Jump to content
Security Installer Community

How secure is the texecom?

homesecure

By homesecure
in !!..DIY Installers..!!

 Share

Recommended Posts

homesecure Newbie

homesecure

Posted
Posted

Hi everyone,

 

I was just looking up some information on texecom, when I came up with this website:-

 

http://www.theregister.co.uk/2015/12/31/iot_alarm_crypto/

 

It states the a security expert believes the alarm is open to hack attacks when you leave the port open for your router.  But this is what texecom advise the owner to do:-

 

"To be able to remote control the alarm system remotely, you open a firewall port in the router and do a port forwarding to the internet. But this allows the mobile app to directly connect to the ComIP module over an unencrypted connection, Lo Castro discovered.

Using WireShark, he said he had discovered that data traffic between the mobile app and the control panel is done in clear text or encoded to BASE64. That means potentially confidential information like the alarm control panel (UDL) password, device name and location are exposed"

 

What can you guys advise?

 

Thanks

Link to comment
Share on other sites
  • Replies 21
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

homesecure Newbie

homesecure

Posted
  • Author
Posted

I was also surprised by texecom's reply.  With criminals always looking for different ways of making money, what's to say that your average burglar won't have some knowledge of network hacking?

 

I just hope that there is a way of securing it as this is a worrying article.

Link to comment
Share on other sites
sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

This only affects systems with the COM-IP or COM-WiFi and therefore ONLY customers who use the Texecom app.

There is an Encrypted UDL option but it is not compulsory.

 

I would advise not using any app to set your alarm system or alternatively use a VPN connection if you wish to use the app.

Link to comment
Share on other sites
homesecure Newbie

homesecure

Posted
  • Author
Posted
23 minutes ago, sixwheeledbeast said:

This only affects systems with the COM-IP or COM-WiFi and therefore ONLY customers who use the Texecom app.

There is an Encrypted UDL option but it is not compulsory.

 

I would advise not using any app to set your alarm system or alternatively use a VPN connection if you wish to use the app.

 

Thanks.  I have a com ip and do want to use a mobile app.  But I've got to say that I'm baffled that texecom, an advanced international company, rather than fixing the problem,  is advising customers to simply ignore the vulnerability the alarm has. 

Link to comment
Share on other sites
sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

It's all dependent on the risk, it's unlikely that IP is an attack point for a domestic system at the moment.

While I agree security should be at it's best it's likely any burglar will storm in smash stuff to bits and take what they want before you even know what's happened.

I would never recommend setting a system via an app but it's what customers want and that's why it's provided as an option.

Link to comment
Share on other sites
PeterJames Experienced

PeterJames

Posted
Posted

Opening a port on your router can be a risky, but firstly the burglar would need to know that you have a texecom alrm system, secondly he would need to know a fair bit about hacking, I do know someone who can do it, but he makes enough money not to have to turn to crime. At the end of the day it is all about risk, if your house is full of valuables and is well known for it, then dont use a Texecom panel with the app. If your house is average domestic with the average stuff inside, then I would not worry too much most average burglars wont be hacking your network for drug money. But if you are that bothered there are panels with apps that do not require you to open ports on your router 

Link to comment
Share on other sites
sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

Opening ports is not the issue IMO it's allowing unencrypted connections within the setup of the app.

The COM-IP is very basic so I doubt it's possible to use to pivot attack.

 

When you open a port you increase your attack surface but it doesn't necessarily make you more vulnerable.

I recall a similar discussion a while back and layers were mentioned, all security should be in layers and not just on the web.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept