Csl Dualcom Cs2300-R Vulnerabilities

**norman** · November 29, 2015

I don't think any historic failures are irrelevant, a lot can be learned from them surely?

**jimcarter** · November 29, 2015

I don't think any historic failures are irrelevant, a lot can be learned from them surely?

In the context of this thread, yes, pretty irrelevant.

But if you didn't know there was an issue with your security, then yes, it would be useful but a pretty painful experience and the repercussions would be acute.

cybergibbons · November 29, 2015

But surely there would be a record of failures where perhaps a bulgary or fire took place and perhaps no signalling was sent ,regardless of csl it would show up with the Maintainer no?

A fair number of installers have reported them not working though.

http://www.diynot.com/diy/threads/csl-dualcom-cs2300-r-vulnerabilities.447125/#post-3514570

That's not the first person who has said this. Looking at their protocol, maybe I missed something more obvious - if the unit sends an alarm, and then goes back to normal, all you need to do is stop that signal getting through. There is no sequence number at all, no end-to-end acknowledgement.

I don't think any historic failures are irrelevant, a lot can be learned from them surely?

Rob Evans, when he called me to ask me to take down the initial reverse engineering posts, specifically mentioned a case where a Dualcom unit had failed to send a panic alarm, and the shop owner had been injured. I wouldn't want that to happen if I released my research?

I think CSL may not be letting on how many failures they have.

**al-yeti** · November 29, 2015

That probably goes for many manufacturers, they can't really prove failures when "hacked" if that's the right word to use

Historical is relevant in the sense of see what has occurred and was not reported ,

Although it seems programming can cause those issues by the house basher , and then you don't get the correct alarms sent through anyway!

james.wilson · November 29, 2015

Al this is imo far more serious than anyone getting the pins wrong. Anyone has the right to assume what they fit will do the job and won't be compromised. Grade 2 who cares its low risk. G3 and above is different.

I'm interested in nova's comment that the loss would be down to the arc, I don't see that as the arc didn't certify compliance the installer does. We assume the chain complies when the cert is issued. I'm seriously concerned about this and like the vw thing doubt its just one.

**al-yeti** · November 29, 2015

No doubt it's serious

But nothing is being proven that it will fall over or could be compromised except on particular units

I'd say they staying quiet while they perform there own tests and find a way to patch it if it's at all true

But nothing will be fool proof , all software and ip connections will have weaknesses

Come on back to pstn ?

CG this is right up your street should have given them heads up!

http://www.bbc.co.uk/news/technology-34944140

Edited November 29, 2015 by al-yeti

james.wilson · November 29, 2015

Al the units tested are gprs pstn. If you think pstn is secure then id suggest you look at the dtmf protocol.

Question. Would you fit gear with a security question mark over it?

**norman** · November 30, 2015

The loss would only be down to the ARC if they failed to action, not receiving, or receiving false data in the first place exonerates them imo

**jimcarter** · November 30, 2015

No doubt it's serious

But nothing is being proven that it will fall over or could be compromised except on particular units

But nothing will be fool proof , all software and ip connections will have weaknesses

Come on back to pstn ?

Any time you begin to communicate and you have sensitive data to transmit there is a requirement for encryption.

It does not matter whether its the written word, the wireless radio (the Enigma machines from WW2), encrypted telephone links between governments or your bank transactions, and yes, Alarm Transmission.

You may "well they broke the Enigma code" but you have to remember the hours, weeks, years that went into that and part of the key to cracking this was the fact that the Germans were transmitting a set pattern of data with every transmission (the weather reports). In basic terms, they gave away the key to their encryption through predictable messaging. What is equally if not more important, was keeping the fact that the code was broken from them, so that they could be fed miss-information.

So no, PSTN, (or back to Pigeons if you like!), is not the answer.

Getting the encryption technique right is, and its a basic requirement.

If communications security is compromised, then everything that is current or went before is at risk until a new form of encryption is deployed, and in modern communications that means a software update.

**al-yeti** · November 30, 2015

Al the units tested are gprs pstn. If you think pstn is secure then id suggest you look at the dtmf protocol.

Question. Would you fit gear with a security question mark over it?

Of course , remember the old dtmf trick ? Little keypad etc for accessing services

Sign In

Csl Dualcom Cs2300-R Vulnerabilities

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Important Information