Comcast XFINITY Home Security System Insecure Fail Open
Good example to demonstrate the importance of merging IT security and physical security to produce reliable products.
Subscriber Discussion
Comcast XFINITY Home Security System Insecure Fail Open
Brian Karas
Jan 06, 2016I saw that this morning also. IMO it's more about the liabilities of wireless and unsupervised zones.
KA
Konstantin Avramenko
Jan 06, 2016IMO it's more about the liabilities of wireless and unsupervised zones.
IMO it has to be either covered on the product level or on the installation stage. In both cases it means understanding of IT security by developer of home security system or installer.
Brian Karas
Jan 06, 2016But this isn't really an IT kind of exploit. It's jamming of the Zigbee protocol, and the fact that the receiver/base station apparently doesn't supervise the zones and report a fault when communications are lost. These are (IMO) classic wireless security weakpoints that have existed long before Zigbee and IP enabled panels.
This is not an exploit that incorporates any kind of classic "IT" components/devices/etc. You couldn't fix this with a firewall or traditional IT-security style patch.
KA
Konstantin Avramenko
Jan 06, 2016Then let's add wireless security to the list. I used to treat it as a part of IT security but agree that probably it is better not to.
U
Undisclosed #1
Jan 06, 2016KA
Konstantin Avramenko
Jan 06, 2016Let me clarify my point. When company hiring an IT consultant or an integrator to install/deploy an IP network, server(s) etc it means that they will indeed be looking for the certified professionals like (CCNP) Cisco Certified Network Professional, (JNCIE-ENT) Enterprise Routing and Switching, Expert or at least CompTIA Network+ (there are hundreds of certifications for different systems etc. and I listed just several as an example). In case the need is security related then it can be CompTIA Security+, (GSEC) GIAC Security Essentials or (CISSP) Certified Information Systems Security Professional. If we talk about a wireless network then (CWTS) Certified Wireless Technology Specialist, (CCNP Wireless) Cisco Certified Network Professional Wireless or (JNCIS-WLAN) Juniper Networks Certified Specialist Wireless LAN.
Modern security systems are often IP based, needs in network equipment, servers, workstations, includes wireless devices, web and mobile access and so on. And I believe that customers should request the same level of IT (in general) professionals from the security system integrators.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions