Alarming security
-
Multiple serious vulnerabilities in RSI Videofied’s alarm protocol
RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alar…
RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alarm is triggered. This is called video verification. They are frequently used on building sites and disused buildings.
They send data over either GPRS (mobile) or IP. Whilst reverse engineering as part of competitor analysis for a client, I found a large number of vulnerabilities in the protocol they use to communicate. In summary, the protocol is so broken that it provides no security, allowing an attacker to easily spoof or intercept alarms.
Oops.
-
I found a large number of vulnerabilities in the protocol they use to communicate. In summary, the protocol is so broken that it provides no security, allowing an attacker to easily spoof or intercept alarms.
Sounds like an average day in the automation business.
Filed under: RS-232 over Internet
-
Well, duh. Having no security is the norm today. It's hard work at no extra benefit.
In a world without building codes, don't be surprised if a cheap house falls down.
-
"Cybergibbons Limited
Reverse engineer, hardware hacker, security analyst, lock picker, heist planner.
Definitely not involved in the Hatton Garden job."
-
send videos [...] over GPRS
The good news is that when the security company finally gets the video, time travel will have been invented so they can call the police to stop it.
-
Whilst reverse engineering as part of competitor analysis for a client, I found a large number of vulnerabilities in the protocol they use to communicate.
Don't tell them what you found, whatever you do, or they'll prosecute you for trying to hack their system.
-
@flabdablet said:
They send data over either GPRS (mobile)
The good news is that when the security company finally gets the video, time travel will have been invented so they can call the police to stop it.
One of our product demos I did used M-JPEG (320x480) over 2G GPRS. You have to keep the frame rate and quality rather low but it works just fine (~80 Kbps).
Most places seem to be 3G/4G covered these days so a packet service on that would give you quite nice video.
