Dangerous vulnerabilities have been discovered in network-connected alarm systems by British penetration tester, Andrew Tierney. UK market leader CSL DualCom sell these alarm systems.
The flaws are related to poor encryption, updating requirements, clumsy physical firmware updating requirements, and a poor security design. Tierney advised the company that the threats are over-stated or not within the risk model of the product.
The CSL DualCom GPRS CS2300-R alarm signalling boards are vulnerable to interference and signal spoofing due to poor communications protocol.
“I cannot stress how bad this encryption is. Whoever developed it doesn't even have basic knowledge of protocol design, never mind secure protocol design,” said Tierney.
The bugs include improper authentication (CVE-2015-7285), busted crypto (CVE-2015-7286), duplicate and default credentials (CVE-2015-7287) and an undocumented SMS command (CVE-2015-7288). A more detailed list of flaws can be found in Tierney's paper, CSL Dualcom CS2300-R security analysis.
“I suspect further investigation would result in more issues being found, some of which may be of a serious nature. However, of largest concern is that the product doesn't seem to meet the standards it is claimed to,” concluded Tierney.