cybergibbons Posted November 25, 2015 Author Share Posted November 25, 2015 Agreed Stayed away from what technology? Problem is, neither CSL or Intertek are going to openly say "The CSL CS2300 board testing to EN50136 had some parts self declared, including the encryption and substitution protection". Testing the boards to the depth I tested them would cost between £10k and £20k. That's about one third of the cost of testing again. If you wanted the problems fixed, and needed in-depth advice, add another £5k at least. I don't know if WebWayOne want to pass comment on the self declared aspects of standards testing? Interestingly, since the research went live, two separate people have contacted me to talk about integrating the CSL protocol into panels. They were both shocked at how basic the protocol was, and how bad the documentation was. I'm still finding it odd how little has been said by CSL. The post has far exceeded the traffic generated by Heatmiser vulnerabilities. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
james.wilson Posted November 25, 2015 Share Posted November 25, 2015 I would hope it was viewed more than a heating controller. Its a bit more serious. I suppose at some point it will be taken up by mainstream media? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 25, 2015 Author Share Posted November 25, 2015 The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
BUSTER Posted November 25, 2015 Share Posted November 25, 2015 CG how old was the unit you tested, CSL upgraded lots of ours earlier this year Quote Any comments / opinions posted are my opinion only and do not represent those of my employer or Company Link to comment Share on other sites More sharing options...
james.wilson Posted November 25, 2015 Share Posted November 25, 2015 The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough. How would one verify that? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
james.wilson Posted November 25, 2015 Share Posted November 25, 2015 are there any dates on the versions you have or a list of firmware release dates? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 25, 2015 Author Share Posted November 25, 2015 CG how old was the unit you tested, CSL upgraded lots of ours earlier this year Earliest 2009, latest 2013. What did they upgrade them to? Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
james.wilson Posted November 25, 2015 Share Posted November 25, 2015 So 2013 firmware was in your report? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
cybergibbons Posted November 25, 2015 Author Share Posted November 25, 2015 How would one verify that? Almost impossible as a third party. As of April 2015, the latest firmware they had available for download suffered from these issues. They don't provide any release notes or changelog, so really hard to tell. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
james.wilson Posted November 25, 2015 Share Posted November 25, 2015 So as of April 2015 your findings are valid? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.