Jump to content
Security Installer Community

Csl Dualcom Cs2300-R Vulnerabilities

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

Agreed

 

Stayed away from what technology?

 

Problem is, neither CSL or Intertek are going to openly say "The CSL CS2300 board testing to EN50136 had some parts self declared, including the encryption and substitution protection".

 

Testing the boards to the depth I tested them would cost between £10k and £20k. That's about one third of the cost of testing again. If you wanted the problems fixed, and needed in-depth advice, add another £5k at least.

 

I don't know if WebWayOne want to pass comment on the self declared aspects of standards testing?

 

Interestingly, since the research went live, two separate people have contacted me to talk about integrating the CSL protocol into panels. They were both shocked at how basic the protocol was, and how bad the documentation was.

I'm still finding it odd how little has been said by CSL. The post has far exceeded the traffic generated by Heatmiser vulnerabilities.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

james.wilson Mentor

james.wilson

Posted
Posted

I would hope it was viewed more than a heating controller. Its a bit more serious. I suppose at some point it will be taken up by mainstream media?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

james.wilson Mentor

james.wilson

Posted
Posted

The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough.

How would one verify that?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

james.wilson Mentor

james.wilson

Posted
Posted

are there any dates on the versions you have or a list of firmware release dates?

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

CG how old was the unit you tested, CSL upgraded lots of ours earlier this year

 

Earliest 2009, latest 2013.

What did they upgrade them to?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

How would one verify that?

 

Almost impossible as a third party. As of April 2015, the latest firmware they had available for download suffered from these issues. They don't provide any release notes or changelog, so really hard to tell.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept