cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 The problem in that respect is, where does the liability fall? A lot of installers see that a product has been third-party tested, and you'll assume it's good. I'd wager that a lot of those installers don't realise that a large part of the standard is self-declared i.e. it's essentially worthless. The insurers are similar. They've taken it on trust that the products comply with the standard. Most end-users view the alarm and signalling as a grudge purchase. They don't care - unless they have a large estate of property they want to protect. That's why some of the bigger customers have had pen-tests done on systems. After today though, it seems a number of insurers are going to start asking questions around signalling. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Dick Posted November 23, 2015 Share Posted November 23, 2015 Insurers in the whole don't have a clue.Bag and cat spring to mind though. Things might and should change. As an end user I'd be livid with the findings too. Having said that, I'm not an end user of said equipment and I'm not surprised with what CG has released. 1 Quote Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 i know as an approved installer any approval falls onto them on all kit installed. ie your nsi cert makes you liable for all approvals, assuming what you fitted is compliant at the very least puts that compliance claim back on the installer Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
BUSTER Posted November 23, 2015 Share Posted November 23, 2015 Does anyone know if any Dualcoms have ever been compromised? Quote Any comments / opinions posted are my opinion only and do not represent those of my employer or Company Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 no i personally dont. But would you fit another knowing the above? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
BUSTER Posted November 23, 2015 Share Posted November 23, 2015 I am not in a position to verify if the above is right or wrong, I presume NSI will let us know in due course, does this apply to the latest units/firmware Quote Any comments / opinions posted are my opinion only and do not represent those of my employer or Company Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 nsi dont get into product. so no nsi wont Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
Dick Posted November 23, 2015 Share Posted November 23, 2015 The problem in that respect is, where does the liability fall It has to be the manufacturer for allowing such inferior equipment to be released. Everyone else down the line has worked on trust. 1 1 Quote Link to comment Share on other sites More sharing options...
al-yeti Posted November 23, 2015 Share Posted November 23, 2015 Can't you loop the device somehow and prove it can be defeated , or are they fixed to point to a certain ip, why can't you mimic the ip and then try and defeat it, or you need the device to complete its data connection Matrix stuff eh Quote Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 It has to be the manufacturer for allowing such inferior equipment to be released. Everyone else down the line has worked on trust. technically its down to installer as thats the final cert issued Can't you loop the device somehow and prove it can be defeated , or are they fixed to point to a certain ip, why can't you mimic the ip and then try and defeat it, or you need the device to complete its data connection Matrix stuff eh if you 'test' systems like that then its a criminal offence, ie testing your system without permission. But would you like to know you have an issue or just assume you dont cos it hasnt happened to you yet? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 Does anyone know if any Dualcoms have ever been compromised? Problem is, if they haven't moved on from the CS2300-R, there is no way to detect when a unit has been compromised. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 till the alarm co gets sued for a fail to perform. Logs will show detection but with no confirm, or a faked open it wont be actioned im assuming they have moved on from the units you tested. Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 I am not in a position to verify if the above is right or wrong, I presume NSI will let us know in due course, does this apply to the latest units/firmware Why not start asking CSL questions then? For whatever unit you use... 1. What encryption methods do your devices use? 2. How often do the keys get changed? 3. If there was a critical vulnerability and the firmware had to be updated, who pays the cost? 4. Have your systems been subject to a third-party pen-test? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
al-yeti Posted November 23, 2015 Share Posted November 23, 2015 Sorry I don't get it , CG has a card second hand , he can do what he wants as long as he doesn't connect to csl servers ? Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 Can't you loop the device somehow and prove it can be defeated , or are they fixed to point to a certain ip, why can't you mimic the ip and then try and defeat it, or you need the device to complete its data connection Matrix stuff eh I've done the following: * Built a simulator of the Dualcom DC4 IP server. This means I can make a board believe that it is communicating with the real server when it isn't really. * Built a GPRS modem simulator to show the same thing can happen on the GPRS side. Unfortunately, it seems that Dualcom (and others, like Saxondale and Cubit), seem to think that GPRS is secure. It isn't. im assuming they have moved on from the units you tested. Why don't people ask them if they have moved on? The hardware looks the same. The people are the same. CSL themselves have admitted that they can't update the firmware on any units at all. The formula has worked for them. Why spend money on security when no one is looking? Sorry I don't get it , CG has a card second hand , he can do what he wants as long as he doesn't connect to csl servers ? I can do what I want to the SPT, but to prove there are real issues, you need to show that you can either create fake alarms or spoof normal polling. Not possible without connecting to their servers. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
james.wilson Posted November 23, 2015 Share Posted November 23, 2015 id of thought that security on a security signalling device is pretty damn important Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 23, 2015 Author Share Posted November 23, 2015 id of thought that security on a security signalling device is pretty damn important Me too. This is the thing though - it keeps on getting back to "is it being exploited". I have no idea. Neither do CSL. But fundamentally, the device doesn't comply with the standards it claims to. How many of you know the PIN that secures the SMS functionality on Dualcoms in your estate? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Dick Posted November 23, 2015 Share Posted November 23, 2015 technically its down to installer as thats the final cert issued All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment. 1 Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted November 24, 2015 Author Share Posted November 24, 2015 All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment. There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer. As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
cybergibbons Posted November 24, 2015 Author Share Posted November 24, 2015 I'm still really confused about CSL's product lines. I looked at units that are marked CS2300-R. CSL claim there are only 600 of these in the field. But then this box: http://www.ebay.co.uk/itm/272052537074?ru=http%3A%2F%2Fwww.ebay.co.uk%2Fsch%2Fi.html%3F_from%3DR40%26_sacat%3D0%26_nkw%3D272052537074%26_rdc%3D1 That is a G4 Gradeshift with a Worldsim - marked CS2300-R... Surely there are more than 600 of these? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Dick Posted November 24, 2015 Share Posted November 24, 2015 There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer. As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though. Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained. Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted November 24, 2015 Author Share Posted November 24, 2015 Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained. Ask the question to Redcare, Emizon or WebWayOne - have you been pentested? We already know what one of them will say. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
al-yeti Posted November 24, 2015 Share Posted November 24, 2015 Back to pstn then , more secure Quote Link to comment Share on other sites More sharing options...
Dick Posted November 24, 2015 Share Posted November 24, 2015 Ask the question to Redcare, Emizon or WebWayOne - have you been pentested? We already know what one of them will say. What, and take your fun away, never!! I've stayed away from 'this' technology on purpose waiting for this day of reckoning. Whichever the way you look at it it'll only get worse, or more entertaining, before it gets better. Quote Link to comment Share on other sites More sharing options...
sixwheeledbeast Posted November 24, 2015 Share Posted November 24, 2015 That is a G4 Gradeshift with a Worldsim - marked CS2300-R... Surely there are more than 600 of these? I guess it depends on what your calling CS2300-R. Take your ebay example this shows a "CS2300-R" but the product part number is CS2412. It doesn't seem easy to tell which products your vulnerabilities relate to from these CS numbers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.