Jump to content
Security Installer Community

Csl Dualcom Cs2300-R Vulnerabilities

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

Dick Newbie

Dick

Posted
Posted

Angry.

I suppose if you can't manage a decent post on CG's findings something is better than nothing. His findings have no bearing on me whatsoever but I note them with interest, nothing more. When it comes to security I'm an end user so evaluating the information is important should I go a particular route. However, the results haven't come as a total surprise, the level of incompetence on the other hand has though.
  • Downvote 1
Link to comment
Share on other sites
PeterJames Experienced

PeterJames

Posted
Posted

 I don't have to pretend all is well in the world of security like some of you guys obviously are.

None of us are pretending anything, there has been and all ways will be ways around security systems, so long as the kit is one step ahead of the type of burglar expected then whats to worry about?  I understand that there are vulnerabilities with some of the signalling options available, but I also understand the risk and anyone with any real intelligence are unlikely to want to risk their freedom for low value. On the other hand if something is worth protecting then its worth protecting properly that means understanding the risk. I have been in this industry for over 25 years now and I cant think of a burglary where any real technical intelligence has been used. Though I have seen many clever burglaries in my time

  • Upvote 3
Link to comment
Share on other sites
Dick Newbie

Dick

Posted
Posted

None of us are pretending anything, there has been and all ways will be ways around security systems, so long as the kit is one step ahead of the type of burglar expected then whats to worry about?  I understand that there are vulnerabilities with some of the signalling options available, but I also understand the risk and anyone with any real intelligence are unlikely to want to risk their freedom for low value. On the other hand if something is worth protecting then its worth protecting properly that means understanding the risk. I have been in this industry for over 25 years now and I cant think of a burglary where any real technical intelligence has been used. Though I have seen many clever burglaries in my time

Peter, the lack of any real input from installers on here has been noted and not just by myself. One point of CG's findings is that serious vulnerabilities can't be patched in some cases so keeping one step ahead of threats isn't going to happen. You may well have been in the industry since Noah but we are in 2015 now and facing a different kind of threat from, in some cases, kids younger than your favourite pair of socks who have more technical knowledge than most, if not all, any old school installer on how these things tick. You talk like a bigger cost option is definitely more secure than a cheaper device but maybe CG has more to come to dispel that belief.

Grade 3 security aside who wants their automation equipment being messed with as is happening now with things like central heating being turned up at daft hours by a hacker? Expecting proper secure coding isn't much to ask is it?

  • Downvote 1
Link to comment
Share on other sites
al-yeti Experienced

al-yeti

Posted
Posted (edited)

Peter, the lack of any real input from installers on here has been noted and not just by myself. One point of CG's findings is that serious vulnerabilities can't be patched in some cases so keeping one step ahead of threats isn't going to happen. You may well have been in the industry since Noah but we are in 2015 now and facing a different kind of threat from, in some cases, kids younger than your favourite pair of socks who have more technical knowledge than most, if not all, any old school installer on how these things tick. You talk like a bigger cost option is definitely more secure than a cheaper device but maybe CG has more to come to dispel that belief.

Grade 3 security aside who wants their automation equipment being messed with as is happening now with things like central heating being turned up at daft hours by a hacker? Expecting proper secure coding isn't much to ask is it?

Why not just tell em your a house basher who dabbles with diallers, but to be a pro house basher like me you got to realise customers will rarley use outputs on them

So although I am a hard core house basher, monitoring is not my business model , house bashing is just wack a dialled in with the odd one paying for a gsm as well

Off topic hkc needs a free basic app lol

Edited by al-yeti
Link to comment
Share on other sites
Dick Newbie

Dick

Posted
Posted

Why not just tell em your a house basher who dabbles with diallers, but to be a pro house basher like me you got to realise customers will rarley use outputs on them

So although I am a hard core house basher, monitoring is not my business model , house bashing is just wack a dialled in with the odd one paying for a gsm as well

Off topic hkc needs a free basic app lol

Just like every village has one, a forum does too and it is never that long before they appear.
  • Downvote 1
Link to comment
Share on other sites
jimcarter Newbie

jimcarter

Posted
Posted

Seriously, shouldn't you guys be asking about CG's findings rather than trying to play Give us a Clue with me?

I think you are right and the focus should be back on the topic, unfortunately I have to remain rather cautious as the subject is a competitive service. 

 

CGs work is very good and has been endorsed not only by me but Texecom in a separate thread.

 

This is an extremely important topic and one that we (WebWayOne) take incredibly seriously, indeed we have argued at the standards committees that all communications should be at the highest level, no matter what the risk. It makes absolutely no sense to say "well its only low risk so we don't need to bother about security, its never happened before and probably never will".

 

That is insane. Because as Dick says, it may not be a security product that is hacked, it may be something simple to disrupt companies or peoples lives. 

 

We advocate (and deploy) AES encryption techniques at every level, it should be a standard requirement. Period.

 

The implications of a security breach or published weakness cannot be underestimated and if you cannot update your software remotely then the impact on the end user, installer etc are immense. Just look at the security updates you get for your PC, MAC or firewalls as an example. Imagine if Microsoft could not remotely update their software, there would be queues for miles outside PC world etc for updates. Hence we have always deployed flash upgradeable equipment.

Jim Carter

WebWayOne Ltd

www.webwayone.co.uk

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept