Skip to content
View in the app

A better way to browse. Learn more.
Security Installer Community

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Csl Dualcom Cs2300-R Vulnerabilities

cybergibbons
in Members Lounge (Public)

Featured Replies

As many of you know, I spent some time researching the CSL CS2300-R SPTs last year. I found a series of issues that I think are serious problems. CSL have had 17 months to deal with these issues, and after them dawdling, I opted for co-ordinated disclosure of the issues via CERT/CC.

 

CSL have had 45 days to respond to CERT/CC, and only did so on Friday with a statement that is largely spin and distraction.

 

In summary, the issues found:

  • CSL have developed incredibly bad encryption, on a par with techniques state-of-the-art in the time before computers.
  • CSL have not protected against substitution very well
  • CSL can’t fix issues when they are found because they can’t update the firmware
  • There seems to be a big gap between the observed behaviour of the CS2300-R boards and the standards
  • It’s likely that the test house didn’t actually test the encryption or electronic security
  • Even if a device adheres to the standard, it could still be full of holes
  • CSL either lack the skill or drive to develop secure systems, making mistake after mistake
I have written a blog post detailing these issues, which also links to the full PDF report.

 

Until CSL can demonstrate that their products are standards compliant and secure, I would advise not using them, especially for higher grades.

Edited by cybergibbons

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 
  • Replies 144
  • Views 26.5k
  • Created
  • Last Reply

Is the 2300 the board in grade 3 mode?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

  • Author

Is the 2300 the board in grade 3 mode?

The only difference between the grades is the reporting time, as far as I can tell.

The encryption, the protocol, the lack of firmware updates etc. are the same regardless of grade.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 
  • Author

The vulnerability note from CERT has now gone live:

http://www.kb.cert.org/vuls/id/428280

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

wonder if the BSIA will get involved to assist on of their biggest members

www.nova-security.co.uk

www.nsiapproved.co.uk

No PMs please unless i know you or you are using this board with your proper name.

wonder if the BSIA will get involved to assist on of their biggest members

to assist? in what way?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

  • Author

wonder if the BSIA will get involved to assist on of their biggest members

That's really no way to refer to Simon Banks.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

cg what responses have you had from csl regarding this?


its a bit over my head but can the unit be defeated in the field without access to the unit itself?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

  • Author

cg what responses have you had from csl regarding this?

They haven't communicated with me at all since they tried getting my home address 6 weeks ago.

its a bit over my head but can the unit be defeated in the field without access to the unit itself?

I believe it can, yes. Certainly the ones that use the IP path can be sniffed and spoofed with little trouble. The problem is that I can't push the boundaries any further to prove it.

The real point is that their systems have been designed and operated by people who very clearly are incompetent. If anyone has looked at their security, CSL have totally ignored any findings. God knows what else is there. If you aren't regulated by the law, it could be awful.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Who did they try to get your address from? I hear if you boil the horses head it makes quite a pleasant soup.

Nothing is foolproof to a sufficiently talented fool.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.