http://cybergibbons.com/alarms-2/customer-database-leak-on-csl-dualcoms-sim-registration-portal/

 

If you would like to know if your company was one of the listed ones, I can check for you.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

I have been sent a free sample sim - I didn't register though, so I wonder if the same database is used for internal purposes (unlikely, but possible)

 

Have a look for 'Casa Security'...

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Link to comment
Share on other sites

I have been sent a free sample sim - I didn't register though, so I wonder if the same database is used for internal purposes (unlikely, but possible)

 

Have a look for 'Casa Security'...

 

Number 25, Bristol area?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Should you wish to register...

 

IIRC it asks you if your co is already registered, 

I clicked yes & select postcode of a local co.

& it shows you who at that co, is already signed up

 

Yes - IMO it still leaks data that it shouldn't. The problem was before it used to send the client all of the data in the background. You couldn't see it in the plain, but it was sent.

There's only a few options here:

1. They haven't been pentested. You'd kind of think the biggest signalling provider in the UK would do it.

2. They have been pentested by someone incompetent. If they gave money to the people who developed apprentices4fs.com, this is plausible.

3. They have been pentested and ignored all of the findings.

Who knows?

FYI, on the 23rd November, the CSL Dualcom CS2300 report is being published.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

How about Alarming Company or Wakefield Security?

 

Fareham and Worthing? Both there.

CG

what is pentested?

and whats the report on?

 

Pentested means penentration testing, i.e. you get someone who knows how to hack to have a crack at your systems. I'd argue that even ARCs should be having them done (I've done a few now, and found a lot of problems, most easily fixed), but signalling providers with centralised receiving, like CSL and WebWayOne, should definitely be pentested.

The report is about the encryption and general security of the CSL CS2300 signalling units.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Fareham and Worthing? Both there.

 

Pentested means penentration testing, i.e. you get someone who knows how to hack to have a crack at your systems. I'd argue that even ARCs should be having them done (I've done a few now, and found a lot of problems, most easily fixed), but signalling providers with centralised receiving, like CSL and WebWayOne, should definitely be pentested.

The report is about the encryption and general security of the CSL CS2300 signalling units.

ah i see so im assuming thats all the grade shifts then?

 

Part Numbers
CS 2200 DualCom GPRS G2 (+ SIM Card, NVM) and CS2058 box aerial).
CS 2210 DualCom GPRS G2 (+ SIM Card, NVM) and CS2057 ext. aerial).
CS 2300 As CS2200 but to Grade 3 standard
CS 2310 As CS2210 but to Grade 3 standard
CS 2400 As CS2200 but to Grade 4 standard
CS 2410 As CS2210 but to Grade 4 standard

I'm guessing none of you were contacted to tell you your data might have been leaked?

No

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Link to comment
Share on other sites

I'm guessing none of you were contacted to tell you your data might have been leaked?

 

My details ain't on there ;)

 

I had a conversation with the pyronix rep about the sim in Enfocrer home app demo kit,

Looked in the risco store then looked at the CSL M2M website & played with postcodes,

 

Didn't like something so never signed up,

Mr? Veritas God

Link to comment
Share on other sites

ah i see so im assuming thats all the grade shifts then?

 

Part Numbers
CS 2200 DualCom GPRS G2 (+ SIM Card, NVM) and CS2058 box aerial).
CS 2210 DualCom GPRS G2 (+ SIM Card, NVM) and CS2057 ext. aerial).
CS 2300 As CS2200 but to Grade 3 standard
CS 2310 As CS2210 but to Grade 3 standard
CS 2400 As CS2200 but to Grade 4 standard
CS 2410 As CS2210 but to Grade 4 standard

No

 

So here is a big part of the problem.

I have 13 boards marked CS2300, made between 2009 and 2013. Firmware version varies. They all suffer from the same issues.

CSL still sell the CS2300 boards marked GradeShift.

 

They say the ones I am testing are not used in the field. I can't see anyway you tell the difference.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

Im sure we can find one from the field but surly a 2300 is a 2300?

 

Well, we'll see what CSL say when the report and vulns are released.

I'll be blunt - I've met with the standards bodies and they are not competent to test the encryption standards. It might be EN50136-1 certified, but the whole bit on encryption is very likely to be self-declared by the signalling provider.

Not sure if this wants splitting out?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

 It might be EN50136-1 certified, but the whole bit on encryption is very likely to be self-declared by the signalling provider.

 

 

Isn't that 'Self Declared' bit the whole industry in general.

www.nova-security.co.uk

www.nsiapproved.co.uk

No PMs please unless i know you or you are using this board with your proper name.

Link to comment
Share on other sites

Isn't that 'Self Declared' bit the whole industry in general.

 

I think that is part of the problem, but to sell signalling devices in some places (Spain, at least), you need third-party testing.

The CS2300 has been tested:

https://twitter.com/CSLDualCom/status/486496083322093568

 

But, after speaking to the testing house, it is highly likely that the entire encryption and substitution protection bit is self-declared, even when third-party tested. Personally, I don't think that's made clear.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

On 1st May this year, I found it was possible to dump the names, addresses, emails, usernames, and phone numbers of every single user of every single company who had registered on the CSL M2M SIM page. I did not push the investigation any further, but worse may have been visible.

 

http://cybergibbons.com/alarms-2/customer-database-leak-on-csl-dualcoms-sim-registration-portal/

 

If you would like to know if your company was one of the listed ones, I can check for you.

 

Can you check if I'm on there Mercury Security Management?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.