Jump to content
Security Installer Community

Multiple Serious Vulnerabilities In Rsi Videofied's Alarm Protocol

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

cybergibbons Newbie

cybergibbons

Posted
Posted

As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

 

 

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

datadiffusion Newbie

datadiffusion

Posted
Posted

SD1 dialler


As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

 

My impression of RSI is that they have a team of about 2 people in the UK

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

How much other gear is insecure?

 

Who knows. As you all told me, who cares about the RF side. Look at the signalling side. I started and it's not good. Risco, Visonic, CSL and Videofied have all attempted to go further than SIA etc. and they have made massive errors.

 

What I don't get is how badly broken it is. These are not subtle issues - the Videofied work took me less than 3 hours from start to finish. I spent more time trying to contact them and writing the blog post than actually doing the work.

 

I gave up on the UK side and tried the French and US contacts, still nothing. It took CERT to get them talking.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

skywalker Newbie

skywalker

Posted
Posted

As per the subject, I found multiple serious vulnerabilities in RSI Videofied's protocol:

 

http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/

 

This means it is trivially easy to spoof alarms from other panels.

 

RSI Videofied have not been communicative. Supposedly they have deployed a fix, but I have not been shown what this fix is. They have had 4.5 months to respond so far.

 

I would strongly recommend if you use their panels to ask what they are doing to fix this.

you should plan a high profile heist...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept