Researcher criticises 'weak' crypto in Internet of Things alarm system

Found on The Register on Friday, 01 January 2016

Luca Lo Castro said he had come across shortcomings in the encryption of communication after buying Texecom’s Premier Elite Control Panel and ComIP module and assembling it.

An independent expert in alarm security, quizzed by El Reg, acknowledged this as a security shortcoming while suggesting it would be beyond the capability of most would-be burglars with access to no more than basic electronic tools like wire strippers, a multi-meter, and crocodile clips.

Our independent alarm security expert tells us that much of the physical security market is a long way behind best practice found in information security. And the problem is exacerbated because alarms are designed to be installed and last 10 to 15 years. That means a lot of legacy products, compared to the two to three year product lifetime we are seeing on general IoT products.

In 10-15 years, many of the companies who run in the IoT game today won't exist anymore and leave the customer vulnerable. To avoid this, a law could require to open source the software on the device after e.g. 3 years, and that every device has a standard access port. That way, even after a company vanishes, others could pick up the project and plug holes.

Browse all articles« Previous « » Next »