Jump to content
Security Installer Community

Csl Dualcom Cs2300-R Vulnerabilities

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

james.wilson Mentor

james.wilson

Posted
Posted

id of thought that security on a security signalling device is pretty damn important

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

id of thought that security on a security signalling device is pretty damn important

Me too.

This is the thing though - it keeps on getting back to "is it being exploited". I have no idea. Neither do CSL.

But fundamentally, the device doesn't comply with the standards it claims to.

How many of you know the PIN that secures the SMS functionality on Dualcoms in your estate?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Dick Newbie

Dick

Posted
Posted

technically its down to installer as thats the final cert issued

All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment.

  • Downvote 1
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

All things being equal yes, but this has to be different from now on in. It is only the beginning too where security is concerned if we go down the route of the ever popular automated equipment.

There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer.

 

As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

I'm still really confused about CSL's product lines.

 

I looked at units that are marked CS2300-R. CSL claim there are only 600 of these in the field.

 

But then this box: http://www.ebay.co.uk/itm/272052537074?ru=http%3A%2F%2Fwww.ebay.co.uk%2Fsch%2Fi.html%3F_from%3DR40%26_sacat%3D0%26_nkw%3D272052537074%26_rdc%3D1

 

That is a G4 Gradeshift with a Worldsim - marked CS2300-R...

 

Surely there are more than 600 of these?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Dick Newbie

Dick

Posted
Posted

There has to be a chain of trust. I think it is wholly unreasonable to except an installer (or installation company) to evaluate each and every product they install. They need to trust either the test house, or the manufacturer.

 

As more and more devices get connected to the Internet, this will be more important. I've only briefly looked at Risco, Visonic, and Videofied Internet connected gear, and they all had serious issues. Some companies are getting security experts involved at the design stage now though.

Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained.
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

Agreed, but the trust is being tested as technology moves on and largely away from what installers have been used to for many years. There is now another 'breed' in the mix of security and these guys are, on occasions, failing at the first hurdle to make the hardware secure via inadequate software programming. Companies using independent certified security experts to give their equipment a seal of approval should be the only way forward now if trust is to be maintained.

 

Ask the question to Redcare, Emizon or WebWayOne - have you been pentested?

 

We already know what one of them will say.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Dick Newbie

Dick

Posted
Posted

Ask the question to Redcare, Emizon or WebWayOne - have you been pentested?

 

We already know what one of them will say.

What, and take your fun away, never!! I've stayed away from 'this' technology on purpose waiting for this day of reckoning. Whichever the way you look at it it'll only get worse, or more entertaining, before it gets better.
sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

That is a G4 Gradeshift with a Worldsim - marked CS2300-R...

 

Surely there are more than 600 of these?

 

I guess it depends on what your calling CS2300-R.

 

Take your ebay example this shows a "CS2300-R" but the product part number is CS2412.

 

It doesn't seem easy to tell which products your vulnerabilities relate to from these CS numbers.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept