Was researching getting the Quolsys panel a ways back but wanted to wait till the 2GIG GC3 panel came out. Apparently it is out now. In googling around I discovered this thread http://suretydiy.com/forums/topic/2gig-gocontrol-hacked-and-disabled/ on the vulnerabilities of the 2gig panels. Has this issue been resolved?
My understanding is that it was never fixed.
Basically all Linear did is issue some PR doublespeak release and call it a day (e.g., enable jamming detection, and “We believe that the Go!Control system provides protection against hackers as good or better than any security system in the market”, and simply did not at all address Lamb’s vulnerability, which implicitly states the jamming detection ability of the panel wont alert/stop the attack). the GC, GC2, Go2.0/Skypanel, and GC3 all use the same unencrypted Honeywell communication protocols described in the attack.
Pretty much the same line that Comcast is using at the moment in regards to their (ZigBee-based protocol) vulnerability (e.g., “system provides protection against hackers as good or better than any security system in the market” BS. it is always someone else’s fault and responsibility to fix, and then they just circle jerk each other till everyone forgets).
July 28, 2014
2GIG Customer:
As noted in a recent article, there are devices that can potentially be used by skilled hackers to jam residential security systems causing false alarms or other problems. The 2GIG Go!Control panel was mentioned in that article. These types of stories seem to arise about once a year in conjunction with a hacker’s conference and are typically generated to get a hacker attention they crave sometimes through overstatement.
Security systems are designed to create levels of deterrence. The balance between ease of use and deterrence is part of the decision making process between the user and the professional security service provider. The Go!Control security panel includes in the programming several deterrence features including a robust jamming detection feature to combat the type of attack described in the article. If enabled, the jamming detection feature detects the presence of a constant interfering signal for more than a set number of seconds and will create a tamper notification. All Go!Control panels ship with this setting disabled by default, leaving it to the installing company to enable if they deem it appropriate for the location. If customers want to enable this feature after installation, it can also be enabled remotely through the backend provider.
In the case where a more sophisticated attack method is used to interfere with transmission of proper data packets, the Go!Control system is designed to transmit a series of individual and complete transmission packets increasing the difficulty of interfering with all signals sent by the sensor. The more sensors that are tripped by the intruder the less likely it is that the transmission interference will succeed in suppressing all signals. It only takes one signal to set off the alarm.
Linear Corp is committed to providing high-quality, secure systems to its customers and continually looks for ways to improve the security or our Go!Control security system. We believe that the Go!Control system provides protection against hackers as good or better than any security system in the market. In fact, Go!Control’s unique ability to remotely update the system firmware allows us to implement fixes for systems that are already installed in homes as new threats arise.
Regards,
Duane Paulson
VP, Product and Market Development
Pretty much the same line that Comcast is using at the moment in regards to their (ZigBee-based protocol) vulnerability
In case I forgot to mention, Qolsys uses the ZigBee based protocol for their passive infared motion detector Sensor (Image Sensor). I have no clue whether or not this aspect of Qolsys system is vulnerable to the ZigBee based hack or not.
Just thought I would put it out there.
Qolsys only uses the optional 915 mhz frequency Zigbee for the Image Sensor. It doesn’t support Zigbee for automation.
Zigbee uses an optional 900Mhz range but is primarily in the 2.4ghz range like home wifi.
Do you know which the zigbee hack you are referencing specifically targets?
Zigbee uses an optional 900Mhz range but is primarily in the 2.4ghz range like home wifi.Do you know which the zigbee hack you are referencing specifically targets?
ZigBee 2.4GHZ protocol is flawed
Researchers at Black Hat and Def Con warned about security flaws in Internet of Things devices using the ZigBee [2.4GHZ] protocol, leaving Philips Hue light bulbs, smart locks, motion sensors, switches, HVAC systems and other smart home devices vulnerable to compromise.
The [Xfinity] system uses a ZigBee-based protocol to communicate and operate over the 2.4 GHz radio frequency band. All a thief has to do is use radio jamming equipment to block the signals that pass from a door, window, or motion sensor...
Thieves can purchase radio jamming equipment on eBay or make their own with about $130 in parts and do-it-yourself instructions published on the internet.The Xfinity system’s security issue is just another in a long line of common security issues in Internet of Things devices.
The same flaws likely do not carry over to a different band. Any info on 915?
Any info on 915?
I don’t know. They say it is a ZigBee based protocol flaw, Xfinity/IoT/iris/Qolsys (just to name a few) operate on ZigBee 2.4GHZ. It definity affects that band. I have no other info on any other ZigBee bands.
The flaw might affect all bands, but since most ioT/ZigBee devices use 2.4GHZ, perhaps that is what they are focusing on.