Home / Internet of Things (IoT) / Internet of Things Vulnerability in Security Alarm

Internet of Things Vulnerability in Security Alarm

Few days ago, I posted an article about some vulnerabilities that happened in 2015.

As IoT has been a hot topic, small things have been forgotten from the part itself. When everyone is overwhelmed by what IoT can do, they seem to put the security aside.

PAUL DUCKLIN. Every time we talk about the so-called Internet of Things on the Chet Chat, we get rather woeful tones in our voices, don’t we? It does seem that security [takes] second place, if it’s on the list at all.

Luca Lo Castro feels awkward to start his blog in such a way where he took a look on security alarm system and the perception of security. He tested the security alarm he bought based on European Standard EN50131

He tested Security Alarm called Texecom which offers high level security in Grade 3 based on European Standard EN50131.

Grade 3 itself isn’t quite that high, but it covers places such as bonded warehouses, mobile phone shops, computer suppliers, and motor garages: locations with high-value contents where crooks are “likely to spend time planning an intrusion,” and will bring along electronic tools such as laptops.

texecom

Unfortunately, Luca was let down by finding out that their ComIP module because He found it not secure at all.

He found that:

  1. The alarm can be connected to the internet.
  2. The alarm can “call home” to the vendor’s cloud servers to log status information, such as when an alarm goes off.
  3. The alarm’s companion mobile app can receive reports from, and send commands to, the alarm itself.
  4. The alarm’s companion mobile app can receive reports from, and send commands to, the vendor’s cloud servers.

The worrying aspects that He reports are as follows:

  1. The vendor’s documentation recommends opening a firewall port to allow direct access to the alarm from the internet.
  2. The alarm “calls home” using neither encryption nor authentication.
  3. The mobile app communicates with the control panel, including sending the password, using neither encryption nor authentication.

You can read full review of his research here because he already explained it in detail.

Luca advised to anyone who’s using Texecom to not to open any firewall port to the control panel. A workaround to remote control the alarm system using the mobile app is to create a VPN connection from the mobile device to the local network where the control panel is installed and then run the Texecom mobile app.

source: nakedsecurity

About Girly Saputri

Girly is a Content Marketing at Eyro Digital Teknologi, Ltd. She is also a copy writer and likes cheeseburger. She writes about iBeacon and its implementation. You can find her on LinkedIn as GirlySaputri.

Check Also

internet-of-things-trends-in-mobile-banking-1

Internet of Things Trends in Mobile Banking

Banking is somewhat taking part of our lives. It is getting more convenient and easy ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>