Agreed

 

Stayed away from what technology?

 

Problem is, neither CSL or Intertek are going to openly say "The CSL CS2300 board testing to EN50136 had some parts self declared, including the encryption and substitution protection".

 

Testing the boards to the depth I tested them would cost between £10k and £20k. That's about one third of the cost of testing again. If you wanted the problems fixed, and needed in-depth advice, add another £5k at least.

 

I don't know if WebWayOne want to pass comment on the self declared aspects of standards testing?

 

Interestingly, since the research went live, two separate people have contacted me to talk about integrating the CSL protocol into panels. They were both shocked at how basic the protocol was, and how bad the documentation was.

I'm still finding it odd how little has been said by CSL. The post has far exceeded the traffic generated by Heatmiser vulnerabilities.

I would hope it was viewed more than a heating controller. Its a bit more serious. I suppose at some point it will be taken up by mainstream media?

The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough.

CG how old was the unit you tested, CSL upgraded lots of ours earlier this year

The Guardian were going to run it, but then CSL claimed it was only 600 units. Not big enough.

How would one verify that?

are there any dates on the versions you have or a list of firmware release dates?

CG how old was the unit you tested, CSL upgraded lots of ours earlier this year

 

Earliest 2009, latest 2013.

What did they upgrade them to?

So 2013 firmware was in your report?

How would one verify that?

 

Almost impossible as a third party. As of April 2015, the latest firmware they had available for download suffered from these issues. They don't provide any release notes or changelog, so really hard to tell.

So as of April 2015 your findings are valid?